749 comments

[ 4.1 ms ] story [ 353 ms ] thread
The centralized-infrastructure-Tower-of-Babel is about to collapse.

As much as I love Signal, we've got to move to things that are decentralized. I setup a prosody[1] server a while back, but have nobody to talk with. If anyone wants to try their system out, I'm bjt@2n3904.net on XMPP.

1 - https://prosody.im/

I can't figure out how to use it. xD
It's not the easiest thing to setup. There's a few places I'm sure which let you get free XMPP accounts, and a handful of good clients.

I'm using Conversations for Android. If you have a server that will allow self service registration, you can make an account right from the app.

Hi, Prosody dev here. It looks like your server isn't reachable. If you'd like help with that you can join the community support channel: https://prosody.im/discuss/
Aww beans. I looked at the IM observatory, and it seemed to check out fine...
Tried the server-to-server test?
Ahh cripes, I had port 5269 blocked. Whoop! Running the test now, thanks for the help!

Edit: Aaand I'm up! Got my first message. Thank you for your help, and for your work on Prosody!

And herein lies the reason decentralized isnt about uptime, when the server you use is down its down regardless how many use it and it doesn't matter to you others still work. It'll probably get more downtime over the years than the mega important one as well.

That's not to say decentralized doesn't have a ton of benefits just uptime for the user isnt one.

Out of interest, why was the Windows download deprecated? It's a bit much to expect mom & pop to be playing with WSL?
I thought signal was highly decentralized? What traffic does the server handle once two clients have "found" each other? Which I believe uses hashes of phone numbers.
This article from 2018 illustrates the architecture of Signal: https://sorincocorada.ro/signal-messanger-architecture/
Based on that, they use Google, Apple, Twilio and AWS in the backend. All who have shown they are willing to deplatform with little notice as the result of kneejerk public pressure.

How easily can Signal replace those dependencies if this comes for them?

"Extremists move to secret online channels": https://www.nbcnews.com/politics/congress/extremists-move-se...

As far as I know, Google and Apple are only used to send Push notifications to users. These are optional, and Signal on Android can be used without Google.

AWS S3 is/was used to share files with other users. It became a standardized API, with many alternatives supporting the protocol, so switching to a different provider or on-premises should not be difficult.

Signal intends to remove the dependency on phone numbers, and therefore Twilio, but this has not be done yet.

All IM apps rely on Google or Apple (on their respective platforms) for the push notifications. The alternative is polling in relatively small intervals, but that wakes up the app, which uses the battery without any real usage.

And if the OS decides to kill your app's process, your polling dies with it and you don't get notifications.

Cunningham's law is a beautiful thing, cheers :)
You are incorrect. Signal is a centralized client-server model.
(I wrote this in a dupe of this story so I'm posting an extended version of the message here. Maybe it is useful.)

Maybe that's a good reason to open for federation and now I wonder if it would be possible to have an user migration between servers without cooperation from the origin server. This would allow users to move to a new one without losing track of existing conversations.

Seems crazy, but the reason we can't do this with email is the lack of a generally agreed identity for an user account that does not depend on the server itself. Signal accounts have a "master" key that can provide this and it's only stored in the device and backups (it's the most trusted of all keys, after all).

A sketch:

- User creates an initial account on server X (account: user@serverX.org), the procedure includes signing a message saying "I use server X since $TIMESTAMP and this is the 1st server that I use";

- Everything works as now.

- User wants to change server, so they signs a new message "I use server Y since $TIMESTAMP and this is the 2nd server that I use" (account: user@serverY.org); this message is sent to all chats/groups/contacts and to the old server (as an information only, it may be already down or be non-cooperative). Contacts update the server part of the account and start sending messages through the new one. Maybe the user can still try to contact the old server for a while, for the event it delivers a message from a account that didn't get the first, but at some moment all users will get the new address.

Notice: I have no idea of how this can work with sealed senders of other metadata-prevention measures that Signal uses and we all love.

Bonus: no more dependency on phone numbers.

Or if it goes to an more email-like architecture were users only speaks with their servers, it can adopt concepts from djb's Internet Mail 2000 [https://cr.yp.to/im2000.html]. This will *not* work for current email due to the need of keeping compatibility with the enormous existing user base, but this problem does not exist for a new protocol.

Completely wrong, it's a service as centralized as Facebook.

Maybe you're mixing it up with Matrix, Briar, or some other decentralized chat system.

I wonder if Signal would be open to doing that.

I know they don't like third party implementations because then if you need to make a protocol change you'd have to wait 30 years for everyone else to update their clients. But if you're already requiring a single client that it makes it easier to do decentralized messaging for exactly the same reason.

Another option that works pretty well is to do both. So try decentralized (DHT / direct connection) first and fallback to a central server if that doesn't work. Then you're up as long as either one of them is working. And there is a lot less load on your central servers.

Can you run a Prosody server on a rasPI?

Do you need a static IP? (Xfinity appears alergic to allowing static IPs any more, and I am too lazy to setup my own router after 26 years setting up other peoples net infra..)

Id love to chat with you...

I'm sure you can... but I think one of the big hiccups is that you need DNS to point to your server if you want it to be externally available.

I've used XMPP servers for intra-organization chatservers before though, and it worked great!

>Can you run a Prosody server on a rasPI?

Sure.

>Do you need a static IP?

Well you need a domain name to identify your server. It's the same thing as with email. So however you can do that...

It might be less work to just use a preexisting public server:

* https://list.jabber.at/

> Can you run a Prosody server on a rasPI?

Easily.

> Do you need a static IP?

No, but you need access to a domain record to add the required entries for XMPP, and update them if your IP changes. One can do this for free (once you have a domain that points at their DNS records) with a provider like Digitalocean and their API to update the domains.

Set up guides: https://prosody.im/doc

Community to ask: https://homebrewserver.club/

Of course there are protocols like XMPP and Matrix.

But there are also solutions that don’t require everyone to host their own server. Rather, people just host impersonal nodes on the network and everyone uses the whole network together.

Examples would be Status[1] (Ethereum) and Session[2] (Oxen neé Loki).

I’m sure there are others that use this architecture too. I just like it because I don’t have to be personally concerned with who is running my “home server”. Because there is no one single home server in this model.

[1]: https://status.im/

[2]: https://getsession.org/

How does that work, though? You need to have some central database of user IDs, or can you just never have a user ID and will you need to add people by full public key. As soon as you try to map big public keys to a phone number, username, or some other short ID, you need some registration system, probably on a FCFS basis. How does that work in this "you can run but not manage your own server" type decentralized system? And who prevents message spam / abuse handling?

It sounds like these must be centralized systems presented as decentralization, similar to how Keybase marketed themselves as end to end encrypted and nobody noticed that you can't actually verify peer's keys thus making it TOFU (similar to blindly accepting ssh keys). (And when you asked people about their claims about Keybase, they'd tell you to RTFM regardless of whether you already said you did that... A marketing department can be very powerful even on HN.)

Status uses public keys, but you can optionally link an Ethereum Domain Name (ENS). So it’s basically like license plates where you can buy a vanity plate if you want. Also, friends can just add their own nickname for you in their contacts.

Personally I think that’s the best way to do it. Public keys aren’t very different from phone numbers at this point. Nobody memorizes phone numbers anymore either. Each person just has their own Rolodex mapping of keys to names.

> The centralized-infrastructure-Tower-of-Babel is about to collapse.

Is there any decentralized protocol that's in widespread use? Email is the only one, and if hackers take out Gmail and 2-3 other major email providers 99% of the world's personal email is gone.

This is the first big outage I've felt affects me personally in any meaningful way as someone who has tried to stay away from overly depending on cloud services and SaaS like Gmail or slack. I first noticed that a couple of hours ago my messages seemed to be hanging and going through without the typical confirmation. The status page has no more information than the title at this point.
At least they tell you about it - there's a banner on the top of the app. Last time WhatsApp was having issues, it didn't give any indication - messages just weren't being delivered (but as a user, there's no way to distinguish between "no messages" and "messages not being delivered").
I don't see a banner on the top of my app. I only found out when the desktop client kept timing out with 502 errors and after asking on Twitter, found other people were having issues too.

It's there on https://status.signal.org/ though.

There is a banner in the Android app, not on the desktop.
The desktop app shows a yellow "DISCONNECTED - Check your network connection" warning. They probably should work on better error/status reporting in next version.
Yeah, I'm using Android but not seeing a banner in the app.
For me it's the other way around, haven't had any banners or anything on Android, whereas the desktop client has, and messages have been throwing 50x errors, while the mobile messages just seem to take ages to send.
I didn't see the banner in the Android app until I tried to send a message.
You on android? No such banner on my ios client.
I see the banner in Android.
fwiw I do not see the banner on android. That being said, things break. Breaking in a way you can notice it's broken is good, but pobody's nerfect.
I did see it on iOS
Not sure if it's only showing on Android but I had to attempt to send a message first before it showed.
I'm not getting a banner on iOS either, however when I try to send a message it fails with a red exclamation mark in a circle saying "Request failed: service unavailable (503)"

Edit: A few minutes after the message failed to send I got a yellow banner stating that the service was experience interruptions.

However the banner disappeared shortly afterward, so it would have been easy to miss.

Last time WhatsApp was having issues, a “Connecting” banner was shown permanently on the app and all outgoing messages displayed a clock instead of a tick, showing that they weren’t reaching the server.
I've personally had (many) more signal issues than WhatsApp issues, and not one of the signal issues was accompanied by a banner.

I am not vouching for WhatsApp. I just don't think we should pretend that Signal is more reliable than it is.

heavy user of whatsapp and I can't recall having any issues with whatsapp ever. I'm a heavy user of signal as well and... it's a bit crap honestly. I actually needed to transfer a file to a client today and was strongly relying on signal for that...
There was a CDN issue for media about a year and a half ago. Can't recall about issues with messaging
No one told me about anything. All I get is an error about checking my internet.

My internet's fine.

I can understand not having 100% uptime, but going on 10 hours now and this is really not leaving me with a good impression.

I can count on SMS; I can't count on this.

[EDIT]Now I'm not even getting that specific error; my messages are simply failing to send (ios, desktop/windows)

I noticed this in messages taking about 30s to confirm sending. But the service has been reliable and clear feedback when messages are failing
I still get notifications about incoming messages, just can't read them because the app rejects my passphrase. This has been going on for more than an hour now. If they aim at picking up whatsapp refugees, this is pretty bad.
good for them to be open about it because it’s easy for internet weirdness to be suspicious these days, my buddy just about shat a brick when a message with the newly leaked video from Fulton GA suddenly vanished: https://www.bitchute.com/video/lep8A5YTQ0P3/
I'm curious how a link to a Fulton County board of elections surveillance video has anything to do with Signal's availability issues.
Did you read the rest of the comment? Without the link for context and given recent censorship of this kind of stuff I figured it might have seemed a little bit paranoid.
They are not Telegram. They can't handle millions of users in a short period of time, although it's not on them, it's Telegram's magic.
I think it's less magic and more the lack of E2EE.
I'm not familiar with encryption and how does either of services work on the backend, but shouldn't E2E happen on users devices? (like... end to end). And if that's the case - how does this impact Signal's infrastructure?
- You need to orchestrate key exchange between clients which is additional overhead (probs negligible).

- Messages can't be edited so any corrections made by users need to be entirely new transmission over the wire (probs negligible)

- Encrypted data can't be effectively compressed, and compression before encryption can lead to side-channel attacks. You can generally mitigate this by building your compression and encryption together (e.g. SSL does this), but not entirely sure this works for Signal with an E2EE arch. Either way I would assume that E2EE payload sizes transmitted over the wire are larger than stuff sent over the wire with GZIP/SSL (as Telegram is probably doing).

- MAIN REASON (my guess): group chats in the Signal protocol require sending a different encrypted message to each participant, rather than a single identical message to all participants. Honestly my algorithmic complexity chops aren't the best, but I think that would make Signal group chats O[2n] while Telegram group chats are more like O[log n], if they utilize clients sending the group chat to each other, which is a crazy level of difference in efficiency for what is effectively the same thing and a pretty common use case (group chats).

Long story short, secure things that are hard to mess with are less efficient than things that are easier to mess with. This is why blockchains like Bitcoin are much more lethargic than a normal database – there are some necessary performance trade-offs required when you want high levels of security in your system. There are a bunch of small little things that probably aren't a big deal, but every little bit adds up when you're trying to scale a service to millions of active users / billions of messages.

Didn't Signal just have a couple hundred percent gain in users, on TOP of the hundred+ percent gain in users that Telegram had? Signal is on top of both of the primary app stores.
(comment deleted)
They are (were?) hosted partially on Amazon, which should be able to scale quite nicely.

If the system is built for it, that is.

Though on 2018 there was some noise from Amazon about stopping their hosting due to practice called "Domain Fronting", no idea what came out of it. At least signal.org is hosted on Google.

Nice workaround for Android users: tap and hold the send button to switch to SMS (insecure but still)

https://support.signal.org/hc/en-us/articles/360007321171-Ca...

You'll keep all your message history in Signal that way. Good to know when your contact don't have an Internet connection, too.

I use the Signal app as my default for everything because of this feature (secure communication with Signal users and insecure SMS with non-Signal users)
What a workaround. SMS are not encrypted, cost money, have a length limit, don’t support images or groups...
I didn't know some places still charge for SMS
I think they charge for SMS pretty much anywhere outside the US.
Wow, thanks for the info. That stinks!
(comment deleted)
No one pays for SMS in France. And probably in most European countries.
No its the other way around. Americans were still paying to receive phone calls when most other places were on unlimited SMS.
My plan comes with unlimited SMS (Three in the UK).
Germany still pays for SMS, nobody here uses MMS because its so expensive.
It's the reason why Whatsapp became so big in Europe.
I wouldn't call that a nice workaround. Doesn't work for group messages or people that don't use signal for SMS.
> You'll keep all your message history in Signal that way.

The NSA will have a copy too, just in case you lose yours!

> The NSA will have a copy too, just in case you lose yours!

They should offer a paid subscription service for data retrieval, in case we do lose our copy!

(comment deleted)
FYI - check the JRE ep with Moxy Marlinspike:

https://www.youtube.com/watch?v=OZ0NkT6gbP0

https://open.spotify.com/episode/2uVHiMqqJxy8iR2YB63aeP

===

(Clearly downvoted by idiots who didnt even watch the short edit about signal...

HN has an arrogance problem... Moxy Marlinspike is the founder of signal - and he talks about why he did so...

Listen to him...)

a lot of people are pissed about the podcast moving to spotify as well
Why? Youtube is trash now...

For example, I have never once received a "you should watch this as well" decent recommendation from Youtube, the sidebar is absolute garbage and cant even keep the concept of a topic-thread... Youtube is total trash.

Are you logged in? Because I don't think they tailor their recommendations much to non-logged in users. I get lots of recommendations that end up being good videos.
I'm working on another open source Messenger on Signal protocol. https://mixin.one/messenger
Signal is having difficulties because of load. Does your messenger have ways of reducing load?
Is it possible to switch to backup Signal server within app? i'm researching running my own in emergencies.
Signal is totally centralized. The server is (if I recall correctly) open source, but if you were to run your own server, all of your contacts would have to be using your server too in order to communicate with them.

I assume that the hostname(s) of the central Signal servers are hardcoded in the app somewhere, since they're not meant to be replaced.

Server is open source but good luck setting it up. There is no documentation for it. Also, they have intentionally excluded the option for clients to connect to alternate servers. This stance really rubs me the wrong way. I love the Signal protocol, everything else is kinda meh.
> Also, they have intentionally excluded the option for clients to connect to alternate servers.

Since Signal doesn't federate, if you switched your client to an alternate server you would be unable to communicate with the 99.9% of people out there using the official Signal server. Signal isn't going to give a UI option that is certain to cause frustration and bafflement for the vast majority of users. Those wanting to use an alternate server are probably a small nerd niche who already know how to fork the client.

This is a perfect time to learn about using matrix... which is how I told my friends that I usually talk to on signal that signal was broken.

It's actually decentralized so like email only one server goes out at a time.

How does this change things for the user though. E.g. in email it doesn't matter if your email is down or everyones email is down, you're not switching to a new email host every time yours goes down and you don't particularly care if someone else can communicate while you cant.
That's true, even if only 1% of users are on each of 99 servers while the rest do something else, 1% of users will be frustrated when their server breaks, like with email.

Good point.

Hopefully it'd teach them a lesson to stay humble after their stupid recent tweets laughing at whatsapp indirectly.
Why not do a some kind of lazy P2P instead of proactive P2P?

IIRC, Signal calls are P2P.

I believe the calls still require the server to bootstrap to connection but I could be wrong.
Wait, so I can geolocate someone and figure out their ISP by starting a Signal call? Great feature, I love it!
Yes, if they pick up, but you can disable p2p in the settings.
Calls can be relayed through Signal servers:

> Always relay calls:

> Relay all calls through the Signal server to avoid revealing your IP address to your contact. Enabling will reduce call quality.

https://jami.net/ decentralized, encrypted, p2p, no phone number required.

I'm not sure why nobody uses it.

Because it's incredibly unstable, and horrible to use? Yes, tried it, even earlier, when it was called GNUsomething.

EDIT Ring. It was called Ring.

This is not good. I've moved so many people over in the last week. For purposes of getting them invested, this is a truly inopportune moment for an extended outage.
But it’s par for the course for newly popular services. Some don’t survive the popularity and some thrive in spite of the degraded service. Signal will figure it out. All the best to the engineering team at Signal right now!
>But it’s par for the course for newly popular services.

It is, but most consumers don't care, they just what their stuff to work 100% of the time as frictionless as possible, and, on top of all things, for free. Otherwise they just run back to the usual free surveilanceware.

I've tried and failed to convince some young, highly educated zoomer friends with good incomes to move away from WhatsApp and Facebook and even when I told them "Look, they're basically spying on you" they just brush it off and say "I don't care, it's fun, easy to use and all my friends are already there".

Ironically, it was easier to convince my boomer parents to move to Signal and they also understand and agree with the tradeoffs and extra friction for the sake of free privacy but younger people just want to be where their friends are and not feel left out (remember the blue vs green bubble stigma on iMessage).

Young people are (generally) fans of corporate governance and government overreach. It's older "boomer" types who feel threatened by the new religion of sensitivity and cancel culture who worry about corporate governance and government overreach.

Please don't be pedantic on my comment and try to understand the general picture I am painting, you'll find the gist of the comment to be true even if I didn't articulate it super well. Thanks.

Using Telegram is a rational decision if you want a service that's good at fun conversations. Signal's value proposition is _secure conversations_ and it does that much better than other services. "Fun" is not part of Signal's value proposition. More people want/need fun conversations than need secure ones. Regardless of what people "should" want, Telegram serves people's mundane everyday needs materially better than Signal does. "It's fun and the people I care about talking to already use it" is a compelling value proposition, not a frivolous one, given people's everyday needs.

The more someone cares about security and is willing to trade away other good things for security, the better a platform Signal is — but remember, this also flows the other way.

Why are there so many Telegram fanboys astroturfing in this thread? This thread has nothing to do with Telegram.
I'm a little confused because you brought up Telegram specifically.

WhatsApp and Facebook Messenger offer the same level of security as Telegram. In fact, I think WhastApp is more secure since it does E2E encryption by default.

It's true that Telegram is about "fun" and not security. I just wasn't sure if you tried to imply Telegram is like Signal with a focus on fun as well, or you just meant most people don't care about security and would rather have fun chats?

Telegram has optional E2E encryption (as does WhatsApp) which puts it ahead of Facebook Messenger. Unlike FB Messenger and WhatsApp, the company behind Telegram so far doesn't have a history of selling your personal data. I'd say it's fairly competitive, though obviously not ahead of Signal
> Telegram has optional E2E encryption (as does WhatsApp)

WhatsApp, for all its faults is E2E-encrypted by default and all the time.

Not that it helps much unless you avoid activating backups and convince all your contacts to avoid backups.

I don't like WhatsApp (anymore), but we should stick to the facts.

Thanks for setting the record straight. I actually thought you needed to opt in (was that maybe how it worked when they first added it?) but I'm glad to hear it's always on
Facebook Messenger also has optional E2E encryption in a feature called Secret Conversations which is very similar to Telegram's Secret Chats. A big difference though is that Facebook uses the Signal protocol while Telegram rolled their own.
> WhatsApp and Facebook Messenger offer the same level of security as Telegram.

If you look only at encryption, WhatsApp is even better.

Once you factor in the fact that all your metadata is vacuumed into Facebooks data lake and that it might very well end up in Google Cloud if either you or someone you chat with activate cloud backups.

Now that you mention it, I _did_ fail to explain why I brought up Telegram. My bad, thank you for calling me on that. I mentioned Telegram particularly because in my social circles, Telegram is number one by a long shot in terms of "people just want to be where their friends are and not feel left out." I should have actually said that, rather than jumping to the next part of the idea.

(I am not here to defend Telegram's portrayal of itself as a secure messaging service — Telegram is grotesquely bad on that axis)

That’s interesting. Do you live in a country where Telegram is particularly popular? Here in the US I don’t think I’ve ever even heard of someone using it. I don’t even know what the app icon looks like. My social circles are on some mix of Messenger, iMessage, Signal, WhatsApp, and if you count coworkers as social contacts, Slack.
not op and aware this may not be representive, but i share the preference for telegram as a just-works, "fun" and high-penetration messenger with whatsapp as a first and sms as second compatability fallback. this beeing in germany.

tg is light on resources like phone storage and bandwidth (and hence money) and has excellent multidevice support.

apart from that i don't belive one can have a seriously private conversation involving a device running popular versions of android/ios.

I don’t believe fun conversations are mutually exclusive with secure communications. You can have fun conversations with them being secure from prying eyes.
Strongly agree with this. However, I also believe that there is no existing service that does both well.
Actually all the non switchers now see that there are really a lot of switchers. It's even on mainstream news websites here. I see this as a win.
Loved ones. Especially seniors. Are the easiest to convince

You carrot them with a unique way to ping you, over tech no one else has, and they see it like an intimate connection with you

I had my elder parents and SO use it for years before friends i consider privacy aware and tech savvy... For years

Added benefit: its a lot harder to share memes over a young network with no traffic.

I guess that may change now....

Never looked at it this way but 100% true in my case. Got my parents on Signal three years ago and they have been perfectly happy.
Did you try to tell them "Ten years from now, your future you might care", as this is really what privacy is about.
One of those annoying Telegram users here.

I too wish Signal engineers good luck!

(Even if I personally mostly use Telegram and hope for Matrix to "win", Signal is a fantastic piece of software as far as I can see, both as an extremely secure (I think) messaging client in its own right and also as an inspiration for other messaging platforms.)

Telegram is not a secure chat application though. It's more similar to Facebook Messenger. You're better off using WhatsApp over it if you care about security.

Or obviously Signal.

When it comes to Matrix, it's a little trickier. Riot, the most common Matrix client does E2E encryption on DMs and invite only rooms. What I'm not sure is what happens if you send a private message to someone who is using Matrix client that doesn't do E2E. Will it fail to send? Or will it like fallback to not encrypted?

It will be sent encrypted, and the receiver will only be able to view it if they are on an encryption-capable Matrix client.
> Telegram is not a secure chat application though.

Fun fact: I didn't even write that.

The rest is not so much for you personally as for a number Signal fans:

I get it, I get it: Signal is best. But seriously: do you Signal fans have to derail every conversation?

Do you have to take a jab at every other messenger at every given opportunity?

Or can we agree that there's room for more than one solution? Because physical mail, email, irc, Telegram etc are probably going to stay around for a long time, at least until Signal solves:

- large groups

- backups

- grows a stable messaging API

- creates a Bot api

- and starts teleporting physical goods

- etc

Until Signal solves all this we are going to have to deal with other mesaging solutions.

Deal with it. Seriously.

Yes: Signal is probably the most secure now IMO.

No: talking down other messengers doesn't make it better.

@dang: apologies in advance. I've tried hard to keep it polite.

There is an already ecosystem on Telegram bots, channels and groups that lacks Signal, even if all my contacts move to Signal i would still keep Telegram only for those features and many more.
Exactly my point.

We are going to have to live with various systems for a long time, IMO hopefully "forever" since competition typically often does wonderful things.

> But seriously: do you Signal fans have to derail every conversation?

I don't really have a horse in this race, just a guy who was scrolling through these comments and was struck how rude and ridiculous this remark is.

You're in a discussion thread for an article about Signal. You're the one who brought up Telegram and now you're having a little fit and accusing Signal fans of "derail[ing] every conversation"? This conversation is about Signal. If you didn't want people comparing it to Telegram, why did you bring it up?

> You're in a discussion thread for an article about Signal. You're the one who brought up Telegram

This would be a good point, if it wasn't for the point that the only reason I brought up Telegram was to say I was a Telegram user cheering for the Signal team!

> do you Signal fans have to derail every conversation?

I know this happens a lot in other threads about other messengers, so it's probably a fair comment. But I find there is something ironic about someone commenting on a story about Signal that they use Telegram and then complaining that other users talking about Signal are derailing the conversation.

What happens is that the client which doesn't do E2E can't decrypt the message and shows an error. I use fractal and this is what happens there.
I"m not saying this is what happened this time, but I would suspect we'll see a lot more outages of encrypted centralized chat like this as nation states try to prevent general society from moving away from the social media websites almost solely designed for mass surveillance.
https://www.nytimes.com/2021/01/13/technology/telegram-signa...

> The result was a mass migration that, if it lasts, could weaken the power of Facebook and other big tech companies. On Tuesday, Telegram said it added more than 25 million users over the previous three days, pushing it to over 500 million users. Signal added nearly 1.3 million users on Monday alone, after averaging just 50,000 downloads a day last year, according to estimates from Apptopia, an app-data firm.

> “We’ve had surges of downloads before,” said Pavel Durov, Telegram’s chief executive, in a message on the app on Tuesday. “But this time is different.”

As someone who semi-fondly remembers the Twitter failwhale, I really don't think a more conspiratorial theory than "a few million people suddenly tried to jump on" is required here.

Hey, who let the Signal devs write their backend in Ruby on Rails? :-p
Where can I read about the signal server-side architecture? Is it open-source as well?
The server is open source https://github.com/signalapp/Signal-Server

Java/DropWizard app

the issue could be network or database related
This cannot be what they are running in production though right?

And this is also not open source for my understanding: * Last commit was on 2020-04-22 * only a single committer (moxie-signal) * only „bump version to xyz“ commits * not a single PR is getting merged but all are just closed (one references „pr was created on wrong repository“) * not a single code comment in what I saw so far * there are also references to AWS and GCP but I could not find any reference to Microsoft/Azure (where their current IP is pointed to)

Is there some other place where the „real“ open source process is happening? Maybe some sources how their production architecture looks like?

Edit: here is a lot explanation for this https://www.reddit.com/r/signal/comments/kxusy8/signal_needs...

(comment deleted)
Agreed, there is a simple & likely explanation for this outage, being a huge increase in user base worldwide.
πr²
You're not stuck in the traffic jam, you are the traffic jam
I think Elon moved more users than the user you quoted.

EDIT: We know it was a joke. Maybe you are downvoted because of your username.

(comment deleted)
I haven't moved any friends in the last week, but I've gotten lots of notifications in Signal of many friends joining this week. Hopefully it just requires some simple modifications of some parts of their infra that they didn't realize were scaling bottlenecks.

Based on my friends, mostly foreigners and English-speaking locals here in Hong Kong, Signal has grown about 20% in the past week.

I'm a new Signal user myself (maybe six weeks or so). In the past week there's been a huge influx of my contacts joining Signal.

I will continue to use iMessages for my iOS contacts. For SMS people I will gently nudge (hey, have you tried Signal? and then let the convo go where it does) and then use Signal as the primary for those people.

Is SMS still popular in your part of the world? I literally haven't gotten an SMS from a human in the past 9 years. Here in Hong Kong, SMS is how your bank sends notifications, and for spam. The chat space is vastly dominated by Weixin/WeChat and WhatsApp.
In the U.S. I’ve never had anyone suggest messaging other than SMS, FB, or (long ago) Twitter.
United States. I'm 37.

99.9% of messaging (for me) occurs via iMessages or SMS. FB Messenger is occasionally used for people who are more acquaintances (don't have their phone number).

I don't really have a good reason to not use iMessages (blue bubbles). Reasonably secure and Just Works. SMS on the other hand.... my least favorite part of SMS (besides the complete lack of security) is that media messages are crippled in quality. Photos and videos are compressed and distorted beyond belief.

United States too. Same feeling that most messages are iMessage or SMS. But as one of two extended family members with Android against ~10 with iPhones, for me iMessages are pretty horrible. They mostly work most of the time, but frequently there are glitches on glitches. SMS between Android phones are rock solid. Just a single data point.
> SMS between Android phones are rock solid

not just android, they work with every mobile handset even with the poorest reception or (even lack of) data-plan.

i use ~200 sms per year, pretty constant since i got my first mobilephone.

kinda sad we didnt come up with something better thou.

It's an interesting anecdotal-metric. I've seen Telegram to Signal signups at about 5:1 for my contacts.
Signal grew 5x in one day[1]. A week before Musk amplified the WhatsApp story with his "Use Signal"[2] tweet. It then did the rounds on MSM. WhatsApp shoots itself in the foot (though IMO it's a blip in their stats). Parler (thankfully) has been kicked off AWS. All good news for alternative messaging technology.

https://twitter.com/signalapp/status/1349577579091566592

https://twitter.com/elonmusk/status/1347165127036977153

edit: as daniel_sk points out this is not a x5 increase but crossing the threshold from 10+ to the next 50+ mm downloads.

Google Play has 10m+ and then 50m+ step. So if you have 40m users then you still are in the 10m+ bracket.
thanks I didn't know this, so it's most probably not a x5 increase but just a cross of this threshold.
Yup, and it's not like Signal should be surprised with it. The influx has been happening for a while now and it seems like they were incapable of handling it. I have no idea how I'm going to defend them against all my family members I somehow managed to convert from WhatsApp to stay on this platform.
It’s an FOSS teaM working around the clock to support... let’s not be mean I’m sure they are doing all they can to get this resolved
It's only FOSS by appearance really - it's still a team of well-paid engineers that operate like any other startup, with the difference that you can read the code of their apps and the bug-tracker is public.

They operate on their own schedules and priorities, and it's tricky to get your PR into any of the clients.

Whatever reasonable excuses the signal team has are completely irrelevant from the perspective of casual users.
(comment deleted)
I'm not sure a 5x+ growth in under a week is really "for a while now". If anything I'm surprised they've kept it together this long. The growth looks more like an exponential function too, so that's even more difficult.

Good luck Signal team!

As much as I'm cheering for Signal, yes this was absolutely foreseeable.
From their tweet:

> We have been adding new servers and extra capacity at a record pace every single day this week nonstop, but today exceeded even our most optimistic projections. Millions upon millions of new users are sending a message that privacy matters. We appreciate your patience.

https://twitter.com/signalapp/status/1350165610936766464

They've seen it coming, just never expected this much new traffic.

Same here!

Last night a friend from India popped up on signal. I told him "Welcome!" and he said "You finally wore me down, I've left WhatsApp and I'm trying to move my family off of it..."

You should considered Telegram instead.
Telegram is insecure and also being swamped with right wingers. Doesn’t seem promising.
> also being swamped with right wingers

So is Signal. 'right wingers' are everywhere.

Right. But one of these is secure and the other isn’t. State action against telegram is eminent.
These users who are coming from these platforms (WhatsApp, Telegram) don't care about that. If Signal is still unable to stay online then the users will leave and they will try the second best option. (Even if it is less secure).

This has now become a usability and reliability issue for Signal.

We had better hope that those who are silenced always have some sort of forum to go to, lest violence become inevitable.

It's almost as if that's what the fascistic censors want.

Eventually, those who aren't considered desirable will seek out decentralized, permissionless, alternatives. Kind of like how 99.999999% of crime is funded by FRN cash, rather than AMEX.

The censorship will lead to permissionless, anti-fragile, forums.

Yeah; almost half the users are right of center.
i have so much fun in public websites seeing americans fight over right and left. its good entertainment. keep it up.

anyways. It will be really difficult to convince my friends to remain on signal. At least they are technically sound. Thinking an excuse to come up with though. i donated money today too.

Indeed. Especially considering that US left would be sort of mid-right, or at best centre-right in most parts of the world.
I should leave because some people I’ll never talk to on it have right wing views?
Yeah I've been grinding my teeth thinking about exactly this all day. :(
I read the message differently. It looks like there have been so many people wanting to switch, that Signal was overwhelmed by the new demand.

I don't know if it is true, but for your peers it certainly is a different story to tell them about all the people who are switching than just about a service who had an outage. Hopefully, the next days will bring some light to the cause of the outage.

They managed to jump from 10M installs to 50M in a matter of days, and that's just on Android.
Thousands of people are joining Signal after hearing about the Whatsapp privacy policy changes, but the irony is that a significant portion of these people (if not the majority) still use Facebook, upload photos and stuff, chat on messenger, with that app, installed on their phones alongside Signal. Most people don't actually realize why should they be worried about corporations collecting their data. I wonder what fraction of these people will stick to Signal. Signal is adding new servers, lets hope they dont need to retire these in the coming days.
It's great! Everyone I 'converted' is now thinking about the implications - from many different angles. Any outage for a few weeks is a win for humans and a huuuuge kick in the nuts for the twats.
> This is not good. I've moved so many people over in the last week.

Please stop moving people to centralized services.

If only decentralized services worked as well as centralized ones..
Yeah it kinda pisses me off constantly reading about how decentralised messaging, or ad-hoc wireless mesh networks, or whatever it is, is the way to go.

That shit works on a small scale. Serving the entire planet needs hierarchy and co-ordination.

Doesn’t necessarily mean everything has to be completely centralised, but some of the woolly wishful thinking you come across is not based in the real world.

I agree. This happened with Pokemon GO, at launch, but the reasoning is the same: "we didn't think there'd be that many users." Took almost a month to become stable. Hopefully Open Whisper Systems will get on it faster (I have confidence, for whatever that's worth).
Same here I had a group of about 15 ex colleagues I keep in touch with and managed quite easily to convince all of them to get Signal about 2 weeks ago. They’re all back chatting on Facebook and some are claiming that WhatsApp won’t be sharing data because of some European court case. AKA rationalising their negligent behaviour with regards to their private data.

These are all people who have completely abandoned Facebook for WhatsApp and Instagram.

Same here. I moved a lot of my contacts and several groups over to Signal. And this happened. I'm fine with the down time, I don't have any urgent communication needs and if I did, there are other ways to contact people (SMS, email, WhatsApp, etc.). But I feel like I owe these people an explanation about this. An explanation where I say, "Hey look, there are no guarantees this won't happen in the future, but should still stick to this one". I'm not very good at writing and hoping to find something that I can use :)
Is this being caused by the tons of WhatsApp users joining Signal ?
or parler users, or twitter users, or disgruntled telegram users. could be multiple issues
My wife out of the blue just started asking if she should switch from WhatsApp to signal. What’s causing the exodus?
WhatsApp updated/clarified their Privacy Policy, which states they share PII with Facebook (their parent company).
Surely it’s not this alone. Most of the people who seem to be switching that I know still use Facebook itself anyway?
If you want more context/discussion: https://news.ycombinator.com/item?id=25662215

The background here is that WhatsApp previously stated that they would never share user data for profit, i.e., not selling ads [1]. Reading that blog post leaves a sour taste in HN's collective mouth, because not 2 years later they would get acquired by the ad giant Facebook and now mandate that users agree to share their data with FB. The wording made it seem like accounts that didn't agree with the new policies would get terminated on February 8th.

A few days later, WhatsApp posted [2] that their update was misinterpreted by users and media, and that the clarifications to their policies were to increase transparency. They also pushed the ultimatum for a few months.

[1] https://blog.whatsapp.com/why-we-don-t-sell-ads

[2] https://blog.whatsapp.com/giving-more-time-for-our-recent-up...

Can you ask your wife?

Does she have any Q/Right wing/Parler friends?

I remember years ago back when I still used WhatsApp when there would also be temporary outages due to huge increase in traffic/popularity. Growing pains. I would have hoped, though, that the engineers at Signal would have foreseen this and would have been prepared.
Quite feasible no competition is allowed and they resorted to DDoS the new neighbor. Support government backdoors or get hammered.
After getting burned by Keybase, I didn't even look at Signal. I am curious to see how Signal works in the long term without a revenue model.

I paid for Matrix and got my team on it, working great.

The nice thing about paying for something is you know what it costs.

How did you get burned by Keybase? An outage or something else?

I know in their own terms they basically say “we can delete your account, but we won’t”. I chuckled and never bothered.

I'd estimate that Signal is a fair bit better than Keybase since the latter wasn't end to end encrypted in the first place. But since you're on Matrix now, of course that's self hosted and as stable as you make it yourself. Decentralization for the win, kudos for going with an even better solution (even if I disagree about Signal not being a stable choice)!
> since the latter wasn't end to end encrypted in the first place

I’m pretty sure keybase is end-to-end encrypted, at least that’s what they are claiming. What makes you think it isn’t?

This makes me think it isn't: https://security.stackexchange.com/q/222055/10863

> after [installing the Keybase app] and starting a chat with your friend, you still need to verify that the server sent you the right encryption key. Since you can't host your own server, it has to be the Keybase, Inc's server that sends you the encryption key of your friend.

> there is no way to display [the 'signature chain' of the person I'm chatting with], I have to trust the server to send me the right key. [Yet the client] displays a banner above the chat saying "end-to-end encrypted".

The whole point of Keybase is that you could verify the keys that the server sent you by looking at signed statements posted on third-party websites. That verification happens client side.
Read the post. I've had this discussion dozens of times now, everyone repeats the same arguments, all based on what Keybase puts out, never checking anything for themselves or even logically reasoning about how this could work (for those who bring up blockchain instead of third party proofs). There's a reason I link the information you're looking for, you don't even have to check it for yourself anymore.

> It was mentioned on hacker news that the app should check third party proofs by itself. This is not exactly what end to end encryption means since it still relies on third parties, but nevertheless, having to [compromise] 2 or more companies' servers before being able to MitM someone's keys (which are additionally TOFU'd) should give quite some confidence.

> However, when checking in Wireshark whether it actually does this (ask the Twitter API for the proof string and verify the signature with the the public key it received from Keybase), Keybase on my phone did not contact Twitter at all. (It did, however, proudly proclaim that the new chat was end to end encrypted.)

> The packet capture started before the username was typed into the search field on the test device and ended only after Keybase completely established the chat and claimed it was end to end encrypted.

> It is deemed implausible for the mobile Keybase client to simply have downloaded all signature chains from all users that exist on Keybase and to have checked all their proofs prior to starting the packet capture. This is the only way I can think of how the third party hosted proof could have been verified prior to the packet capture.

I'm curious, are there any apps out there that you don't have to host yourself that you do consider to be end-to-end encrypted?
What kind of a question is that? Of course there are, and self-hosting does not replace key verification.

- Wire

- Signal

- Jami

- Matrix/Element with central servers

- Threema

- Briar

- WhatsApp if you turn on key change notifications

- even Telegram secret 1:1 chats on a client that supports these kinds of chats

- anything you add OTR or PGP to... and the list goes on

You just need to do key verification, since key distribution is an unsolved problem in cryptography.

Uhm, Keybase is totally E2EE. Were you thinking of forward-secret (which Keybase chats are not by default)?
No, that's not what I was thinking of.

> after [installing the Keybase app] and starting a chat with your friend, you still need to verify that the server sent you the right encryption key. Since you can't host your own server, it has to be the Keybase, Inc's server that sends you the encryption key of your friend. [...] How does this work with Keybase?

> there is no way to display [the 'signature chain' of the person I'm chatting with], I have to trust the server to send me the right key. [Yet the client] displays a banner above the chat saying "end-to-end encrypted".

It's all marketing department with a sprinkling of blockchain magic.

https://security.stackexchange.com/q/222055/10863

I was tempted to self-host, but went with https://element.io/matrix-services

If I had an IT department and a secure server center I would for sure self-host. In the mean time I will get used to the tech and support the cause

Paying for something doesn't really tell you anything.
It tells you that there’s a sustainable business model. Less ambiguity often translates to more comfort.
Not really, ive paid plenty of subscriptions to services that later shuttered and not paid for plenty of things long kicking. And vice versa of course.

Ambiguity goes away by understanding the total finance model not by knowing you paid 5 bucks.

That being said I'd like to at least cover my cost to them to see it better grow. A payment isnt the same thing as that though it only tells you you at least paid a portion e.g. buying a smart tv doesnt mean you now know the tv cost less than that to make.

Non-profit 501c3 is a sustainable model. Plenty of non-profits span decades.
Counterexample: Wikipedia.
True. However, every year they send a campaign that makes it sound like they absolutely will not survive.
Which is/was a lie - they always had more money than they could spend. (They reduced the aggressiveness of their wording over the past years in response to criticism.)
Keybase is now owned by Zoom.
Just a friendly reminder that Signal runs on donations and that if you can go and give them some money: https://signal.org/donate/
Or that you can use that money for a Matrix server instead of supporting centralization.

Element is less polished than Signal app but they've been catching up quite fast. If you and your friends aren't locked into the Signal ecosystem yet, might be worth considering, especially if you're techies.

Which Matrix server?
E.g. OVH, Hetzner, TransIP... idk whatever kinda server you like. Or repurpose an old laptop at home, for a few Watts you get something that's usually more powerful per ¤ than a VPSes (or "cloud instances" in newspeak). Then install a Matrix server, add your domain, and you've got your own Signal alternative.

Or just use the standard matrix.org home server if you're just trying it out / don't mind a not-super-fast home server. Or one of a dozen public Matrix servers: https://www.hello-matrix.net/public_servers.php

IRC all over again. I don't see this taking over until someone comes up with its Gmail.
'its gmail' is matrix.org. It is the default server when you start up Element.
Exactly. There's no reason to run your own server aside from supporting the decentralized nature of it (or wanting to be 100% in control).
Matrix comes up a lot but even Signal is often called not polished enough. And for matrix onboarding is hard for techies and I've had zero chance for the general public. Fine to push it towards techies, but my grandma can't figure it out but she can Signal. Push matrix when it's more polished but right now it just feels silly to push it.
Unfortunately very true, so although I'm not a big fan of Signal's centralization and USA-based metadata processing (I'm not from the USA), I'll probably end up moving my family from (now) Telegram to Signal.

Alternatives would be Threema and Wire, but Wire has the same main issues as Signal and Threema doesn't have video calls nor a desktop client and an unusable web client (deal breaker for me: you need to navigate two menus on your phone to reconnect every time your phone connects to another wifi or you suspend your laptop or anything).

> USA-based metadata processing

Do you mean that they have servers in the US? US based company? They don't leak metadata, that's the difference between Signal and Telegram/WhatsApp. If the encryption is good it shouldn't matter what country the company or servers is in. That's kinda the point of encryption...

You connect to AWS when you connect to Signal. That means the USA is the government with the most influence on Amazon to have taps placed or connection logs handed over.

They can do sealed sender stuff all they like, but when 10.0.1.1 sends a 17-byte message and the server then sends a 17-byte message to 10.0.2.1, and a minute later 10.0.2.1 submits something to the server of 48 bytes and then 48 bytes are forwarded to 10.0.1.1... traffic analysis based on a tap of a Signal server isn't rocket science.

Still, it's the best we've got for non-techies. Better than handing over more metadata to Facebook. Even if the jurisdiction is the same, the company (Signal Foundation) is better and is known to collect almost nothing historical by themselves. Other than, say, your real-life-identity-tied user ID of course. (In many countries, phone numbers are given out only after passport/ID verification.)

> You connect to AWS when you connect to Signal. That means the USA is the government with the most influence on Amazon to have taps placed or connection logs handed over.

I'm not an networking guy but can you explain this more? I'm actually curious and what better place to get actual info than HN? If you have a sealed sender then shouldn't this be impossible? Shouldn't the size of the message be sealed as well and when the message is received you'd see that 1) it is signed by a different key and 2) the message size doesn't match? Shouldn't this be rejected? 3) Shouldn't this also apply to any app because traffic is going to bounce through some US based (or US company owned) server? My understanding is that sending data from San Francisco to Berkeley can route through Seattle or Tokyo depending on optimal routing, server configurations, and loads.

> Other than, say, your real-life-identity-tied user ID of course.

This is why I'm excited for the usernames. They are promising them this year.

Agreed about being optimistic about usernames. I'm hoping it'll be what we expect, I hear different things from different people but frankly I also have been too lazy to actually look into it (I feel like I'm always the one doing the digging).

> Shouldn't the size of the message be sealed as well

To hide the volume of data being sent, you need to limit how much data you can send. How would you hide from the relaying server how much data you're sending without adding dummy data? And if you add 0-500 bytes of dummy data every 5 minutes, then whenever you send >500 bytes or send a message more often than once per 5 minutes, the server still knows that it was an actual message and its size, and you can start to do traffic analysis.

> Shouldn't this also apply to any app because traffic is going to bounce through some US based (or US company owned) server?

Um, when I message my friend whose Matrix homeserver I'm using, the traffic involved is:

1. DNS lookup of a .de domain (does not reveal message size or anything else, even if I were to use Google DNS and reveal my home server to a USA company)

2. TCP connection to a German server

3. More traffic to his German server

And same on the receiving side. Unless one of us travels to the Americas, it's not likely to ever pass through the USA. That isn't to say that American agencies might not collaborate with European agencies or even tap European land-based connections, but it's harder and would not be an option available to criminal (or civil, for that matter) investigations due to the disproportionality of the method.

> can you explain this more?

I'm not quite sure what's unclear about it, but I'll give it another general shot. Imagine you see this traffic log, where A/B/C/D are different IP addresses. You see various people sending data of various sizes (you don't know who's who, but everyone connects from their own IP address, or in networking terms, a TCP tuple). Since the server is just pushing messages from one contact to another, like if Alice messages Bob, it will always forward a message as soon as possible.

    00:00 A -> server: [17 encrypted bytes]
    00:00 C -> server: [29 encrypted bytes]
    00:00 server -> D: [17 encrypted bytes]
    00:00 server -> B: [29 encrypted bytes]
    00:01 D -> server: [48 encrypted bytes]
    00:01 server -> A: [48 encrypted bytes]
From this, I would assume (without knowing any contents or anything else) that the subscriber behind IP address "A" is talking to the subscriber behind IP address "D", and that "C" is talking to "B". Now you can start building a social graph, which according to a paper I recently read (I could maybe dig it up again) needs only a few nodes before they can tell who you are, or they just ask the ISP (or in the case of the Netherlands, query the CIOT database[1]).

If you think that a "sealed sender" might hide your IP address, the answer is no because the packets somehow need to make it across the network to the right devices (or to the server for that matter) and then the receiver decrypts it.

[1] https://nl.wikipedia.org/wiki/CIOT only available in Dutch. TL;DR central mapping system of IP addr -> subscriber info, available at the police's discretion, updated daily.

What makes you think that Signal doesn't have AWS instances in other regions? (I haven't checked but given their popularity, I'm sure their servers are not just in the US anymore.)

> They can do sealed sender stuff all they like, but when 10.0.1.1 sends a 17-byte message and the server then sends a 17-byte message to 10.0.2.1, and a minute later 10.0.2.1 submits something to the server of 48 bytes and then 48 bytes are forwarded to 10.0.1.1... traffic analysis based on a tap of a Signal server isn't rocket science.

True, though with a bazillion connections going in and out of Signal's AWS instances every minute and additional domain fronting by AWS, the NSA would probably have to be inside the AWS datacenter to carry out their traffic analysis and even then it doesn't seem like a triviality to me.

Compare this to someone hosting their own Matrix node (which you're mentioning further down): In this case, it is clear that every message sent to that node has something to do with the node's owner. More generally, reconstructing a social network in a p2p network (without onion routing or anything like that) is much easier than doing this in a centralized network where all messages get routed through a central location. There's a reason why the guys from GNUnet have so far spent two decades on getting p2p right. (Though, of course, anonymity is just one of their concerns and not their only one.)

> AWS instances in other regions

Is still Amazon operating those locations, so I assume it's still the USA who's calling the shots. Please do prove me wrong if I am, this is somewhat of an assumption (even if I am fairly confident it works this way in practice).

Though perhaps I'm putting too much weight on this aspect, it's just that everything we do in Europe can be monitored through one USA organisation or another. It feels really weird when you think about the number of actually European services you use (very few) and how much money the ad machines are making with your data in the USA, how much that data is apparently worth. We're wholly dependent.

Domain fronting: didn't Amazon and Google say they were not going to do that anymore, because they didn't want to stand up for the organisations using it at the time? Some countries wanted to block certain services (was it sci-hub? TPB? Tor? I don't remember) and instead of standing up for them, they just banned domain fronting.

Therefore I'm assuming that one can see when a packet is actually intended for Signal and filter those out. From there, it should only be a very manageable number of packets, since we're only interested in the routing header and packet size.

One does need proper equipment to capture and filter multiple gigabits per second, but the attack scenario was more about legal interception (which you put in front of the server rather than in front of the datacenter) than about dragnet surveillance. The latter is indeed less applicable on non-USA soil, hence my saying Wire and Signal have the same issue but e.g. Threema does not, though centralization still makes it way easier (thus Matrix is king in this regard).

> reconstructing a social network in a p2p network (without onion routing or anything like that) is much easier than doing this in a centralized network

Hmm, you mention gnunet and I'm not up to date there, perhaps you know something I don't, but this doesn't seem quite right to me.

Sure, once you know who is running a server, you can install a tap and learn whom they are talking to. Way less traffic than doing surveillance on a Signal server, I'm with you there. But you do need to figure out who you're interested in first. The way that I understood these metadata targets work, is that you take a popular network (say, WhatsApp) and check who talks to whom. Anyone within 3 degrees of a suspect is now also a suspect if I remember and understood USA law correctly. But if there is no single central service, you need to install a lot of taps or capture the right internet backbones to get close to the same information.

And if you're serious about anonymity, if you're hiding from the police or an intelligence agency, then surely you'd host that server somewhere paid for without traces to your real name. Or use some public home server -- they still need to tap that specific home server rather than a centralized server.

> Is still Amazon operating those locations, so I assume it's still the USA who's calling the shots. Please do prove me wrong if I am, this is somewhat of an assumption (even if I am fairly confident it works this way in practice).

The whole point of Amazon operating datacenters in multiple regions is that, apart from improving availability of the stuff they host, datacenters outside the US get to be legally independent from US law. (At least at the consulting firm I work for we strongly advise clients to follow GDPR and use the European region only.) My guess would therefore be that European datacenters, for instance, are operated by Amazon EU S.à r.l.

> Domain fronting: didn't Amazon and Google say they were not going to do that anymore, because they didn't want to stand up for the organisations using it at the time? Some countries wanted to block certain services (was it sci-hub? TPB? Tor? I don't remember) and instead of standing up for them, they just banned domain fronting.

You might be right, I'm not sure what the state of domain fronting is, either. In any case, the fact alone that inside an AWS datacenter Signal can operate an almost arbitrary number of servers (as opposed to a single one) without anyone outside the datacenter being able to tell which machine a packet gets routed to or originates from, means that the Signal servers inside the datacenter can potentially handle millions of messages per second which would make correlating them with one another anything but easy. Remember that messages get padded anyway and that there might be additional random delays, depending on which server in a datacenter your message gets routed to. On top of that, judging from the Distributed Systems Developer position Signal advertizes on their website[0] I would assume that Signal's servers need to communicate with one another, too, i.e. your message might go to a European datacenter first and then, from there, go to one on the other side of the world – which would further complicate tracing it. Finally, message notifications on phones usually use Firebase Cloud Messaging (or the Apple equivalent) which adds yet another layer of indirection, delays and mixing[1] and, thus, obfuscation.

All in all, I am not sure, therefore, if I agree with your assessment that

> it should only be a very manageable number of packets, since we're only interested in the routing header and packet size.

as the number and overall scenario don't seem that trivial to me.

> the attack scenario was more about legal interception (which you put in front of the server rather than in front of the datacenter)

Fair enough, if you tap every single server's network cable, it certainly seems more doable. But how do you, as the NSA, carry that out in practice? Knock at the door of that European datacenter and hope employees won't say anything to the press? I'm not saying it's impossible (it's certainly not) but Amazon EU S.à r.l. being a separate legal entity and employees not being bound to US law would certainly be big operational challenges. I'd say it's much more likely that the NSA's European intelligence agencies carry out such a task for them (or provide support) and even then it's not as easy as in the U.S. (no Patriot Act or anything similar).

Finally, don't forget that AWS instances can be deployed within a minute, meaning that "putting something in front of a specific server" becomes a lot less trivial if you don't really know which server it is or new servers get deployed every other day. (For once, an advantage of The Cloud™ haha.) You basically have no other choice than to put your wiretapping device in front of the entire datacenter.

> thus Matrix is king in this regard [legal interception]

I'm not sure it is. There are pros and cons to both centralized and federated networks here: A central big provider might have the legal power and sufficiently deep pockets to successfully fend off a &...

Regarding legal independence of USA law, you're legally right I'm sure because that's indeed how GDPR works. I just can't imagine Amazon Europe telling a USA judge "sorry your honor, we really can't tell our subsidiary to give you this data relevant to national security, it's protected by European laws." It's one company, not a separate entity.

Perhaps it would go this way and perhaps they would rather incur sanctions or take to the media when ordered to hand over data stored in Europe. But so we're trusting Amazon with our data.

I guess, if I'm being fair, I just don't really know enough about this. Perhaps a legal entity in the USA cannot be held liable for not complying with a judge's orders to tell its wholly owned subsidiary to do something, or either of them for the subsidiary not complying. It might work that way. I just expect that in practice, they might very well simply comply. Or, like you say, that a "European intelligence agencies carr[ies] out such a task for them".

> message notifications on phones usually use Firebase Cloud Messaging (or the Apple equivalent)

When questioned about the privacy of using Google/Apple messaging stuff, what I've always heard as reply is that it only nudges the phone to fetch new messages. It still connects directly as well, as I have heard it (though it seems silly to me, why not just put the encrypted message right in there? Or is that a metadata thing then, revealing the message length to Google/Apple? Idk).

> Knock at the door of that European datacenter and hope employees won't say anything to the press?

That is very much how legal intercept works. And the NSA doesn't do those, it's a judge that gives the tap warrant and something like police (or a person of similar status) that executes it. I have never heard of it being leaked that some company is being tapped or in relation to which case (for all we'd know, it would be on European orders). That taps are happening is a well-known fact, just not on whom and especially not for what purpose. In a tour of an ISP data center, they pointed out now-decommissioned tap boxes to us that the police had put there. Distinctively blue in color if I remember correctly, and a hacker space later made a, um, tap out of one of them (beer tap).

> For once, an advantage of The Cloud™ haha

:D

> I don't think it's that hard to find out who's running a server (in Europe) when you have its IP address.

Indeed; that's not what I meant, but I that sentence can indeed be read both ways (sorry). I meant to say that you don't know who's running servers, like, do you run one? Do I? Or the other way around: do I connect to a Matrix server? You have to actively check the server since the traffic is just TLS on tcp/443 (so much for passive tapping). More concretely, if a government (judge, secret service, ...) wants to find whom I talk to, instead of knocking on the door of a (few) central service(s) like Amazon or even Signal itself and telling them to send copies of TCP flow logs, you have to first tap my home IP, mobile data, see where I connect, then check those servers if any of them might be chat servers, then request a tap on those IPs in their respective countries, use that to check who else connects to those, if it's more than a handful of people you need to do traffic correlation there as well...

I see what you mean, though, with the centralized system requiring one to overcome scaling issues before any intercept can start, and potentially requiring cooperation of a party like Signal who will certainly make a ruckus. Which one will turn out to be easier might depend a lot on the situation.

> the NSA and its partner agencies are sitting at every major internet backbone.

They definitely have taps in many places, but all of them, in each country? And what about private peerings, can I not talk to anyone within one country without it being caught? Su...

Exactly. I'm for decentralization, but the reality is that if "we" (we techies) tried to push Element on everyone today they would just fall back to WhatsApp. So better to go for Signal today and then switch everyone over to a Matrix (or similar) client in a couple of years. As the past week demonstrated, it's possible to switch masses out of a closed, network-effect-dominated system.
I wish the person that downvoted you would give an explanation. I'd love to know how to avoid the middle step of switching family to Signal before, once it's more usable, switching to Element. (Or perhaps they meant that decentralization isn't better and Signal is the final destination. Guess we'll never know.)
lol don’t dwell on the downvotes.

We crucified Jesus some time ago for delivering a message. Downvotes for no reason are to be expected.

(comment deleted)
Element clients are very close to finishing their SSO implementations which will help immensely with the on boarding process. Here’s the iOS pull request for example: https://github.com/vector-im/element-ios/pull/3890
One thing that would really help is basically making the server installs a few clicks. Granted it has been about 6 months since I tried but I remember the instructions not being great and I know that'd be zero hope for less technical people.
You don't have to host your own server to use it though. It's also not something recommended for an average user.

However, if you want a server, installing it using Synapse's docker image is very easy. You literally have to run two commands.

Would that not be even a better reason to donate to them...?

(Not a Matrix user, BTW - looked into it some months ago and ran away)

> Element is less polished than Signal app

To be fair: I've been pleasantly impressed with Element actually from what I've seen of Mozilla's set-up. I can format my text, I can run it in my browser and it starts up very quickly.

You'll get disappointed once you actually start using it. Unfortunately. There are so many quirks, inconsistencies, poor UI/UX.

I've been using Matrix for maybe a year now with a group of techie friends and I would definitely not recommend it for my family members (who I just onboarded from Whatsapp to Signal the other day).

Just look at this: https://wiki.mozilla.org/Matrix

And compare it to installing the Signal app and verifying your phone number with an SMS code. Frictionless.

While I agree with the main point of your post ("so many quirks, inconsistencies, poor UI/UX ... not recommend it for my family members"), the availability of documentation doesn't mean it can't be intuitive. Aside from entering a custom home server on login (if applicable, that's something your family will not intuitively get with all the centralized services they're used to), after that one-time login I think most people should be able to find their way around if they try. And we definitely don't need phone numbers and SMS verification for usability: a username will do just fine, we don't have to spend 1.5 million USD from donations just on SMS codes in 2018 alone (source: tax filing).
> the availability of documentation doesn't mean it can't be intuitive

Sure, I'm not saying that either, and Matrix has been improving a lot since I first tried it maybe 2 years ago. But there's still a long way to go. I wasn't as focused on onboarding as I was on criticizing Element's UI/UX in general.

> And we definitely don't need phone numbers and SMS verification for usability: a username will do just fine

Phone number is just the easiest thing to do. No one is confused by the process and you immediately have access to all of your contacts, while with a username you somehow need to get all the usernames of all of your friends. Inviting new users to various channels kind of works, but it's not as personal as your own contact list.

Mind you I'm not saying it's the best option. Personally I'd rather register with a username, not only because I currently have three different phone numbers in use.

> we don't have to spend 1.5 million USD from donations just on SMS codes in 2018 alone (source: tax filing)

Signal was paying that much? That's crazy.

Agreed on all points.

> Signal was paying that much? That's crazy.

Yeah unfortunately they were. Income for that year (only year they filed so far) is 600k versus about 5M expenses, the largest single expense being sms verifications. Zero income from donations, perhaps they still ran that through the freedom of press foundation or what was it again that accepted donations on their behalf until they had the Foundation status? Either way, I wouldn't want to see the january 2021 bill.

> Either way, I wouldn't want to see the january 2021 bill.

Haha definitely not.

I would assume/hope that if Signal now starts going mainstream the donations will increase. I had donated sporadically in the past (have been using Signal since 2015) and now (since a couple of days ago) I'm doing monthly recurring donations. I'll recommend my friends to do the same, as I have been with Wikipedia and Archive.org.

I'm already having mild trouble to convince everyone to use signal, there is no chance I could get them to use and keep using Element. Element is terrible.
Well now, I wouldn't call it terrible, especially considering it's free and how much better it has gotten in the past years and how many volunteers have worked on it. It's quite decent really, even if not super smooth and polished.
It opens three messages - 2 of them modal and one annoyingly large - whenever I login, and I have to login every time I open it. I'd call that a quite terrible experience. Using the web app.
> Element is less polished than Signal app

Once nice thing about the Matrix protocol is that you can build your own client following the specs (unlike Signal).

If you want something closing to the average instant messaging client, you can look here https://matrix.org/clients/

I personally find FluffyChat a great casual client. https://fluffychat.im

If anything, they are better off with conversations.im, blabber.im, etc for now, given how rough matrix can get.
> Element is less polished than Signal app

Exactly, which means that it lost.

There are opportunities that are rare or unique, and it doesn't matter that you're "catching up" - either you're good enough when the opportunity arises, or you've missed that window.

You might get a second chance later, but this opportunity is lost, and the options aren't "Signal or Matrix", the options are "Signal or frustrate people, get them to go back to Whatsapp, and be even more reluctant to switch later".

And even if through some magic Element was polished right now: Signal has been polished for years now, and as a result, has built up a brand and user base.

I'm not going to be able to switch all my already switch-reluctant friends to something they haven't heard about and that nobody uses; I am going to be able to switch them to Signal, because they've already been pestered about it by several people, have heard about it in the news, and (except for today, which is a huge problem for adoption/switching people over), it works.

At least on Android, Element is simply not suitable for end users. I'm not talking about some poorly formatted UI, I'm talking about confusing/broken UX and features that don't properly work.

So I put my tech elitism away and do what works, because otherwise we'll be stuck with Facebook.

Edit: Forgot the biggest problem: Matrix has no chance because it doesn't use phone numbers as a forced default. With Signal, if your friends have already installed it, you can just start using it with them. With Matrix, you can't. This is one of the hard choices that Moxie made that is a bit of a dick move but was absolutely necessary.

The two are not mutually exclusive. You can still run a Matrix server (or pay Element for one) and donate a few $ to Signal. Competition is good.
You pose this as centralization vs decentralization. This is actually Facebook vs Open Source, and for every feature that isn’t at parity with the existing solution, you lose users.

Is now the time to be dogmatic about decentralization?

I just donated to Signal after seeing the error banner in the app.

I realised I was more than happy to pay WhatsApp's yearly charge back in the pre-Facebook days (think it was 70p or so?).

Figured I could give Signal a few quid every now and then, maybe keep a server up for a few seconds :)

Donation link should anyone be interested: https://signal.org/donate/

your comment led me to do same!
(comment deleted)
We have no info as to how much money they need or how much they currently have. For all we know, this was just an area of oversight and not related to funding at all.

I’d prefer to pay yearly than to feel the spectre of guilt for using a “free” app.

They're a non-profit, so their financials are publicly disclosed. ProPublica only has it as recently as 2018, but here was the financials then: https://projects.propublica.org/nonprofits/display_990/82450...
That’s helpful, thanks.

So they’re 4mil in the hole? How is it possible that they’re still running?

They have $100 mn in donation from Acton
That wasn't a donation, it was a loan.
(A zero-interest 50-year loan, not a bona fide "I want my money back" loan.)
A fifty-year, interest-free loan is functionally a donation, IMO
You're not allowed to mention that, we have to pretend it's a charity.
Weird that it isn't listed in the data in that document.

I have no idea why anyone would donate $20 when they're sipping on $100m ...

$100 million given current growth wont last as long. Telegram 4 years had a run rate of $1 million per month for servers and dev costs. At that time they had about 200 million users.

Signal is using AWS & GCP ( for cloud fronting ), they could be approaching that spend level.

> $100 million given current growth wont last as long.

That is 100% their problem, though. I trust that they will develop a sustainable business model when it becomes necessary. Otherwise, look at their tax info shared above. Sporadic donations won't even make a small dent.

I mean, shoot, they won't even give us a hint at how much to donate to cover our own costs. That would be a start.

WhatsApp used to charge $1/ yr at 200 million users, which kept them well funded. A $1 donated by just the Android users at 50 million + would be $50 million per year.

TBF they havent had to think about this too much before the last 5 days, so give them some time to come up with a plan.

In the mean throw them whatever you are comfortable with.

(comment deleted)
(comment deleted)
I just get stuck in an infinite cloudflare loop :(
Good news, then! They have a monthly recurring donation option.
So how much covers my use?
Hell if I know. Give what feels right to you - imagine the service going away tomorrow, and someone saying "If only you'd paid $X/mo, this wouldn't be happening!" What's the value of X where you'd regret not having done so?
Not really worried about funding its existence for the sake of it just not freeloading my use while it's here and I decide it's worth it which is what the gp was referring to as well.
I'd still argue to give the amount the service is worth to you, but if you're not willing to do that, then I'd say bilal4hmed is probably right - $1/mo is probably sufficient. Facebook, Twitter, etc. all have ARPUs at or below $12/yr.
also check if your employer does a matching donation. Its an easy way to double your donation. I do a single yearly donation for that reason
WhatsApp used to do a $1 per year when they had 300 million users and it was profitable. So whatever you are comfortable with.
me too. just donated. please comment below if you also donated. let's keep this thing running! Its personal interest now, because I moved bunch of groups from whatsapp and its not working now! but at the same I love these guys for what they do.
I donated as well. I've gotten a lot of good use out of Signal over the years.
Done with flying colors.
I donated too. I am yet to use it. Hope they release a desktop version not linked to phone soon.
Saw this on reddit, so copying here

Donate to them so they can buy more servers https://signal.org/donate/

* If you work in the US, many corporations will match your donation. Easy double of your donation

* Set https://smile.amazon.com to Signal, so your purchases on Amazon go to Signal

* Use services like Paypal to donate, that sends 100% of the money to the foundation

for changing amazon smile: is it "Signal Technology Foundation - Location: Mountain View, CA"? no description available unfortunately. seem to be a bunch with the name signal and that was the closest in name to what seems to be the signal foundation
Signal Technology Foundation is the right one
Would you mind expanding on the PayPal point? Is that referring to donating outside the Signal website which appears to use "DonorBox" rather than PayPal?
Thanks for your comment, I've just donated too.
Signal is being used by at least 10 well-paid medical professionals (group chat) that I know of, and one of them proclaimed today that Signal is owned by Elon Musk (probably because he tweeted about it). I did not care to educate them. And this is in a first world country with a rather wealthy population.

Why am I saying this? Users don't give a damn, they expect free things, and they expect things which work. They have been taught to use appstores on their phones where tapping on a button installs an app and everything just works with zero effort on their end, while completely ignoring the work that someone put into creating the very app they depend on. Majority will never, ever, even think about it, let alone click on the developers website to find out who created the miracle they use.

This practice needs to end. I believe that it is time to stop making free products. Developers should unite in this and finally start to value their hard work.

Problem is that the largest of the free products aren't free. They are surveillanceware. "Free" is used as a gimmick to get them onto as many phones as possible to surveil people. Those players have zero incentive to change that, and will be more than happy to use "free" to edge out any paid competition. This is how paid apps became almost non-existent outside of professional niches.
This is all probably correct, and should change in the long term. In the short term, I hope you've donated to Signal, and it would also help if you'd dispel the misinformation when you hear it.

The world would be better if the world were better, but until it is, would you mind helping out a bit?

(comment deleted)
Is Signal having a problem of not enough money? I'd heard rumors they'd burned through the $100mm USD donation already but didn't want to believe them.

Is there any indication that applying capital to the problems we're seeing will fix them?

I want to help, but only in a way that will be effective in improving the situation. If they already have enough money, giving them more will not. If they don't have enough money following a $100mm USD donation, it's possible that giving them more will not.

Havent heard about them using the entire $100mn unless you have a source. I cant imagine the current situation is making their spend rate go up however.
> I believe that it is time to stop making free products. Developers should unite in this and finally start to value their hard work.

You can't stop someone trying to make a free to use product

Of course not, but it wouldn't hurt if we all got better at valuing our work more. Heck, majority of developers I worked with are decent, loving people, who could simply never dare to ask to be compensated for the work they do...
Governments probably shouldn't simply ban all free products, but it certainly might be reasonable to ban some economic activities that enable some business models for sustaining free products.
"Free" isn't a model you should pick if you're going to care you aren't guaranteed to get compensated it's a model you should pick when you want to give a cool idea a chance to take off for the good of everyone without risk of being turned into something else if it is successful.
I don't think the practice of people easily downloading/installing apps through app stores is going to end. In my network I'm not alone in paying for free apps to support development if they're value-added.
Very good point. People will happily pay 50 pounds a month for an IPhone and thinking nothing of it. But then really struggle to pay a penny for an app that runs in that iPhone. There’s some funny psychology going on.
There is very little to no awareness of what it takes to create software. We, the developers who have released our work for free, have allowed this to happen. It feels like mobbing, heck, we keep reading about other devs mobbing others by opening GitHub issues and demanding new features or bugfixes for software they did not pay for. I really hope that we can do something about raising awareness.
I can’t remember if it was always that way. When the App Store opened I guess there was a standard price of 59p for an app. Before that, 59p would have been seen as a ridiculous price to pay for a copy of software. Imagine buying windows 95 on a CD for 59p. By setting the bar so low for app prices at the start, it’s possibly just become the way it is now.
If there's one thing to raise awareness about in software development, it's probably not low pay.
This got worse with the introduction of GitHub. Obnoxious users were always a problem, but before centralized OSS warehouses at least they had to go to the project's web site and mailing list.

Where they'd be told to get lost if they misbehaved.

With GitHub, the branding of products is lost and most credit goes to GitHub. If a user isn't satisfied, he does the proverbial left-swipe and goes to the next project in a second.

If you tell a user to get lost, you violate the tenets of the new corporate sponsored cultural revolution: Newcomers are always right.

The last 10 years have been a coordinated attack on OSS to make developers obedient and silent cogs. It works, because at present they are showered with money in return.

Will it continue to work in 5 or 10 years?

One big hangup users have is a difference in expectations. They know what they're getting with the money they pay towards their iPhone. Heck - most users will gladly pay exorbitant prices for a cup of coffee as long as it meets their expectations. The same cannot be said for a given app they pull off the App Store. The quality experience can vary greatly from app to app. Even then, an app that fits your lifestyle may not fit mine, so a recommendation isn't necessarily a guarantee of value.
I'd venture to guess that speed/simplicity of installing an app is also something users subconsciously factor in. The faster/smoother the installation, the less appreciation they have for the app. I remember installing Windows 95 from floppy disks.. boy oh boy, I appreciated every file that was successfully installed and admired it every time it booted into desktop.
For me I think it is a question of ownership. It is easier to pay for something you actually own. Software already is intangible, but add in modern licensing, app stores, etc and you really do not have any ownership over your software. Even in the case of open source software like signal, Apple could chose to boot them off the app store tomorrow and I would lose my "investment".

There was a time in the 90s/00s where you bought software in a big box, and it came with all sorts of manuals and such. The tangible assets (manual, floppy, box, whatever) along with the licensing agreement made that software much more valuable than the software we use today.

I remember when some of them came with hardware dongles. Adobe After Effects had a dongle that you had to attach to your keyboard cable in order for the app to launch. The mental value I attributed to that dongle was immense. I think I still have it around here somewhere...
Paying for software vs phones is not really an apples to apples comparison.

A better comparison would be how people gladly pay ten bucks a month for spotify/netflix but would probably never pay that for messaging and IMHO that's where the industry should be going.

People in the past also thought music and movies should be free and pirated the shit out of them, but by making it simple and accessible, for ten bucks a month, most people with a job just won't bother with piracy anymore, even though they gladly pay for something they'll never actually own.

So, the billion dollar question is, how do we transfer that model to messaging?

I keep dreaming about a Pied Piper like decentralized internet.

Paying for avatars and stickers.
What i don't like is that "everything" is 10$ a month. I would like to subscribe to some payment aggregator where they charge me X dollars a month in one transaction, then pays it out to developers/service providers. This way things could go down in price too, since the fees would be lower because of less transactions. This way cheaper services like messaging could be 1$ a month without being eaten up by fees.
Netflix and spotify give me quick access to lot of content and I value it. I don’t care what software gives me this content.

With messaging it’s different. Transferring messages is relatively simple topic to do as a software. But the cost of running and maintaining it is hard and that’s what users don’t care.

Free messaging apps are a scroll away.

Free iPhones not so much.

> one of them proclaimed today that Signal is owned by Elon Musk (probably because he tweeted about it)

here is another one (with an insane amount of likes/retweets for something so wrong):

"Signal is owned by Twitter and monitored. While open source it is not as secure as they say. Use telegram." -- https://twitter.com/RebelOutlaw1990/status/13471653380777000...

Just a few tweet below in that thread:

> Telegram is owned by Google if not mistaken!?

sigh.

To be fair i grew up thinking bill gates owned skype
That might have been true depending on your age.
Your belief about Skype being owned by Bill Gates is kinda factually true. Not necessarily Bill Gates himself, but Microsoft acquired Skype back in 2011.
Microsoft does own Skype now, so in a way he does.
Gesh the amount of bad information in those replies.
Sounds more like a Telegram bot.
It's Russian owned actually, moved HQ to Germany.
First comment that I saw:

> Telegram uses custom cryptography.

> Signal uses encryption protocols sponsored by Broadcasting Board of Governors, a sister federal agency to the State Department. In plain words, data easily accessible by CIA, NASA and FBI.

I wonder what NASA will do with my Signal messages, maybe use them for a giggle in between transmissions from Mars.

Also, recent blog post about Telegram and its crypto: https://buttondown.email/cryptography-dispatches/archive/cry...

> I wonder what NASA will do with my Signal messages

They batch them up and send them to deep space through SETI. The aliens are the real ones behind surveillance operations which they use to create a reality TV show. And with this NASA prevents the world from being destroyed from said aliens.

They call it Operation Scheherazade.
I think it is acceptable, in this day and age, for people to expect instant messaging apps that are gratis and "just work". Technology and society should be at a state where - assuming you have network connectivity at all - that should be the case.

At the same time, I agree that there is practically criminal negligence of the education of people about what makes those techno-social institutions which "just work", work:

* Commercial interests and the role and nature of large corporations in tech and elsewhere;

* The massive amount of hard work, expertise, and good will invested by people in public-benefit work (which could be writing FOSS or volunteering in retiree caregiving etc.)

* What the machinery of government - and its myriad branches and institutions - does, beyond the political horse race shown on the evening news;

and through that, the realization that free lunches get made by someone, and its very important who and how they get made.

> Majority will never, ever, even think about it

It is a challenge for us to educate people around us about this fact.

> I believe that it is time to stop making free products.

Software is free by its very nature. It is only state coercion via threats of incarceration and violence that we are deterred from copying software.

I agree but this would just hand the world to WhatsApp. I'd rather donate enough to pay for my whole network of friends/family and keep it free.
What happens when a whistleblower or dissident wants to use Signal? Should they be forced to cough up a payment with a traceable credit card or app store account in order to use it?

For that reason alone I think it's important for the service to be free. Though I would perhaps support some reasonable free usage limits if needed to prevent abuse.

How sympathetic are the Signal developers to the concerns of dissidents, really? Signal has had a policy of many years to require a phone number – buying a SIM card now requires providing government ID in so many countries – and only now have they promised progress on this front someday. They also recommend that users install through the Play Store, and they only grudgingly provide a standalone APK. Anyone with the Play Store installed presumably has the full Google software suite that leaks location data, what one enters into the keyboard, etc. that the state can exploit. (And also Signal is based in the US where they are vulnerable to NSLs.)

This all makes me assume that Signal’s security is meant to shield phone owners against advertisers and ordinary criminals, not the state.

They've actually said publicly that they're working on making it possible to use Signal without a phone number, via usernames. Here's a recent hint at that: https://twitter.com/signalapp/status/1347248608660185089
Yes, and I acknowledged that in my own post. But it took years to get to the point where they are even talking about upcoming support for this, let alone actually providing it. In the interim, this aspect of great importance to people living in authoritarian regimes was ignored.
I agree that it's unfortunate that the initial attachment to phone numbers has thus far made Signal harder to use for dissidents in many countries. But I can also understand that there are legitimate constraints that led them to go this route initially (abuse & spam prevention come to mind).

I can also acknowledge that it's a universally good thing that they are moving in a positive direction here, and I do not hold it against them for being unable to solve all problems for all people at the same time.

NSLs are a problem generally, but I have a lot less concern in Signal's case because they have no data, and they'd have to be forced to make significant software modifications to enable targeted interception of messages. This is something I expect they would be motivated to fight, more so than any for-profit company might.

Let's acknowledge and appreciate progress where it is being made.

It did not "take years".

They haven't seriously considered that for long. I don't think it's even been a year when they announced this switch for the first time.

Please don't spread this kind of false information. Signal gets enough of that already.

It has taken years: one of the major GitHub issues requesting alternate identifiers than a phone number for privacy’s sake dates from 2014. [0] The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.

[0] https://github.com/signalapp/Signal-Android/issues/1085

> The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.

You realise that this is something completely different than what you wanted to imply are you? Up until they introduced the PIN, they've been defending the phone number. Just because someone had a issue on github, doesn't mean they've been working on it...

Whether they were working on the Github issue or not, is irrelevant. Those Github issues (if not their own intuition already) would have already made them aware that by requiring a phone number, they were compromising user privacy. Of course they had their arguments for requiring a phone number.

You think I’m knocking the app. I’m not, I think it is the best option available. I just feel that as long as the phone number was required, they could have been clearer to ordinary users about the threats that Signal aimed to protect users from: advertisers and ordinary criminals, sure, but not necessarily the state authorities, and so it might not be suitable for dissidents for the time being.

Of course it's relevant.

One is some guy posting someone in the issue tracker where 1000s of other ideas are. The other is "them working on it".

https://signal.org/blog/contact-discovery/ (2014)

Exactly, they have made arguments for the usefulness of the phone number as an identifier. But to the best of my knowledge, they have never specifically acknowledged in a blog post the state’s linkage of phone numbers to individual identities in many countries today, and the risks that this poses to dissidents.

Moxie is one of the best security researchers in the business, he was definitely aware of this before anyone ever brought it up on GitHub. Was it really so hard for the Signal devs to acknowledge this downside on the blog?

> How sympathetic are the Signal developers to the concerns of dissidents, really?

There’s a known problem where the majority of Chinese Android users use a third-party IME to enter text. This is vulnerable to eavesdropping and easy for Signal to detect and warn the user about. Chinese people have been asking them to do this for over a year, telling them that they know of people who have been detained by the government after using Signal, thinking it was secure. Signal have constantly ignored and dodged this. Just lately, their attitude seems to be that somebody needs to prove it is being actively exploited before they will look into it.

Until I saw their behaviour on this, I was recommending Signal to people. Now I can’t help but feel it’s security cosplay. They pride themselves on strong encryption, but won’t lift a finger when people unwittingly use Signal in an insecure context and are being extraordinarily evasive about it.

More info: https://community.signalusers.org/t/signal-should-warn-users...

I mean, technically it is not their responsibility to make sure everything surrounding the app is also secure. Someone could also be watching users over their backs, their device could be rootkitted. Where do you draw the line? I think it would be better to put resources into developing an open-source, non-compromised IME but that is out of scope.
> This practice needs to end. > I did not care to educate them.

It's always someone else's job to change the world, eh?

I'm always surprised anew how unworldly people here can be. Are you even aware that most people are not your "well-paid" medical professionals? Where is this offensive ignorance coming from? How do you even dare to say something like that? We're talking about a non-profit who brings a good and secure messenger even to 3rd world countries. How about you shut your mouth about everybody on the planet and use it to convince your "well-paid professionals" to pay instead? The general population does already pay for too much. They don't need a arrogant Schweizer Goldjunge to drag even more money out of them.

Oh and, you're not getting enough recognition and praise from your customers? Maybe you should make something which would really justify it? I'd recommend a FREE APP which helps poor people! Jesus, you run a page which rips off content other people provided you for FREE...unbelievable...

You’re wrong on so many levels (I was born and raised in a 3rd world country and survived 4 years of war under siege). I am not a Schweizer Goldjunge, and even if I was, suggesting that developers should value their work more definitely does not warrant your tone.
What warrants my tone though is you saying that free products should stop for the most selfish and ignorant reasons possible.
I actually wonder if they think they already paid by buying their phone or by paying their subscription.
It’s an interesting dichotomy: many say they want to make the world a better place but also (1) have a personal philosophy of “the regular user is always wrong”, and (2) will do their damndest to argue how developers and IT corporations are always right and virtuous (FB just wanted to connect people; people didn’t vote with their wallets so now they spy on people just to make ends meet).

A better world for whom?

I'd choose an annual recurring donation if the platform offered it.
The platform offers a recurring monthly donation. Divide by 12?
$1/mo is prevented by a hard minimum, and likely for good reason as the credit card processor imposes a flat base fee.
I don't really want to see a bill for e.g. £0.41 every month on my credit card statement, and at some point the transaction fees would become a bother for Signal.

I'd have ticked "recurring annually" if the option had existed.

Set up a recurring calendar reminder. Maybe boxing day or new years day and give yourself a fresh start to the year with some donations.
They do monthly so you could divide your yearly contribution by 12.
Except you have to be careful so the monthly amounts don't end up so small that the credit card processing fees eat up the majority of your donation! The processing done via Stripe (which is used by Donorbox) has a fixed minimum fee of 30 cents per transaction.

Edit: unless they have some special lower cost stripe rate of course, in which case you can ignore my comment altogether ;)

(comment deleted)
I don't know what options show up depending on the route you use to donate, but the link on the Android app [0] takes you to a page that does allow recurring contributions.

[0](https://signal.org/donate/)

"...As of June 2020, Signal had more than 32.4 million total downloads, and the app had approximately 20 million monthly active users as of December 2020...." [0]

"...The initial $50M in funding was a loan, not a donation, from Brian Acton to the new nonprofit Signal Technology Foundation. By the end of 2018, the loan had increased to $105,000,400, which is due to be repaid on February 28, 2068. The loan is unsecured and at 0% interest..." [1]

What happens when they add 50M or 100M more users?

[0] https://en.wikipedia.org/wiki/Signal_%28software%29 [1] https://en.wikipedia.org/wiki/Signal_Foundation

0% interest repaid in 48 years... I'm sure they'll figure something out
The loan seems to be more a techinical stand-point than a real loan.
The loan is not a loan, its a gift. There was some tax reason it was done this way
Do you understand what the tax play is?
If I give you a gift, it is income and you owe taxes on it. If I give you a loan, it is not income and no taxes are owed. But tax man will expect you to pay it off! If I forgive you a loan, that is also taxable income, in the amount that you have not yet paid off, so no loophole there.
But the Signal Foundation is a 501(c)(3), so their donors don't owe taxes on the donations, right?
There could be conflict of interest if it’s a gift considering Acton was involved with WhatsApp before Signal was formed.

And a donation would bring him deductions which he probably doesn’t want..

And there is a gift tax but since it’s a non profit, it gets different treatment. But having said that IRS scrutiny increases with such large donations.

Chances high for an IRS audit. Etc.

So many reasons why the loan aspect is a better idea.

I don't understand practically any of this very well.

> There could be conflict of interest if it’s a gift considering Acton was involved with WhatsApp before Signal was formed.

Why is this conflict of interest less significant by structuring as a loan?

> And a donation would bring him deductions which he probably doesn’t want..

Why wouldn't he want them?

Is he time-shifting them or forgoing them?

> And there is a gift tax but since it’s a non profit, it gets different treatment.

A charitable donation isn't subject to gift tax.

> But having said that IRS scrutiny increases with such large donations.

> Chances high for an IRS audit. Etc.

Acton is a billionaire, his returns will receive scrutiny every year.

What's the etc? How is it better with a loan and why?

Ianal.

Generally speaking, noncompete agreements prevent you from taking equity / ownership or active role in competitors

They say nothing about loans. Thats from the many agreements i have come across between businesses and partners/employees

You're hypothesizing he was contractually obligated not to GIVE them money, but not also to LOAN them money?
Let me try. I am not a legal person.

I think there is a limit to the amount of gift in cash or other assets you can make without triggering a federal gift tax of around 40%. For an individual there is a limit of life time gift tax exemption around 11.5 million and 23 million if the gift is made as a couple.

1. A loan is a business transaction here. There is an expectation that it will be repaid. It can also be forgiven. A donation to a non profit can be ‘rewarded’ by way of tax deductions.

So Acton will profit from a similar tech he has already sold to Facebook as WhatsApp. His wealth likely came from WhatsApp sale to Facebook. It can be argued as conflict of interest.

Loan deals are very clean. Cut and dried. Any implied contract between the parties ends when the loan is repaid and the relationship is terminated.

2. I can’t speak for Acton. Or in any legal capacity, but if it were me, tax deductions to a non profit can be rife with complications because if he ever gets involved with signal as a board member or employee, it might rise questions.

3. Signal foundation is not a charity.

4. Even a billionaire ..and especially one..would prefer to keep books less complicated for IRS. Donations are often scrutinized for money laundering or tax evasion.

5. A gift invites taxes, iirc. Like..if I gifted you above 15k(and you are not my family or part of a trust/insurance beneficiary etc), you will have to pay taxes on the realized value of the gift.

6. This might have been an ideological instinct for Acton as there seems to have been some disagreement between Acton and FB on how they intended to take WhatsApp. Maybe this isn’t about money at all. Who knows. Hence the ‘Etc’.

Also I don’t know exactly what kind of non profit Signal is...

> I think there is a limit to the amount of gift in cash or other assets you can make without triggering a federal gift tax of around 40%.

AFAIK, this does not apply when giving to a charity.

> I can’t speak for Acton. Or in any legal capacity, but if it were me, tax deductions to a non profit can be rife with complications because if he ever gets involved with signal as a board member or employee, it might rise questions.

And the loan won't raise similar questions? Why?

> Signal foundation is not a charity.

> A gift invites taxes, iirc. Like..if I gifted you above 15k(and you are not my family or part of a trust/insurance beneficiary etc), you will have to pay taxes on the realized value of the gift.

> Also I don’t know exactly what kind of non profit Signal is...

It's a 501(c)(3) https://signalfoundation.org/

https://pp-990.s3.amazonaws.com/12_2019_prefixes_82-86/82450... : form 990 of Signal Foundation. Source: https://projects.propublica.org/nonprofits/organizations/824...

Brian Acton is listed as Principal Officer/President

You can’t donate to your own company and then claim it for a tax deduction.

Well, you CAN donate to your own company and claim it for a tax deduction, I do it all the time.

That being said, this basic point seems like it might explain the whole thing. I can believe that he cannot be the sole (or nearly sole) donor and have the company be a 501(c)(3) rather than a private foundation or similar.

It is possible that it avoids having the Signal Foundation fail the public support test, usually a requirement that a public charity receive at least 1/3 of their donation revenue from donors giving less than 2% of the nonprofit's overall receipts. Failing this would cause the foundation to be a private foundation.
Why is this structured as a loan? It sounds like it's structured in such a way that he isn't interested in getting paid back. Is it so he can exercise control in a weird scenario like a buyout? Is it some weird tax thing?
My first thought is it must be a tax thing, although I guess it could be a hedge against them selling out depending on how the agreement is worded.
I'm assuming so that if moxy gets hit by a bus and someone else tries to step in and monetize it, he gets his money back. If it remains free and open source I'm sure he'll forgive it.
Something like an unusual sort of ownership. If signal was sold, the buyer would be on the hook for all of the debt.

Startup funding that looks more like debt than stockholding isn’t all that weird, and has various implications for exit scenarios.

If you wanted to create something similar to a nonprofit, this is a way you could do it while protecting it from vultures.

Its just for books. Loan is still an asset, but donation is not. He will have this asset for abt 50 yrs in the book, that's useful if he want raise money for something else. Pretty sure he don't intend to get it back.
Thanks for the reminder. I donated.

I've been using Signal for a couple years now. Finally deleted WhatsApp this week. This is the first outage of Signal that I noticed. It's a shame, but growing pains do happen.

Another donation.

Everyone around me starts switching suddenly and I want to keep them on Signal.

Thanks for posting, I just donated too. Signal is doing important work and I hope they can continue under this new load :)
A good thought, I just did as well.
I really wish the EU would put up funds for open source software, like signal, it seems to be something they could get behind for the greater good. My previous job involved creating a graphical programming language for the generation of GPU shaders, which the EU partly funded. I knew it was going nowhere, and it made me slightly sad tax payer money was being used on something I knew, despite my best efforts, would not work.

Oh well...

that sounds interesting do you have any links? or insights to why it did not work out?
>I really wish the EU would put up funds for open source software, like signal, it seems to be something they could get behind for the greater good.

They do https://hexus.net/tech/news/software/125747-14-open-source-p...

I just wonder about the process and the results. I mean, it doesn't look to me, as if there is a management behind this, that actually has a goal.

It looks more like they are giving funds to projects who apply for them. IMO, they should state 3 clear goals and sponsor specific projects which reach those goals. To give some example how those could look like:

- create a decentralized, federated instant messaging platform, that is build on public standards

- create an e-learning platform that is usable with already established devices

- establish a market for the created software with partners

Naturally, all result would have to be open-source products and the goals would need some details/numbers to measure them. They could even invest into already established projects, but please, with easy to understand goals.

I disagree. I believe the governments should fund existing open source software that are considered to be "critical" infrastructure (as in lots and lots of people rely on it) instead of chasing some random goals and adding bureaucracy on top that would slow down lead developers.

Just give them money and trust them that they'll do whatever it is they've done so far that many people recognised and started relying on their solution to the problem.

Without looking them up, there's exactly three pieces of software in the list above your comment that I don't recognize: FLUX TL, WSO2, midPoint. I'm happy to see all the other names on it, and I'm pretty sure I'll feel the same way about these three after I look them up.

I am not so sure that we disagree. I would consider instant messaging services 'critical infrastructure'. The difference seems to be, that you want to support projects that are large already, while I would certainly put more focus on smaller projects as those are the ones which can initiate change.

I find it heartbreaking, that we still depend on WhatsApp and Zoom. Neither service owner is particular trustworthy. Communication is definitely critical infrastructure and yet, the open-source alternatives are very limited (in quality, not in quantity). So investing in this kind of functionality is key.

In terms of software, Signal and Jitsi are great alternatives to WhatsApp and Zoom. People don't use them because of network effects, not because the incumbents are inherently superior.
Yeah,and they crumble to bits like Signal is doing right now, breaking the wave of mass adoption.

Cynical, profit driven and well funded operations have enough capital to weather these downpours, indeed they’re actually planning for them.

I hope Signal sorts their capacity quickly, I’m terrified that my circles switch back to WhatsApp. And then I’m fucked, I either surrender myself to Facebook or cut off from society

For many use-cases they are indeed proper alternatives, but Jitsi has a much lower limit when it comes to numbers of participants. So if someone wants to organize a group call (the typical use-case) you come a with a lot more scenarios into trouble using Jitsi. And it hurts me to write this, because I hate how much growth Zoom had in the last year while being dishonest about critical encryption features. I would love to promoted Jisti and have tried so in the past, but I can't recommend something when it doesn't fit the use-case.

Signal, on the other hand, probably comes close to the WhatsApp features (I use neither one) and while I encourage everyone to to switch, I am missing the federation aspect. IMO, communication should be federated by law (which would also solve the network effect problem). Imagine a world where you could not call someone who has a phone number from a different provider? The current state of instant messaging is exactly this.

XMPP solved these problems decades ago and just because the standard didn't catch up with the speed of the mobile revolution, we don't have to reinvent everything from scratch. Properly implemented modern clients work very well (including reliability and battery consumption), the big issue though is that many traditional clients don't support all features and all companies in the business try, to build walled gardens as those tend to driver stock prices.

> I believe the governments should fund existing open source software

Governments don’t fund things, taxpayers do.

I work in EU research funding programs. The process is very bureaucratic, making it difficult for any small company to apply. Not to mention projects without a company.

It's also quite ineffective at giving money to the projects that are meaningful.

Large companies and large university projects rake in plenty.

Yeh so true. One of fhe great things about the Open Tech Fund was that it makes it easier for people with open source ideas, like Signal or our own Umbrella security training app, to get funding. Doing that through European funds would be impossible.
NLnet uses EU funds to help open source projects, in a similar way to OTF:

https://nlnet.nl/

NLnet seems to have been doing the good fund for quite some time!
Not just EU funds, but those are currently the largest funds at NLnet.

NLnet does 'funding as a service'. If you want to fund a particular area of FOSS, we (I work there) can administer that. We provide low overhead funding to FOSS projects and pay particular attention to how the ecosystem benefits from projects.

So 'boring' projects that improve adherence to standards, increase deployments of standards compliant software, test standards compliance are very welcome. Redecentralizing the web requires this work, but few people think that this work is fundable. It is and in our opinion is has a high ROI for society.

I have found that NLnet's funding is very competitive and pretty hard to get.
I hope it won’t become like Canada’s SRED credits where the consultant that helps you make it look like you’re eligible costs 1/3 of the credits you get. These credits in turn keep otherwise completely unprofitable and doomed startups funded while the product delivers no value whatsoever. It’s borderline a scam and the program’s spirit has been completely abused by now.
This is another real issue I've seen in some places, especially regions that are trying to "do" tech, but where it doesn't come naturally.

It hurts me to watch systems full of broken incentives emerge and have money thrown into them repeatedly - there's "tech startups" (which would be laughed out of the valley due to their head-count and lack of any product market fit) receiving large ongoing subsidies to their payrolls while they slowly pretend to iterate on a product, all because they have "created" an agreed number of jobs, and need to keep those chairs full.

Europe on the whole doesn't have a culture of taking the same level of risks with capital, and there's a real push to fund things that are "safe" and help cover up weaknesses in the market - funding a company to hire people into basic tech roles at below-market pay helps to reduce graduate unemployment, which covers up the fact their education isn't giving them the right skills. That's pleasing to government.

On the other hand, giving 1m EUR to a small company with low head-count but a great idea could be a game-changer, and lead to far greater longer-term gains, but any government funding like this would be accompanied by so much red tape that you'd spend half of the 1m EUR on satisfying the monitoring requirements of the grant, attending monthly external progress review meetings, defending your progress to agreed (and inflexible) milestones etc.

That last point is perhaps the killer for innovation - most of the innovation funding schemes I've seen require detailed project plans before receive a cent of funding, and then hold you rigorously to that plan. Need to pivot? Welcome to the multi-page "change request form", which must be approved by a panel of non-technical bureaucrats before you can dare to change direction. They'll get back to you within 3 months, until which time you should continue with your original plan, as you will still be judged by your previous milestone payment plan. Your idea not working? That's not an acceptable outcome - you simply must deliver what you said! Failure is not welcome, you must deliver exactly what you said, else they will complain you are causing them to under-spend by the end of the financial year (as they now won't pay you!)...

Can confirm, though I need to qualify that most of my experience is in the software related programs.

In each and every framework so far, the EU is touting 'reduced administrative overhead', 'simplification of participation' and 'focus on SME's', but has in practice done exactly the opposite.

Especially since Horizon 2020, there has been a 'coup' by the large enterprise and large academic research groups. You can see the same trends in national programs as well.

Part of the problem with the process is that, for various well-intentioned reasons, there's a major focus placed on delivering objective evaluation on any kind of funded research or work. Bureaucrats want to demonstrate the impact their funding had, so that next time around (in say 5 or 6 years) they can make the case for the same amount of money (or indeed more). This leads to a system where "safe pairs of hands" are favoured, due to their ability to "play the game" and deliver the right kinds of metrics. A larger organisation can deliver "more jobs created" as they have the operating capital in place to run hiring using the research funding money, and commit up-front to "creating" those jobs (which they would have needed anyway, but can now fund, in part or in whole, through the funded project).

That's why, in my view, the bigger companies and universities do well - they have a scale that helps them to deliver these kinds of outputs. As a small company, the "spend-and-claim-back" approach to most research funding can be a real issue, especially if the claims are delayed due to bureaucratic "checks and balances". These are necessary to prevent blatant outright fraud (i.e. people not doing the work they say they did, and pocketing the cash), but they tend to be applied across the board, rather than in a targeted way proprortional to the level of risk, and size of the organisation. The end result is smaller players spend more time (proportionately) handling bureaucracy if they do win funding.

RE selecting meaningful projects, this is arguably because EU research funding looks further ahead, at lower technology readiness levels. An open source project used by everyone is "high TRL" and therefore hard to fund. If they have an entity (as you point out, many don't, which makes them harder to fund),

If you don't have a company to pay yourself through an official payroll system, I believe there are rules in place which effectively define that you work a maximum of 8 hours per day, 5 days per week, and that you can't possibly earn more than 25 EUR per hour, which is of course completely out of line with the sector, and makes it really hard to work without creating a company. At which point you then become subject to state aid rules, and need to keep a handle on that.

And beyond the research programmes, any kind of "innovation funding" then drags you into the state aid system of partial funding, which is very difficult for a small company - getting 60% of full payroll costs funded sounds nice, but it requires you have the cashflow/capital in place to run payments through payroll, in order to claim back a percentage. Not ideal for the kinds of non-commercial "critical internet infrastructure" that need this kind of funding the most.

That's a bug bounty programme, which I agree is useful but not quite what I was talking about.
While better than nothing, I'd argue a bug bounty is perhaps the opposite of what's truly needed - incentivising the finding of vulnerabilities is good, but it needs people to fix those.

Alas, this is what happens when tech policy is written by people without tech experience, I suspect.

I wisth they do not put up funds to signal. It is closed ecosystem. Even traditional phone calls are more open (having federated independent operators and interoperable implementations).
This is the old Signal-Matrix debate. https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom

In short, federation makes a lot of things more difficult, and Signal opted not to do that to get a polished product quickly. Still, it's not either-or. As I remember it, Moxie welcomes the Matrix developers to try their approach and would be glad if they can get it right, he was just worried that it'd basically never lift off.

I think it's not bad to donate to either project, it's a good thing that we have both.

I know you mean well, and I understand the feeling, but how can you say in the same breath that the EU funds useless software and that you wish they funded more software?

Why would the newly-funded software be the useful kind instead of the useless kind?

Because if they got more serious about it, they'd install committees to evaluate proposals, et cetera., like they do for scientific research proposals.
Right, what this problem needs is more committees!
The funding should be in return for a chunk of profits (ie. The EU becomes a shareholder).

They should employ teams of investors to decide where EU money is best invested.

They should use their governmentness to investigate companies after a few years and where they find someone got rich, yet the company failed, put some people in prison. Being the EU they can say "using legal loopholes to suck the company dry is in itself illegal".

I mean, isn't that sort of the fundamental problem with government funding? They're not very good at picking winners, and when they make winners by picking, sometimes it still turns out to be a mistake (e.g. diesel in Europe).

Still, it does seem something infrastructure/utility-ish like Signal would be a good candidate for at least some support.

What you’re wishing for is to force your fellow man to donate to a cause you deem worthy. EU funds don’t come from nowhere - they are taken from citizens.

You go donate an hours wage a week instead; that’s virtuous.

That's how taxes work, unfortunately you can't pick and choose to which causes they go.

That's why, in a democracy, you vote to elect your representative who will, hopefully, make sure your taxes contribute to causes you deem worthy. Be it open source, health services, education, ...

You are right - taxation is coercion and not virtuous. You are also right about representative democracy - the incentive is to have the state fleeze your neighbour as much as possible. For those working in the bureaucracy the incentive is to convince the boss you need a larger budget next year.

Certainly far from “love thy neighbour”.

Donate yourself, you can be a hundred times more efficient than EU bureaucracy, no exaggeration

(comment deleted)
Eh, but in reality no not really. The PyPy project is one example of a fantastic outcome for OSS (among others): they where heavily reliant on EU funding to get to the point they are now. VLC, glibc, Keepass, Kafka, tomcat and others have had EU funds for their security bounty programs. My 10 EUR contribution to this via my taxes (simplistic and incorrect) is fine. Angry anti-tax anti-big-gov rhetoric involving wishful thinking whilst ignoring the reality we actually live in does little to advance your cause, and for lack of a better word makes you sound rather silly.
Nothing silly about having principles.
If those principles and the way you articulate them are obviously silly then yes there very much is
yes, if you can't donate money consider in other ways, it's an open source project.
Virtuos does not mean effective. I am of the opinion that we should have a democratic government that is able to spend some of their citizens money on projects deemed worthwile.

This is how public schools are funded in my country and I like that we fund them like this instead of private schools with fees that would exclude some families. This model of funding works for a lot of public infrastructure and I doubt individual donations would make up for that. I think it is critical for this public funding to be under democratic control. Otherwise it is definitely unjust. In the end I think public funding / taxes is a way to bypass the tragedy of the commons (not sure if that is the right term here).

> What you’re wishing for is to force your fellow man to donate to a cause you deem worthy.

My fellow man sometimes wishes me to fund expensive wars too.

Wishing for how your taxes are spent is an aspect of democracy.

Forcing others to fund wars is not moral. Neither is forcing others to fund mobile apps.

No one hinders you from donating to Signal if you wish, but if I am a Matrix user, do you want to use the violent force of the state to force me to fund Signal? It’s a moral absurdity.

Wealth is not distributed in a equitable way, so it seems fine to me.

When CEOs and owners make the same as cashiers, donating by yourself makes sense.

There seem to have been put up huge budgets for bootstrapling startups in tech sectors from the aEu budget recently though? Something like EU Horizon
Signal isnt federated or self-hostable. As long as its not, I dont see it as completely open source software because we still have to depend on their servers to use Signal.

I feel public money should only be donated to them once people are able to setup their own signal instances, like Matrix.

France for example uses Matrix for their internal communications. They don't use the public homeserver, rather, they use their own.

They could easily add an optional badge to avatars showing that you donated $1 that year via an optional in-app purchase. The subtle social pressure in a lot of group chats would be pretty effective, and it would help raise awareness that it is run by a non-profit foundation.
This is a great idea.

One of my friends who just jumped ship to Signal this week said in his first Signal message to me that he wished he’d “bought some shares” in Signal when I first told him about it...

The first challenge is getting people to join the platform.

The second challenge is educating them on how it’s actually funded... (ie NOT by pimping out your personal data for shareholder benefit).

Stock with ticker SIGL surged 6000% on Jan 11 - investors thought it's the Signal Messenger. Same like the wrong Zoom company.
What's even more wild is that the executives/directors didn't sell any of their stock on the massive increase.
Quite likely they aren't allowed to sell whenever they want, they may be subject to an open trading window, or a fixed sell-down plan over the year.
This sounds good on first pass, but consider the implication of allowing donations (and thus, payment method information) to be tied to a Signal users account. I specifically _wouldn't_ want this.
You could enable offsite donations that provide a receipt/hash that denotes (donation -> validated), without being tied to any individual. Then the user could copy/paste a generic, non-correlated code into Signal to authenticate activity.
It's easy. You "gift" the badge to a user via the Signal homepage when making a connection. There's no required connection between the gift-giver and the receiver. Is the person who gifted the badge the same as the receiver? Could very well be, but there's no way to prove that.

All you need to store server-side is "this user has the badge until date X".

> Could very well be, but there's no way to prove that.

Sure, but espionage and surveillance are rarely about proving anything, they're about making good educated guesses. Besides, the receiver will very likely be among your friends and acquaintances, so the NSA would only have to look at your social circle to find them.

Database has one column on the user table:

display_badge_until

Store no payment info.

it is amusing that you think you have fair chance if NSA/government really wants to get you. Buy hey if that makes you sleep at night be my guest.
Are you sure you're responding to the right comment? I didn't say anything like that.
Linking a donation to an account would be optional in any sane implementation.
How much data is sent to the developer after somebody makes an in-app purchase?
They already have your phone number, closely tied to your real identity. What could they possibly do with some payment information?
I like how you put it. You convinced me to throw a donation at them :)
Thanks I just gave 50 bucks, well worth it, that makes me happy!
Did so myself. Gotta support such organisations.
> I just donated to Signal after seeing the error banner in the app.

I've tried to donate, but none of my 3 cards worked, I got "card rejected error" without any info why and none of banking apps notified me about new transactions.

Same issue here, and I don't use PayPal after they asked me to provide info to Equifax to continue using it.

They aren't on liberapay as far as I can see.

I had no issue donating to Signal.

I use the Privacy app and generated a merchant specific credit card for Signal. This is the best way I have found to do online transactions. You don't even need to use your actual name or address when making a payment to a merchant since Privacy acts as a proxy for you. https://privacy.com

This is actually very cool, I'm checking it out. Thanks!
I was able to donate via PayPal using cc
I set up an monthly donation just now, thanks for the reminder.

Remember: regular donations are better because they help with long term planning.

Although monthly donations presumably get more siphoned off in processing fees than an equivalently large donation annually.
I dont know if Paypal allows for monthly donations but they dont have any processing fees

https://www.paypal.com/fundraiser/charity/3675786

Good to know!

But your link now leads to a “The charity you're looking for isn't available right now” page?

Interesting, I just clicked that link and it worked for me

Try searching for Signal Tech Foundation here https://www.paypal.com/fundraiser/hub

Ah, PayPal URLs without a country code specified defaults to only showing or returning search results for the country they geolocate you to.

Non-American users can access the Signal PayPal page at Paypal’s US site: https://www.paypal.com/us/fundraiser/charity/3675786

Not sure what the logistics of sending money to the USA PayPal Giving Fund are for non-Americans.

Thanks for sharing that link, you removed enough friction that I now donate monthly :)
if you can please consider making a regular recurring payment of a few bucks every month rather than a one-shot lump sum. this is because it's easier for a company to budget and plan with recurring revenue than a one-off donation.
Recurring and steady incoming is certainly useful for any company, but I would advise against doing tiny monthly donations over a larger yearly one! Processing fees are going to take away a significant chunk of your total donation relatively speaking if your individual donations are small.

Let's do some math: In signal's case, since they use Donorbox, there is a 2.9% + 30¢ fee for credit card transactions going via Stripe (in addition to another percentage that goes to donor box). If you were to donate $24 once per year, Signal would end up with just over $23 after processing fees had been deducted. If you donated $2 per month, they would end up with $19.7 per year, an additional $3 being spent on fees!

Edit: unless they have some special lower cost stripe rate of course, in which case you can ignore my comment altogether ;)

Thanks for the idea, I also took the opportunity to donate a nice chunk in support of a service I use often and want to continue to exist.
Do not forget to check if your employer does matching donations. Its an easy way to double your donation.
What’s the evidence that they are short on dough vs can’t hire?
Adding more servers to support more users, also means more bandwidth. Those are increasing costs at a rate that they had not planned. Their spend rate has to be insane now to keep things running on top of their rents, utlities, opex. They have to be needing more money than they planned for.
thank you for that link -- just donated $50!
Thanks for this link. I donated seeing this link. Should encourage signal to do more
Thank you for the link, I didn't even know they took donations.
Would love to donate via the Bitcoin Lightning network.
Good call! I gave them some money too.
Now this is unexpected, and amazing.

This is one of the most frictionless donation buttons ever. I love it.

Patreon, Paypal, SEPA transfer, all those are a hassle, comparatively.

This donation thing used by Signal works exactly as it should be. Enter numbers, hit enter, done. No "please cookie us", no 20 times transfer to other domains, no account creation, and they also don't require stuff like MasterCard 3D secure (which IMNSHO really is useless for donations).

Zero hassle, 100% great, and with a nice UX.

Looks like the donations are powered by Donorbox.org.
And the actual card details are collected by Stripe - looks like an iframe inside an iframe.
I wonder how much shower time moves in that iframed iframe.
Probably about 1/6. That would explain how I take one for 5 minutes and yet somehow half an hour has passed when I get out.
Yes, wow! As a Canadian I really appreciate the ability to donate in my own currency.
I just set a monthly 10 dollar donation for them.

All my friends are in Signal. One of my favorite group chats is in Signal. My mom is using Signal, I just sent her a message I might need to leave WhatsApp, so she immediately installed Signal all by herself. Now we have video chats that have been working really well.

I mean, this is the first time the mobile app gives trouble. I'd wish the desktop app would be better, like it's been the biggest problem between me and Signal. Otherwise it's an amazing tool and I'm happy to donate for it to be even better.

Just threw $10 to them. I'll gladly pay for a quality service.
Not as impactful as a realtime donation but I recently changed my Amazon Smile charity to the Signal Foundation after a few years with my previous selection. I was surprised to learn they were an available option.

I also installed a browser extension to automatically bring me to smile.amazon when buying anything on Amazon - so far it has had no weird glitchiness when not buying something and works exactly as advertised. Highly recommend looking into this option if you're forgetful like me - so far it has helped me donate 4 times that I would have otherwise forgotten.

I was jumping through similar hoops for a while to get Amazon smile donations, but then I looked at their numbers for how much gets donated and it was a pretty trivial amount. I don't remember what I found (anyone have any stats on Amazon smile donation percentages?) but I decided it wasn't worth my effort compared to adding an extra few dollars to my direct donations.
It’s a small percent but adds up - I’ve “smiled” hundreds of dollars.

I don’t use the add on and just type “smi” to autocomplete the domain.

I don't have percentages, but the charity I have marked for my Amazon Smile donations gets about $100,000 a quarter. So it works for some groups.
It's not bad if you connect it to an Amazon Business account. I give hundreds of dollars to the charity I select. Also it's a thing that's easy to opt-into with an extension and just goes on forever, so totally worth doing it.
don't forget that you can use the Signal protocol in Skype with Skype Private Conversations and delete your own call metadata afterwards as well.

edit : which presumably drives licensing income from Microsoft to The Signal Foundation, which I am presuming is better than nothing and if like me you can start using Signal protocol for calling your family elders via Skype without friction, and I simultaneously create widespread adoption of the Signal protocol, I can't see any downside myself anyhow.

https://az705183.vo.msecnd.net/onlinesupportmedia/onlinesupp...

Done, thanks for mentioning this. TBH..I would happily pay for a paid tier of Signal.
I don't think the problem is money, at least for now. They are either running in a datacenter and can't add capacity fast enough, or have a scale bottlenech in their design, and just weren't designed for this scale.
They are hosted on AWS....its definitely seeming like a design issue
Do they have their AWS infra code on github? I'd contribute some design ideas.
I just donated, because of your reminder. Ty.
If $50 F million dollars can’t keep them alive, not sure how far 70p would take them
Just did the same, thanks for mentioning this.
Just dropped them a couple bucks and a nice message. Thanks for posting!
I just donated. Thanks for the suggestion.

Right now is the time for us to invest in Signal to help see it through this groundswell of adoption.

Great idea. Best response to a company having issues where we actually care about what they do for us.
You do realize that the signal foundation is funded by licensing deals with whatsapp and other companies right ?
What a BS!

If you talk about Brian Acton, he sold WhatsApp to Facebook and btw made a big gift to the FreeBSD foundation and is the founder of the Signal Foundation.

https://signalfoundation.org/

Learn to inform yourself, this is not a place for fake information.

DNS is resolving correctly again to AWS, but the servers are 504 timeout.
So technically if amazon didn't like signal they could kick them off and the whole network goes to shit.

Where do people think all these parlor users are going?

I am very interested in hearing the postmortem of this extended outage technology/architecture stand point. Not to be cynical, but I wonder if this is caused by an attack by the company who is losing users!
(comment deleted)
I doubt we’ll get much info about it out of Signal / OWS. I’ve asked about their tech stack and ability to scale in AMAs before and got fairly vague responses.
The server code was published. Even if we don't know what services they use, you should be able to find quite easily what language the stuff is written in.
Server code may not tell you what the server is deployed on.
Hence my writing of

> Even if we don't know what services they use

and it merely helping to find

> what language the [server] stuff is written in

I don’t understand how that will help you figure out the equivalent of a post mortem for a service outage.
You said you asked them about their "tech stack and ability to scale". A tech stack consists of frameworks and languages used, which can be found on GitHub, so there's part of your answer.

Indeed I'd be interested in the post mortem here and I also don't expect anything from them (depending on how large this turns out to be, though, and so far it's actually a rather huge outage so maybe we'll get some info after all).

Ah, I meant their infrastructure as well.
The signal server project in GitHub isn't updated in 9 months. Have they talked about why they don't do server development in the open?
The Signal servers essentially pass around encrypted blobs from one device to another. Most of the development work is on extending the clients to pass around different types of messages, so there's not much work that needs to be done on the server.
9 months is a long time to go without updates though, especially if you just got a ton of extra users. While I definitely see your point, GP also has a point about development clearly not being open. It's "code available" software, not "open source server" software.