Signal’s president reveals the cost of running the privacy-preserving platform—not just to drum up donations, but to call out the for-profit surveillance business models it competes against.
The encrypted messaging and calling app Signal has become a one-of-a-kind phenomenon in the tech world: It has grown from the preferred encrypted messenger for the paranoid privacy elite into a legitimately mainstream service with hundreds of millions of installs worldwide. And it has done this entirely as a nonprofit effort, with no venture capital or monetization model, all while holding its own against the best-funded Silicon Valley competitors in the world, like WhatsApp, Facebook Messenger, Gmail, and iMessage.
Today, Signal is revealing something about what it takes to pull that off—and it’s not cheap. For the first time, the Signal Foundation that runs the app has published a full breakdown of Signal’s operating costs: around $40 million this year, projected to hit $50 million by 2025.
Signal’s president, Meredith Whittaker, says her decision to publish the detailed cost numbers in a blog post for the first time—going well beyond the IRS disclosures legally required of nonprofits—was more than just as a frank appeal for year-end donations. By revealing the price of operating a modern communications service, she says, she wanted to call attention to how competitors pay these same expenses: either by profiting directly from monetizing users’ data or, she argues, by locking users into networks that very often operate with that same corporate surveillance business model.
“By being honest about these costs ourselves, we believe that helps provide a view of the engine of the tech industry, the surveillance business model, that is not always apparent to people,” Whittaker tells WIRED. Running a service like Signal—or WhatsApp or Gmail or Telegram—is, she says, “surprisingly expensive. You may not know that, and there’s a good reason you don’t know that, and it’s because it’s not something that companies who pay those expenses via surveillance want you to know.”
Signal pays $14 million a year in infrastructure costs, for instance, including the price of servers, bandwidth, and storage. It uses about 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year. The biggest chunk of those infrastructure costs, fully $6 million annually, goes to telecom firms to pay for the SMS text messages Signal uses to send registration codes to verify new Signal accounts’ phone numbers. That cost has gone up, Signal says, as telecom firms charge more for those text messages in an effort to offset the shrinking use of SMS in favor of cheaper services like Signal and WhatsApp worldwide.
Another $19 million a year or so out of Signal’s budget pays for its staff. Signal now employs about 50 people, a far larger team than a few years ago. In 2016, Signal had just three full-time employees working in a single room in a coworking space in San Francisco. “People didn’t take vacations,” Whittaker says. “People didn’t get on planes because they didn’t want to be offline if there was an outage or something.” While that skeleton-crew era is over—Whittaker says it wasn’t sustainable for those few overworked staffers—she argues that a team of 50 people is still a tiny number compared to services with similar-sized user bases, which often have thousands of employees.
read more: https://www.wired.com/story/signal-operating-costs/
archive link: https://archive.ph/O5rzD
You must log in or register to comment.
Of all the services asking me for a monthly fee. $5 for a non-profit private communication tool is a no brainer.
We need a lemmy version of signal
That’s Matrix. End to end encrypted, decentralized, and open source.
Bridging opens it up to other services as well, like how Pidgin/Adium/Gaim used to work.
I find it amusing they don’t accept donations via their own cryptocurrency 🫠
Lol
WhatsApp’s initial monetization model was pretty good. Free for the first year, $1/year after that. With 400 million users, that’s a lot of money.
Signal has 50 million, but could cover their costs for $5/year per user, I’m sure, assuming not all users would pay.
They had 40 million users in 2021, so a dollar a year would cover the costs.
If the dollar fee of Whatsapp teaches us anything is that any tax you put on your app hinders adoption.
Whatsapp intended to do that but ended up scrapping the tax for various reasons. One of them was to keep the existing user base (they have existing customers lifetime use for free when they brought out the $1 idea). Another was the fact that in some populous regions of the world credit cards weren’t common (like India) and they’d rather have lots of users there.
Bottom line, the $1 Whatsapp is even more elusive than the WinRar license and I’ve never personally heard of anybody who ever paid it.
My dad paid for it for himself, for me and for my mother, this made a lot of sense bc in Spain, in the pre-messaging app era, sms were like 5-20cents each in most tariffs.
It was getting to the point where it wasn’t uncommon for an average joe to just ask their friend who’s using whatsapp how to pay for it so he can have it too(many ppl had never bought anything online so they needed help)
However things are different now, there are tons of free messaging app alternatives out there, ppl would rather change to another free one.
I’m glad that Signal choose to be transparent about its spending instead of hiding it from obscurity.
Hiding from obscurity? 🤔
There’s something kind of funny about one of the largest expenses being SMS and voice calls to verify phone numbers when one of the largest complaints about signal is the phone number requirement. I wonder how much this cost factors into them considering dropping the phone number requirement.
If they drop the phone number requirements, you will get spam, a lot of spam. Much more than now.
Because there are no other possible verifications apart from phone numbers? Do you open a bank account with your phone number, because it’s the only way?
What would you think would be an appropriate alternative to easily verify chat accounts that’s cheaper than validating phone numbers?
Use a 3d face scan, but only send the hash over the net. Can double for account recovery (when user has no email or something)
Where would one get a 3d face scan from? For my part, I don’t have a scanning rig set up anywhere.
That’s a joke right?
If not: It does not matter what hash I send, because it’s cryptographically impossible to tell what the hashed thing is. That is the whole point of a hash.
Also: sending a hash over the network instead of a password or whatever the source material is would be a bad practice from security perspective, if not a directly exploitable vulnerability. It would mean that anyone that knows the hash can pretend to be you, because the hash would be used to authenticate and not whatever the source material is. The hash would become the real password and the source material nothing more than a mnemonic for the user. Adding to that: the server storing the hash would store a plaintext password.
The point is to protect your face data, the hash IS the password, but you don’t want people to be able to tell how you look like by sending the raw images of your face over the net
That would do nothing to validate that the user is real, they can just insert any hash and claim it’s their face’s hash. At that point we can just use regular passwords, but as I said that won’t solve the spam Accounts issue.
It would mean that anyone that knows the hash can pretend to be you, because the hash would be used to authenticate and not whatever the source material is.
Guess what happens to passwords themselves? Same thing, but user can’t just add nonce. Replay attacks are super easy to mitigate and hashing makes it easier.
Not saying that biometry authentication isn’t shit for security itself.
Honestly, I’m not sure what you are talking about. Could you elaborate more?
Are you implying that sending some hash is better than sending the secret and let the server deal with it?
Video call, email, other verificated factors.
So do you think this is the only option available?
You think a verification via a video call is cheaper than SMS…?
That’s not to mention the potential concerns that would arise around the possibility of signal storing (some portion of) the video…
Nope, just saying phone numbers are far from the only option. And if telcos are price gauging you should look at the alternatives.
No you’ve complained and insinuated there are plenty of other solutions that the world class team at Signal, literally the preminent experts in their field, chose not to use - and then offered to some truly next level terrible options.
Nope, just saying phone numbers are far from the only option.
What would you think would be an appropriate alternative to easily verify chat accounts that’s cheaper than validating phone numbers?
It’s the cheaper portion that’s the issue. There are “other options”, but they’re not cheaper and/or they have their own issues.
I didn’t touch the email case because email addresses can be so rapidly created (even out of thin air via a catch all style inbox) there’s nothing to it.
Video call is expensive, and frankly, if I’m gonna sign up at a private service, I’m not going to make a damn video call.
Email is not enough to go against spam. Email addresses are basically an Infinite Ressource.
Other verified factors are nothing concrete. Sure we could all use security hardware keys, but what’s the chances that my mom has one?
Other verified factors are nothing concrete. Sure we could all use security hardware keys, but what’s the chances that my mom has one?
PKI doesn’t require hardware keys
True, but it’s not exactly User friendly too, right? If not, tell me. I’ll be happy.
So you do think that phone numbers are the only way to verify the person? This is just stupid. There are enough, like IDs or stuff like that. If you don’t want that, that’s a totally different story.
Jesus Christ you Linux people never learn… It’s 👏 about 👏 ease of 👏 use.
If they wanted it to be a pain in the ass and for nobody to use they could put on a ui on top of pgp and call it a day.
It’s a bad problem no? Combatting “spam” Accounts while balancing privacy.
Personally, I don’t want to give them any more information than is really necessary.
I’d be ok with a credit card verification or so something like that, even if still uncomfortable for me, but I hear it reduces a lot of spam.
But then that would make people confused and make them run away when the app seems to be free and now is asking for a credit card validation… it’s too strange.
Anyway I never got a single spam message on signal from all the years I use it, so not sure how others view the problem or even if it is a problem.
Make phone numbers optional and add a setting to allow/forbid accounts with no phone number to message you. I bet phone numbers have zero effect on the level of spam.
I’ve been using signal since forever. Recently when there was a big exodus from Whatsapp because of their changed data policies was the first time I felt an impact with response time in the app etc. I immediately set up a regular donation. A few months later they came out with there cryptocurrency scheme I decided I won’t be funding any cryptocurrency so I cancelled my donations. I trust signal on the technical side implicitly. But they have lost my trust in the business side :/
Session, a fork of Signal, is better because as far as privacy goes as you don’t have to download it from a store that violates your privacy. Just go to the offcial site and download the apk.
I really only use matrix/element I just was just shocked they’re paying 6 mil a year for phone verification and they aren’t completely underwater
This is the way. Matrix rocks
I prefer XMPP. Same thing, but lighter and easier to host.
I’ll look into it, thanks
Can we really call a business nonprofit if they pay their CEO 5.7 million a year? Over 10% of operating costs going to one employee? That’s fucking insaneEdit - incorrect information
The most secure and privacy respecting chat app doesn’t develop and run itself.
CISO and developers in that field earn into the millions, and Signal is competing with the top dogs here (MANGA). There pay is ridiculously modest.
