This is a very rude question, but on this subject of being lean, I looked up your 990 and you pay yourself less than some of your engineers.
Yes, and our goal is to pay people as close to Silicon Valley’s salaries as possible, so we can recruit very senior people, knowing that we don’t have equity to offer them. We pay engineers very well. [Leans in performatively toward the phone recording the interview.] If anyone’s looking for a job, we pay very, very well.
So, I googled their tax filing out of curiosity. It’s true that Meredith pays herself much less than her engineers, which is great. What I was rather shocked to see is that they pay their software developers enormous salaries. They’re listing developers making over $400,000 per year, with their VP making over $660,000 per year. Now, I’m all for the value-creators making more money than the CEO. I just had no idea that software developers make that kind of coin. I was thinking of donating to Signal, but I’m kind of weirded out by those astronomical salaries.
That’s inline with Silicon valley salaries. Basic houses cost 2mil there, so it’s not completely outrageous.
As an example, openai pays all its engineers 300k flat+500k/yr in some stock based asset. Another example is Netflix, who are notoriously a very fickle employer, but salaries start in the 400k range and go up from there.
Yes, the article makes the point that Signal needs to compete for talent with the rest of Silicon Valley. I get that. And we’ve all heard about the nearly unfathomable amounts of money that tech companies throw around. When you break it down to individual salaries, though, and see that even normal people in normal jobs are making a million dollars a year between salary and stock… well, I think it really exposes the spectacular wealth inequality that we have allowed to fester. I mean, sure, shelter costs may be high in Silicon Valley, but the cost of other goods remain about the same. A $50,000 truck that an average person in Nebraska might have to save for years to afford is barely a rounding error for folks making a million a year. I’m no economist, but it does seem like there are consequences for this kind of ever-growing wealth inequality.
It is also absurd on its face for a multi-millionaire developer to place a “Donate Now” button in an app and talk about being a non-profit to tug at the heart strings of people who make one-tenth of what the developers are making. It’s feels like Scrooge asking Tiny Tim for a donation.
Anyway, I don’t blame the developers for this absurd situation, and I do appreciate Signal, and Meredith is clearly a cool person who is fighting the good fight against big tech surveillance. But every once in a while an article like this reminds me how deeply fucked up the world is. It seems we are approaching pre-French Revolution levels of economic disparity, and maybe it helps explain why so many working class people are pissed off.
I cannot WAIT for the inevitable market correction on SWE salaries. Entitled bastards.
Not all SW devs make that kind of money. I don’t live in Silicon Valley, and I make significantly less than that amount. I could probably get a job there making somewhere north of $300k, but my expenses would go through the roof and I’d be stuck in SV traffic all the time, no thank you. I get paid well, but less than half what Signal is paying.
My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.
You can use a username only for finding and adding friends, you only need the phone number to create an account. That’s probably because Signal started as an alternative to Messages (or whatever it was called back then), so you could send SMS if you wanted, or secure messages to friends w/ Signal. The whole point was to be a gentle transition from SMS to private messaging. However, they eventually dropped the SMS feature, but it seems they kept the phone number as username thing.
It kind of sucks, but I think that’s a reasonable limitation since the vast majority of people using this service will have a phone number. You could probably even sign up for a free trial of something (e.g. Google Fi) to sign up for Signal, set up the username, and then drop the phone number service. I don’t know if there are any problems with this, but I don’t think they do anything with your phone number after everything is set up.
I think another reason they use a phone number is that it can mitigate issues with people or bots creating hundred of accounts maybe
But there are plenty of other services that don’t require a phone number that also seem to mitigate that issue, so while it may be a convenient option, it’s hardly the only option.
Yeah. And I don’t fault them for this route. I just with I could sign up without a phone number. Maybe the username thing is a predecessor to allowing usernam-only registration in the future.
Yeah, hopefully. It would also be awesome to have a web login so I could access messages and whatnot when using someone else’s computer w/o having to install something.
I don’t know what direction they’re going, but I’m honestly okay with the caveats that currently exist.
Having web logon would mean they would need to hold the decryption key in some form (or have a weak decryption key, your credentials), so, while convenient, I think it would degrade security and possibly privacy. Unless you mean to receive new messages, the way the desktop app works?
deleted by creator
I can’t tell if you’re joking haha
Why would they be joking? There’s really not a big difference between how their mobile and desktop apps work and what’s possible in the web. It can fetch the keys from my computer or my phone just like their other apps work, and store the keys and whatnot encrypted in temporary local storage, just like on the phone. WebAssembly could allow them to share the code and retain similar performance.
I honestly don’t see an issue here. If they need help, I’d be happy to lend a hand.
deleted by creator
I’d be more interested in allowing more than one Android device at a time like MySudo. They let you link Windows with a phone so I wouldn’t think it would be too hard to implement.
Big concern with your number being recycled and a new user receiving the signal activation key on that number.
You need to enter your Signal Pin, otherwise you will get removed from all groups etc
Sure, and I think that would send a message to all of your contacts that a new account is using that number, but I’m honestly not sure. If you have an active account (i.e. on a desktop or something), I think you can just change your number if that happens (i.e. get another temp number).
It’s certainly more convenient if you use a longer-term number, but I think it’s feasible with a throwaway number. Once your account is set up, Signal doesn’t need your number for anything if you disable publishing that.
It does send a “your safety number has been updated with user” message. But not as an automated message. Only when a new signal thread is started.
Haven’t tried when only logged in to desktop and changing devices / numbers so I can’t speak to that.
Another issue with phone numbers is that it makes it easier to censor - from what I heard, in Iran the confirmation SMS just would not arrive, making rentals the only option (thus making you risk your account being deleted by the new owner).
My personal biggest issue with Signal, though, was the inability to register from the official desktop client. They were pushing to register on mobile instead. There are ways around it, like Signal-Cli (what I used) and Android VMs. However, the fact that they push people onto mobile at all is worrying, because phones are much harder to make private (while you can install Linux onto pretty much any given laptop/desktop, only certain phones are compatible with alternative OSes, and mine wasn’t so I could not trust it with my chats).
Hmm, I guess then you’d need to get a VPN that works in your country (not sure how hard that is in Iran) and find a VOIP service that either doesn’t require any payment, or accepts payments from Iran.
It’s certainly not ideal, and I wish they’d eliminate the dependency on phone numbers, but until then, there are options for most people to create an account w/o having a permanent number.
You can use Monero for payment, I started doing this ever since sanctions began. Free services are not really viable because they’re far more likely to have all their numbers already used up.
But yea, the overall point is that it is a large inconvenience and a possible point of failure (the next number user deleting the account).
Yeah, it’s certainly problematic, and I’d very much prefer that it not have that dependency. But I think it’s still worth using Signal despite needing a number, because it’s a really low barrier to getting new users on it.
If you want something truly private w/o the dependency on a number, there are better options, such as SimpleX. However, the barrier to entry there is a bit higher.
I have a few problems with Simplex (I worry about it being effectively centralized for now and that the VC funding may get it to either enshittify or stop development)… But I do use it quite a bit and even have the servers (which were very easy to set up and don’t consume a lot of resources). I like a lot of what it does (including being very easy to use), and hope it succeeds as it matures!
Google is a very bad choice because it requires a phone number on its own. Also heard that there may be additional KYC.
Are you suggesting you need a phone number to get a phone number from Google Fi?
And yeah, it’ll definitely to KYC, because that’s a federal regulation. My point is that you don’t need the number long-term, so the number will only be associated with you for like a week while the trial period lasts. So sign up for Google Fi trial, create a Signal account, then cancel the trial. That sounds pretty reasonable to me.
Yea. Don’t you need a Google account first to use such a service? Those do need phone numbers to register.
And also KYC is unacceptable in this case, imo. If the number is needed only for a short time, there are similar, non-KYC options like what you would find on kycnot.me.
Yeah, I think you’ll create a Google account as part of the Google Fi account creation process.
If that really bothers you, use a different MVNO. Some offer free trials, but even if not, it’s not too bad to buy a month of service. My provider is Tello, and the minimum service that’ll give you SMS is $5/month. If you’re clever, you can probably also find a VOIP provider that does SMS for really cheap.
My point isn’t that Google Fi specifically is what you should use, just that it’s an example of a service that offers a free trial, so you can sign up for Signal for free.
I get the point, I just said how bad of an example this is, lol
It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I won’t use Telegram or Signal because of this.
It’s about your posture. Most people who use signal use it to have privacy from governments. They’re not hiding that they use signal, they’re hiding what they write on signal. In this case, using your phone number isn’t a big deal.
Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.
Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is “good enough” for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I don’t know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.
But putting a phone number in immediately exposes protesters to association. Sure, Signal can’t give out the contents of messages, but it still has the chain of contact. So if a government gets hold of this record, legally or otherwise, now you have everyone associated to a suspect phone number/person and can start rounding them up.
It’s the complete antithesis of freedom of association when there’s a record of everyone that you’ve contacted. The contents don’t enter into that problem, and I can’t see why they feel the need to keep this as part of their system. It purposely makes it impossible to use this for something like peaceful protest. So, no, it doesn’t give you privacy from governments, because governments that don’t respect freedom of association will use that information to punish dissidents.
I can’t imagine any reason to use phone numbers except to purposefully keep this chain of association for governments to use. Even Facebook doesn’t require this sort of personal proof, and it’s suspicious as hell.
Sure, Signal can’t give out the contents of messages, but it still has the chain of contact.
it doesn’t. they’ve been ordered to hand over data multiple times, and the only thing tied to the phone number they have is 1. time the account has been created and 2. last time the account connected to the server: https://signal.org/bigbrother/
You’re mistaken on the basis of your beliefs here. Signal only had two pieces of data around your phone number (joined datestamp, last online datestamp). This means that governments can’t petition signal for any more information, since signal simply doesn’t have it to give (by design).
Your point on fb is hilarious, because they do require it. They just don’t require you to input it, because (1) they already have it and (2) you freely provide the missing pieces without them even asking. But, like I said earlier, if this goes against your posture, use something like Briar or Matrix or whatever. Choice exists, because everyone is different and has different postures.
The Signal pitch is that you don’t need identity security so long as the encryption is strong enough.
That is, incidentally, the same pitch Botcoiner make.
I’ve been using it for a while and by far the biggest issue is how giant the backup file is and now about 3Gb of data were lost because of a signal version mismatch between an old phone I was using and the new one I switched to.
For me, today the best messaging app is SimpleX, it is a bit in early development but it’s already really nice.
Signal is the best thing going on in tech these days. I’m very glad it’s being led by Meredith Whittaker.
Did you know you can get a cool badge on your profile pic if you’re a recurring donor? $5 a month is far less than the value I get from it, but that’s all it takes for a cool badge (and knowing that you’re doing something active against the awful state of big tech today).
Just to add to this, I also like to use the “donate for a friend” option to gift friends a donation to Signal on their birthdays. It’s also $5 but a one-off thing, they get a neat badge for 60 days and perhaps it raises awareness of the donation option a little bit!
deleted by creator
“hashtag anarchist yacht club”
Lmfao
As long as they stay away from public ‘channels.’
There lie dragons.
What is signal anyway? I’ve never paid attention to phone apps much. Why isn’t it on F-droid if it’s FOSS? Is it like irc but with encryption? I guess I should look into it.
It’s more like WhatsApp or messenger (pick your poison on which one I am referring). Fairly lightweight. No useless features. And I think there’s an F-Droid version, running as Molly.
Interesting, it looks like molly.im has its own f-droid repo, but there is nothing about Molly in the regular f-droid repo. Thanks though. I guess I should look into this a bit more. I’m way out of date with phone stuff.
Molly allows you to use alternative push servers (instead of Google’s), amongst other things.
And (what is important to me now) allows using any Socks proxy instead of only Signal’s own censorship-bypassing solutions. This is a weird decision on Signal’s part, because in places like this, you might need to switch between various protocols when the old ones stop working. And for Signal, developing censorship evasion is not the primary task so naturally they would not be as advanced and quickly-evolving as the communities dedicated to it.
Oh interesting, yeah I saw some reference to Signal relying on some kind of Google service. I figure I would want to self-host anything I was serious about. It also looks like these things do video chat, so they’re much more elaborate (perhaps unnecessarily) than IRC, which is text-only. I’ve never used Whatsapp and am not even sure what it is, except that for a while I confused it with Instagram.
I’ve installed GNU Jami and that seems like enough for video chat? I just haven’t had occasion to actually use it. I’m not a video guy and frankly am usually happy with email. PGP from the 1980s still works fine, if anyone cares.
The aim of Signal Foundation is to displace the likes of WhatsApp and Messenger thus it has to support all modern and expected features.
Interestingly enough WhatsApp uses Signal’s protocol for encryption, it’s part of the planned messaging interop forced on Meta by EU.Thanks that is interesting. I wonder if newer versions will use MLS.
Wasn’t there some controversy about Signal’s creation being supported by the US government to provide private communications for anti-us-enemy organisation or something? I’m sure I remember it correctly…
https://www.theregister.com/2024/05/14/telegram_ceo_calls_out_rival/
Alleged and mostly bullshit from the Telegram founder it seems.
I wish Signal was developed more openly, more like the linux kernel for a “critical infrastructure” example. I wish it had more features, so it could take the place of something like Slack. I wish it supported interoperability like fedi.
But it’s good for what it is and I sure am glad it’s around. People who disrespect it don’t know what they’re talking about.
Isn’t matrix more like slack that you are looking for?
You know, if you want to replace Slack, look into Mattermost. It’s foss but otherwise pretty much exactly what Slack does so well.
I love the idea of signal, and want to use it and invite friends to it. But then I remember I don’t really want to message anyone, and don’t really have friends because I have no interest in messaging people.
Cool story bro
Nobody is going to use Signal when it lacks so many features. Feels like MSN messenger compared to it’s peers.
what do you mean? i use it a lot and it works great, photos, videos, phone calls, optional temporary location sharing with friends, and encryption.
what features do you want it to have that it’s lacking?
Don’t forget voice calls! It has some rough edges there (my audio doesn’t always connect successfully, etc), but when it works the codec sounds better than a standard phone call and there’s no mass surveillance. I use it in place of phone calls for all the people in my network who have it, including my immediate family.
that’s a great point, i use the voice calls daily.
added above.
And video! Group video too!
Don’t forget, cross-platform!
i totally forgot, another great point
Yea we heavily use it in the army
very cool, i had no idea.
free, convenient, reliable encryption.
My guess is it heavily private and does not have channels
does not have channels
except that it does. you can make a public group with a shareable link, and change permissions so that only the admins can post.
very weak bait
Judging from the comments, it seems like you’re wrong.
You suck, man
Lol
I liked msn messanger when it was around.
It was indeed great.
15 years ago.
