this post was submitted on 03 Dec 2023
247 points (100.0% liked)

Technology

37739 readers
649 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.

top 50 comments
sorted by: hot top controversial new old
[–] helenslunch@feddit.nl 68 points 11 months ago* (last edited 11 months ago) (4 children)

I love Signal but this is one of many problems with centralized servers. Not only can they be disabled by the gov but they cost, as seen here, tens of millions of dollars to keep running at scale.

What is the advantage? Why are we not using P2P systems? If I can download a 30GB video problem-free over and over again, shouldn't it be simple enough to do with a 1mb text file?

A huge part of their costs is just verifying phone numbers, which is something the service does not need and shouldn't even have.

[–] Saik0Shinigami@lemmy.saik0.com 38 points 11 months ago (1 children)

to do with a 1mb text file

God you must be like my wife and write fucking novels as text messages.

[–] thanks_shakey_snake@lemmy.ca 12 points 11 months ago (1 children)

Lol I think they probably mean like an entire chat history (or page of one), but yeah that's pretty big.

load more comments (1 replies)
[–] u_tamtam@programming.dev 27 points 11 months ago (2 children)

If you are curious, you should give XMPP a shot, it's equivalent to Signal in terms of encryption, but anyone can host their own. Signal is ideologically opposed to anyone but themselves being in control of your account, and because of that I don't want to trust them.

[–] helenslunch@feddit.nl 23 points 11 months ago (10 children)

That's great except barely anyone I know uses Signal, much less XMPP

[–] admiralteal@kbin.social 17 points 11 months ago (3 children)

And now here I am, nostalgic for the good old days of having one chat app that could connect you to everyone over XMPP/jabber.

load more comments (3 replies)
[–] squeakycat@lemmy.ml 8 points 11 months ago (6 children)

Indeed. Xmpp is lost as a general purpose chat app for everyone. I have many issues with matrix but it's the best chance we have, particularly with bridges.

[–] kpw@kbin.social 8 points 11 months ago (1 children)

XMPP is the IETF Internet Standard while Matrix is just another custom IM protocol managed by a venture capital funded startup which keeps losing money.

load more comments (1 replies)
load more comments (5 replies)
load more comments (8 replies)
[–] master5o1 10 points 11 months ago (9 children)

Ten years ago sure, the days I'd suggest matrix instead.

load more comments (9 replies)
[–] GenderNeutralBro@lemmy.sdf.org 20 points 11 months ago (1 children)

It's difficult to maintain privacy in a P2P environment. In naive implementations, your IP address will be visible to all the peers you connect to. This is the case in e.g. BitTorrent.

Signal has this issue with video/voice calls as well; by default they operate on a P2P basis for performance reasons, and they expose your IP address to the second party. Signal has an option in the settings to relay voice/video calls through their servers specifically to mitigate this.

There are some workarounds for anonymizing P2P, like routing through Tor or I2P. Tor, however, has known exploits and is probably not suitable if you need to hide your activity from advanced adversaries like world governments (e.g. political dissidents, journalists, etc.)

I2P sounds interesting but I'm not deeply familiar with it. I understand that I2P clients also act as relay nodes, which puts an additional bandwidth burden on users. I'm not sure if I2P is more resilient against government-level attacks than Tor. I'd be interested to hear from anyone who is more familiar with the protocol.

[–] helenslunch@feddit.nl 10 points 11 months ago (4 children)

I am not concerned with the people I'm actively chatting with having my IP address.

[–] GenderNeutralBro@lemmy.sdf.org 11 points 11 months ago

If you're using it for personal correspondence with people you know and trust, that's probably fine. However, a secure and private communications platform should support more extreme use cases as well.

If you're a journalist, for example, you might need to communicate with people you do not know or trust. You could realistically be talking to someone who wants to kill you, or who is being monitored by people who want to kill you, particularly if you are covering high-profile political issues or working with whistleblowers (or are yourself a whistleblower). Even revealing information as broad as what city you're in (which would be revealed by your IP address) could be a risk to your physical safety.

Even though I do not personally face such high-level threats in my life, I feel better using services that allow for the possibility. Privacy is a habit, and who knows what tomorrow might bring?

load more comments (3 replies)
[–] fer0n@lemm.ee 17 points 11 months ago* (last edited 11 months ago) (3 children)

I‘m not an expert on this topic, so someone correct me if I’m wrong. Signal is only storing stuff temporarily to pass it on, so I’m assuming you’d have the exact same costs even if it weren’t centralized. Maybe even more as it’s probably cheaper to have it managed in one place. I’m assuming all this would do is distribute the cost, but otherwise be the same?

[–] helenslunch@feddit.nl 12 points 11 months ago* (last edited 11 months ago) (1 children)

I’m assuming all this would do is distribute the cost, but otherwise be the same?

Exactly. I can locally process the 1-3 messages/day I send on my device rather than having billions of messages processed on a single server.

I can even host my own Matrix or XMPP encrypted server on a $100 machine consuming ~7W and host several hundred users easily.

load more comments (1 replies)
[–] avidamoeba@lemmy.ca 11 points 11 months ago* (last edited 11 months ago)

You're not wrong. Federation would have higher costs but distributed over more people. Even with pure P2P a-la BitTorrent things might not be significantly cheaper because you'd likely still need to host authentication centrally or federally. You'd only eliminate the message bandwidth costs.

The thing is, we already have a way to distribute the costs - people subscribe to support Signal. Some pay more, others less. Whether I run a node that serves 100 people or subscribe for $10/month, it's somewhat equivalent. So the practical takeaway should be - if you want for Signal to keep signalling - subscribe if you can afford it.

[–] admiralteal@kbin.social 7 points 11 months ago* (last edited 11 months ago) (12 children)

The difference is that there's enough unused capacity on your personal device to handle all the traffic any typical user needs to handle in a day many times over, for simple messaging. Likely, that load is so little it won't even affect your battery life.

load more comments (12 replies)
[–] jmcs@discuss.tchncs.de 45 points 11 months ago (2 children)

Funnily enough their biggest expense (sending SMS during registration) is making the accounts less private.

[–] smeg@feddit.uk 40 points 11 months ago (1 children)

I imagine not paying for it and being overloaded with spam bots would be more expensive (otherwise they wouldn't be doing it this way!)

load more comments (1 replies)
[–] SatyrSack@lemmy.one 7 points 11 months ago (1 children)

Privacy and anonymity are not the same thing.

load more comments (1 replies)
[–] TWeaK@lemm.ee 32 points 11 months ago (8 children)

They could save a lot on infrastructure costs if they decentralised their network and stopped using phone numbers as unique identifiers.

[–] ultra@feddit.ro 33 points 11 months ago (2 children)

I'm all for decentralised networks, but they do have their flaws. I use Matrix every day, and there are a lot of times the keys need to be resent, messages don't get sent or deleted on shaky internet, etc. Issues like this make it seem broken to normies. Signal Just Works™️

[–] TWeaK@lemm.ee 15 points 11 months ago

Absolutely, and I use Signal for a few things. It's not a perfect solution, but it's far better than most (looking at you, Facebook's WhatsApp, with your previous Pegasus attack vector).

[–] abhibeckert@beehaw.org 9 points 11 months ago* (last edited 11 months ago) (5 children)

Signal Just Works™️

Until you drop your phone in the swimming pool, and every message/photo you've ever received is just... gone. Forever.

Sorry but I don't buy any claim that Signal "just works". It's pretty clear they care about security more than anything else even when that means making decisions that are user hostile. And that's fine - if you feel like you need that level of security I'm glad Signal exists. But it doesn't really align with the general public and Signal is never going to be a mass market messaging service unless something changes (Signal or the general public).

What's weird to me is an app that excludes itself from phone backups considers SMS a valid form of authentication when a user links a device to a phone number - especially when you can necessarily link a device to a number that is already tied to someone else's device. Like how is that ever going to be secure? Spoiler: it's not. It'd make a lot more sense to me if users simply crated a username and shared it with other people instead of a phone number... and if they forget their password... come up with new username.

[–] slowbyrne@beehaw.org 8 points 11 months ago

Signal provides a backup option. The auto backup for SMS on android is provided by google and likely uses google drive. I don't know for certain but I would guess the encryption options and security of that route would be impossible to guarantee and the public backlash of signal users knowing their data was being sent to Google's servers would be massive.

I've setup my signal backups to a local folder on my phone. I then have SyncThing running on my phone and home computer so it automatically gets sent once it's created.

load more comments (4 replies)
load more comments (7 replies)
[–] onlinepersona@programming.dev 32 points 11 months ago (4 children)

In total, around 50 full-time employees currently work on Signal

[...]

When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.

That's 380k/employee on average. Even if half of that went to taxes and other expenses, on average they're paying their employees around 190k/year.

Bro, as a European dev, that's triple my salary! They could possibly double or triple their workforce if they hired from outside of the US.

[–] snrkl@lemmy.sdf.org 23 points 11 months ago (2 children)

When running a business, you need to budget 3x salary for actual TCO of a staff member:

1x covers their direct salary 2x covers retirement fund, electricity, office space, and infrastructure items unlike server and laptops for corporate use etc.

The 3x multiplier is for when you're a services company, and that represents a possibly profit margin.

So for signal, your $380k becomes $190k which in my experience is average for a US tech sw dev at a mid to early senior level.

I donate to signal monthly and I have no problems with the costs they're posting. I work in SV tech and I've seen 20x worse numbers.

[–] bradorsomething@ttrpg.network 10 points 11 months ago (1 children)

I’m extremely curious where you get those numbers from, I operate businesses and that doesn’t pass the sniff test.

load more comments (1 replies)
load more comments (1 replies)
[–] papertowels@lemmy.one 14 points 11 months ago (3 children)

As an American dev, you should check out other silicon valley salaries. After hearing what some folks there make 190k doesn't make me bat an eye.

load more comments (3 replies)
[–] OsrsNeedsF2P@lemmy.ml 8 points 11 months ago (3 children)

I don't care if employees are well paid. I do care that Signal takes 50 employees to operate. What are they all doing? This is a genuine question

[–] onlinepersona@programming.dev 28 points 11 months ago (3 children)

You did not read the article, did you?

This is a lot of work, and we do it with a small and mighty team. In total, around 50 full-time employees currently work on Signal, a number that is shockingly small by industry standards. For example, LINE Corporation, the developers of the LINE messaging app popular in Japan, has around 3,100 employees, while the division of Kakao Corp that develops KakaoTalk, a messaging app popular in Korea, has around 4,000 employees. Employee counts at bigger corporations like Malus, Meta, and Google’s parent company (Alphabet) are much, much higher.

[–] OsrsNeedsF2P@lemmy.ml 12 points 11 months ago* (last edited 11 months ago) (2 children)

I can't speak for LINE - But Kakao does a heck of a lot more than messaging; it's one of the top companies to work for and the defacto app of Korea. It's used for taxis, webtoons, payments, music streaming, banking, social media, OAuth, etc (and that's on top of all its failed ventures no one uses). So yeah, it makes sense to have a lot more employees. Getting into Kakao is like getting into Google or Apple in the West.

It also doesn't explain why Signal has 50. Signal is open source, but openly hostile to forks which throttles its development. So I wonder, what are those 50 employees doing? I genuinely would like to see a breakdown

load more comments (2 replies)
[–] AndrasKrigare@beehaw.org 10 points 11 months ago (1 children)

You didn't read their question, did you? Because your quote does not answer it.

load more comments (1 replies)
[–] larouxn@beehaw.org 10 points 11 months ago

Worth mentioning, as someone has for Kakao below, the LINE app has a magnitude or two or three more features than Signal. Beyond chat, the app handles payments including retail via QR, effectively has Instagram and TikTok built in, has an entire news section, and much more.

Heck, LINE the company even has permanent and pop-up merchandise stores in downtown Tokyo (Harajuku) and their own MVNO mobile carrier called LINE Mobile.

Now that said, I loathe LINE, the app. The UX is poor and the app is bloated behind belief. Only use it effectively out of necessity as someone living in Japan. The only alternative communications channel even remotely close in usage is probably Instagram chat.

[–] Poutinetown@lemmy.ca 25 points 11 months ago

When Whatsapp was sold to Facebook in 2014, they had 55 employees. Considering the app had considerably less features and did not focus so heavily on encryption and privacy, Signal can be considered even leaner than Whatsapp.

Now, for the actual breakdown, they have at least the following technical teams: desktop, android, iOS, server, calls (ringrtc), core (libsignal). If we assume a team has usually 5 people (manager, Sr SWE, Jr SWE, QA, maybe PM), that's already 30 people. On top of that, they have an in house support team (don't know the size but I wouldn't be surprised if they have 10ppl on the payroll considering the number of signal users) and management (CEO, CTO, CSO, VP), which will quickly add up to around 50.

[–] Tosti@feddit.nl 8 points 11 months ago* (last edited 11 months ago)

Purged by creator

load more comments (1 replies)
[–] Vlyn@lemmy.zip 15 points 11 months ago (5 children)

Is it just me or is $19 million per year for 50 full-time employees insane?

Even for US salary standards.

[–] KLISHDFSDF@lemmy.ml 31 points 11 months ago (2 children)

Not necessarily.

Signal has people who are experts in their field. They engineer solutions that don't exist anywhere else in the market to ensure they have as little information on you as possible while keeping you secure [0]. This in turn means high compensation + benefits. You don't want to be paying your key developers peanuts as that makes them liable to taking bribes from adversaries to "oops" a security vulnerability in the service. In addition, the higher compensation is a great way to mitigate losing talent to private organizations who can afford it.

[0] Signal has engineered the following technologies that all work to ensure your privacy and security:

load more comments (2 replies)
[–] phoenixes@beehaw.org 11 points 11 months ago

My guess: People who can be as competent with security as they need are very expensive.

[–] Jellewho@beehaw.org 9 points 11 months ago (3 children)

For the current distribution I quote from the linked source :

Current Infrastructure Costs (as of November 2023): Approximately $14 million dollars per year.

  • Storage: $1.3 million dollars per year.
  • Servers: $2.9 million dollars per year.
  • Registration Fees: $6 million dollars per year.
  • Total Bandwidth: $2.8 million dollars per year.
  • Additional Services: $700,000 dollars per year.
load more comments (3 replies)
[–] avidamoeba@lemmy.ca 8 points 11 months ago* (last edited 11 months ago) (2 children)

Not at all. That's $380K per person if everyone is making the same. Engineers with a few years of experience at Meta make $400K+.

load more comments (2 replies)
[–] TheChurn@kbin.social 6 points 11 months ago

Role of thumb is an employee costs roughly twice their base salary, as the employee still needs to cover insurance, taxes, sick time, and other benefits.

That leaves an average salary of 190K for the 50 employees. That isn't much for tech.

[–] meteokr@community.adiquaints.moe 12 points 11 months ago (5 children)

Would be interesting to see how this compares to XMPP or Matrix. Obviously the development costs something for each of those, but the hosting costs are spread out across each of those hosting an instance.

load more comments (5 replies)
[–] pineapplelover@lemm.ee 8 points 11 months ago

They should do a charity stream event or something. Do Q&A stuff, get interest of more people, and raise money?

[–] visnudeva@lemmy.ml 8 points 11 months ago (4 children)

Are decentralised apps like element much less expensive ?

[–] Zworf@beehaw.org 10 points 11 months ago

The costs are distributed as there is not one single instance. Just like with Lemmy.

Although there is one huge instance on matrix (matrix.org), a bit like lemmy.ml here. But it doesn't have to be like that, they can close signups or discourage them similar to the way lemmy.ml is doing that now.

[–] amki@feddit.de 8 points 11 months ago (1 children)

The load distributes across more shoulders automatically.

If you only host a server for yourself and 10 friends it costs next to nothing, if you have a big operation it can get just as expensive, it depends on what you are willing to do.

With centralized systems there is no choice but for the one centralized host to host everything.

load more comments (1 replies)
load more comments (2 replies)
load more comments
view more: next ›