We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.
I love Signal but this is one of many problems with centralized servers. Not only can they be disabled by the gov but they cost, as seen here, tens of millions of dollars to keep running at scale.
What is the advantage? Why are we not using P2P systems? If I can download a 30GB video problem-free over and over again, shouldn’t it be simple enough to do with a 1mb text file?
A huge part of their costs is just verifying phone numbers, which is something the service does not need and shouldn’t even have.
If you are curious, you should give XMPP a shot, it’s equivalent to Signal in terms of encryption, but anyone can host their own. Signal is ideologically opposed to anyone but themselves being in control of your account, and because of that I don’t want to trust them.
That’s great except barely anyone I know uses Signal, much less XMPP
And now here I am, nostalgic for the good old days of having one chat app that could connect you to everyone over XMPP/jabber.
Pidgin exists
Please, don’t recommend pidgin, it’s a security hellhole, and a pretty terrible XMPP client at that. If you want something with a similar vibe, check-out https://dino.im/ or https://gajim.org/ if you are more on the “power-user” side of things :)
Yeah you could even communicate between facebook and google easily. The world didn’t have to be full of walled gardens.
Indeed. Xmpp is lost as a general purpose chat app for everyone. I have many issues with matrix but it’s the best chance we have, particularly with bridges.
XMPP is the IETF Internet Standard while Matrix is just another custom IM protocol managed by a venture capital funded startup which keeps losing money.
I don’t disagree with that statement; however, that doesn’t make it something the general public will embrace. Its mess of extensions are top little too late. That ship has long sailed. And I say this as someone that prefers using XMPP for 1:1 chats
Edit: Sorry, I responded to the wrong parent.
I don’t believe Matrix is better positioned than XMPP to succeed. On a technical aspect, Matrix hasn’t managed to stabilize its protocol, and they’ve been a decade into it. This has resulted in only a single organization being in charge of the protocol, the client and the server implementations. This isn’t sound, this isn’t sustainable. And now, unsurprisingly, this organization is in a financial crisis, has lost important customers, has no budget secured to maintain its staff in the next years, and recently underwent a major licensing change that we can only interpret as a shift towards an opencore model at the detriment of the regular user.
The license change is to a GPL variant from the Apache license. How does that affect the regular user? Wouldn’t it be better?
I can’t pretend to know the future, but if you read between the lines and the justifications provided, this isn’t really about AGPL per se, but about Element brokering AGPL exceptions. Practically we can expect all kinds of forks with opencore options that might enshittify the user experience in different ways, and further solidification of Element’s single-handed control over Matrix (which had been a prime concern for many years). Matrix is by the day closer to the closed-source centralized silos it was first pretending to oppose.
And don’t forget the CLA!
I hear what youre saying, I don’t like the license exceptions. I just hope it doesnt go that route.
Neither XMPP nor Matrix will ever become “the next WhatsApp”: the current internet has seen too much consolidation for the tech majors to permit it (and open and federated protocols can’t compete, do not have the marketing budget nor the platforms to promote their software, but I salute the EU’s Market Act attempt to shake-up the status quo).
But that doesn’t really matter IMO. What (I believe) is important in the grand scheme of things is that such protocols remain alive, maintained and secure, so that:
-
small-scale instances can flourish and contribute to a more resilient/efficient internet (think of family-/district-level providers ; this is the kind of service I personally offer: family members and friends at large appreciate that the messages and data that we exchange aren’t shared over some cloud or facebook server for no good reason)
-
IM identities can persist over time: if you are a business or an individual, you may want to look into having a stable/lasting contact address, that will survive the inevitable collapse of facebook/whatsapp/instagram/… If you are old enough, your current email address probably existed before facebook. Why not your IM address?
And yes, I hear you, this is rather niche, but what got me there (and on XMPP in particular) is having been long-enough on the internet to become tired of the never-ending cycle of migrations from service to service. More and more people will have a similar experience as time goes, so this niche will only grow :)
the current internet has seen too much consolidation for the tech majors to permit it
While that may or may not be true, it’s really not important for several reasons.
-
All current XMPP clients I have seen are janky as fuck.
-
No one is going to spend the billions of dollars necessary to advertise XMPP clients to end users who aren’t actively looking for them.
-
The vast majority obviously doesn’t care about their privacy.
Just seems like a fruitless endeavour.
Which xmpp clients have you used? Conversations and its forks seem far from janky. Movim is nice, Dino is looking good, Kaidan is looking pretty good. Prose could be interesting.
WhatsApp started is an XMPP client, but they use lots of proprietary extensions (doesn’t matter since they don’t federate). You can build very robust and scalable messengers with it if you want to.
The open source implementations are developed by like 1-2 guys in their spare time and they’re not far behind (and sometimes even ahead) other federated messengers which received tens of millions in venture capital funding.
You can build very robust and scalable messengers with it if you want to.
What about feature-rich and with a nice UI?
Nothing in the XMPP RFCs says you can’t do that. Go ahead.
-
-
If you need to convince your friends to use some app it might as well be XMPP compatible instead of another walled garden. If you can get your friends on board, you win, even if nobody else uses it.
I‘m not an expert on this topic, so someone correct me if I’m wrong. Signal is only storing stuff temporarily to pass it on, so I’m assuming you’d have the exact same costs even if it weren’t centralized. Maybe even more as it’s probably cheaper to have it managed in one place. I’m assuming all this would do is distribute the cost, but otherwise be the same?
I’m assuming all this would do is distribute the cost, but otherwise be the same?
Exactly. I can locally process the 1-3 messages/day I send on my device rather than having billions of messages processed on a single server.
I can even host my own Matrix or XMPP encrypted server on a $100 machine consuming ~7W and host several hundred users easily.
XMPP maybe. Matrix is a bloated protocol which costs a lot more to host.
The difference is that there’s enough unused capacity on your personal device to handle all the traffic any typical user needs to handle in a day many times over, for simple messaging. Likely, that load is so little it won’t even affect your battery life.
Wouldn’t you still need a server in between to temporarily store the messages if the other person isn’t available?
No, P2P = Peer to peer, meaning no servers are required in between.
Wouldn’t that mean both have to have a connection at the same time? What if one is offline?
Wouldn’t that mean both have to have a connection at the same time?
Yes.
What if one is offline?
How do you think you’re going to receive messages offline?
How much time does your phone spend offline?
One device can send a receipt when received. If the other device doesn’t receive that receipt it can just keep pinging periodically until it receives it.
You can also just hook up any old phone or computer, install the app, and let it run as the server.
For more info on how this currently works you can check out Keet.io
You can also just hook up any old phone or computer, install the app, and let it run as the server.
If you have a static IP address, if you want to bother with securing and maintaining it, if you’re willing to deal with downtime when something inevitably breaks, if you’re willing to deal with lost data or also maintaining a backup solution, if… a dozen other things that most people don’t want to deal with.
Funnily enough their biggest expense (sending SMS during registration) is making the accounts less private.
I imagine not paying for it and being overloaded with spam bots would be more expensive (otherwise they wouldn’t be doing it this way!)
There are lots of reasons to want fewer spam bots and verified identities other than cost.
They could save a lot on infrastructure costs if they decentralised their network and stopped using phone numbers as unique identifiers.
I’m all for decentralised networks, but they do have their flaws. I use Matrix every day, and there are a lot of times the keys need to be resent, messages don’t get sent or deleted on shaky internet, etc. Issues like this make it seem broken to normies. Signal Just Works™️
Absolutely, and I use Signal for a few things. It’s not a perfect solution, but it’s far better than most (looking at you, Facebook’s WhatsApp, with your previous Pegasus attack vector).
Signal Just Works™️
Until you drop your phone in the swimming pool, and every message/photo you’ve ever received is just… gone. Forever.
Sorry but I don’t buy any claim that Signal “just works”. It’s pretty clear they care about security more than anything else even when that means making decisions that are user hostile. And that’s fine - if you feel like you need that level of security I’m glad Signal exists. But it doesn’t really align with the general public and Signal is never going to be a mass market messaging service unless something changes (Signal or the general public).
What’s weird to me is an app that excludes itself from phone backups considers SMS a valid form of authentication when a user links a device to a phone number - especially when you can necessarily link a device to a number that is already tied to someone else’s device. Like how is that ever going to be secure? Spoiler: it’s not. It’d make a lot more sense to me if users simply crated a username and shared it with other people instead of a phone number… and if they forget their password… come up with new username.
Signal provides a backup option. The auto backup for SMS on android is provided by google and likely uses google drive. I don’t know for certain but I would guess the encryption options and security of that route would be impossible to guarantee and the public backlash of signal users knowing their data was being sent to Google’s servers would be massive.
I’ve setup my signal backups to a local folder on my phone. I then have SyncThing running on my phone and home computer so it automatically gets sent once it’s created.
You want SimpleX then. No number needed.
+1 for this. From my tests, SimpleX seems fast, reliable, secure, and private. I haven’t tried daily driving it, though.
Downside is minor bugs re inviting friends:
Gets confused by invites from Facebook (can’t automatically strip the trailing tracking code from the URL).
Fails scan of QR invite with your maybe camera app. Must scan from app.
deleted by creator
How?
There’s an IETF internet standard for federated messaging called XMPP. Just be compatible with the standard. It also allows for extensions if you offer more than the core spec.
There’s a few forks that have done it. You could also look to Matrix to see how they’ve done it.
November 9th, the verge: Signal tests usernames so you can avoid sharing your phone number
the phone number is still going to be required for making an account, you can just choose to not share it with others and give them your username instead.
Yes but you still need one and you still lose access to your account if you lose your number.
In total, around 50 full-time employees currently work on Signal
[…]
When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
That’s 380k/employee on average. Even if half of that went to taxes and other expenses, on average they’re paying their employees around 190k/year.
Bro, as a European dev, that’s triple my salary! They could possibly double or triple their workforce if they hired from outside of the US.
I don’t care if employees are well paid. I do care that Signal takes 50 employees to operate. What are they all doing? This is a genuine question
You did not read the article, did you?
This is a lot of work, and we do it with a small and mighty team. In total, around 50 full-time employees currently work on Signal, a number that is shockingly small by industry standards. For example, LINE Corporation, the developers of the LINE messaging app popular in Japan, has around 3,100 employees, while the division of Kakao Corp that develops KakaoTalk, a messaging app popular in Korea, has around 4,000 employees. Employee counts at bigger corporations like Malus, Meta, and Google’s parent company (Alphabet) are much, much higher.
I can’t speak for LINE - But Kakao does a heck of a lot more than messaging; it’s one of the top companies to work for and the defacto app of Korea. It’s used for taxis, webtoons, payments, music streaming, banking, social media, OAuth, etc (and that’s on top of all its failed ventures no one uses). So yeah, it makes sense to have a lot more employees. Getting into Kakao is like getting into Google or Apple in the West.
It also doesn’t explain why Signal has 50. Signal is open source, but openly hostile to forks which throttles its development. So I wonder, what are those 50 employees doing? I genuinely would like to see a breakdown
Oh so it’s basically the Facebook of Korea.
Yeah it’s the hostility to forks and federation I genuinely don’t like. Federation is important, and forks are important so I can use the service as I wish, not as they wish me to.
Of course it’s a market and I can vote with my feet and I have. I just linked it to Matrix for availability but I don’t actively use it from my end. And I have a grand total of 1 person regularly communicating with me through it :P Versus about 50 on whatsapp and another 50 on telegram (not to mention the countless telegram groups I’m in). But they all end up in one and the same matrix for me <3
Self-hosting all these bridges used to be a royal PITA but there’s some very kind people that made this amazing ansible playbook that takes care of it all now.
Worth mentioning, as someone has for Kakao below, the LINE app has a magnitude or two or three more features than Signal. Beyond chat, the app handles payments including retail via QR, effectively has Instagram and TikTok built in, has an entire news section, and much more.
Heck, LINE the company even has permanent and pop-up merchandise stores in downtown Tokyo (Harajuku) and their own MVNO mobile carrier called LINE Mobile.
Now that said, I loathe LINE, the app. The UX is poor and the app is bloated behind belief. Only use it effectively out of necessity as someone living in Japan. The only alternative communications channel even remotely close in usage is probably Instagram chat.
You didn’t read their question, did you? Because your quote does not answer it.
Good thing I wasn’t answering the question then, but the implication that 50 people to operate is too much.
When Whatsapp was sold to Facebook in 2014, they had 55 employees. Considering the app had considerably less features and did not focus so heavily on encryption and privacy, Signal can be considered even leaner than Whatsapp.
Now, for the actual breakdown, they have at least the following technical teams: desktop, android, iOS, server, calls (ringrtc), core (libsignal). If we assume a team has usually 5 people (manager, Sr SWE, Jr SWE, QA, maybe PM), that’s already 30 people. On top of that, they have an in house support team (don’t know the size but I wouldn’t be surprised if they have 10ppl on the payroll considering the number of signal users) and management (CEO, CTO, CSO, VP), which will quickly add up to around 50.
Purged by creator
That is indeed a lot. They must have most of these in Silicon Valley.
However it is their choice to do so. They don’t have to be in the most expensive place in the world for developers.
I prefer sponsoring matrix though as it’s really open. Signal is just a slightly nicer walled garden. Also, Matrix doesn’t need to be linked to my mobile number which is a godsend because I tend to change those once in a while and it’s a real nightmare bringing all whatsapp contacts over.
Would be interesting to see how this compares to XMPP or Matrix. Obviously the development costs something for each of those, but the hosting costs are spread out across each of those hosting an instance.
Yup, that’s a big reason why centralized protocols aren’t sustainable. XMPP is 25 years old (which is older than almost anything else on the contemporary internet) and thriving. Unfortunately, judging by the cycle of messengers coming and dying, and people still being eagerly part of that, this isn’t something that people value very much.
this isn’t something that people value very much.
More likely something people don’t even know about since no one is out there spending billions of dollars singing the song of XMPP.
Forgive the ignorance but does xmpp have the same features as signal, particularly around e2e encryption?
It’s possible to implement XMPP with E2E encryption, there are at least 2 ways to do it.
But of course it only works if both users use a client and server that support it.
Worth mentioning that most modern clients support omemo at this stage.
Are decentralised apps like element much less expensive ?
The costs are distributed as there is not one single instance. Just like with Lemmy.
Although there is one huge instance on matrix (matrix.org), a bit like lemmy.ml here. But it doesn’t have to be like that, they can close signups or discourage them similar to the way lemmy.ml is doing that now.
The load distributes across more shoulders automatically.
If you only host a server for yourself and 10 friends it costs next to nothing, if you have a big operation it can get just as expensive, it depends on what you are willing to do.
With centralized systems there is no choice but for the one centralized host to host everything.
Then is it better to use element over signal as decentralised apps may be more sustainable for long term use ?
Element has the same costs as Signal. So far, Element has been lucky in being able to raise money by selling support contracts to governments or companies using Matrix, but even that isn’t enough, which is why Element has been raising money for the Matrix Foundation for almost a year now (with little success).
No but they do have commercial clients, even some government departments.
They’re also trying to sell Element One directly to end users which involved a few bridges like connection to whatsapp, signal and telegram. Not a bad deal for 5 bucks a month IMO, though I run mine myself because I want to.
There’s also beeper which sells a service with (a lot) more bridges than Element One but costs twice the price. Their company sponsors most of the bridge development as they employ the main bridge developer.
They should do a charity stream event or something. Do Q&A stuff, get interest of more people, and raise money?
SimpleX Chat
Indeed. Same tech as Signal (minus the new quantum insurance thing) but without needing a phone number. Unfortunately it is buggy re invitations.
