I wish Signal was developed more openly, more like the linux kernel for a "critical infrastructure" example. I wish it had more features, so it could take the place of something like Slack. I wish it supported interoperability like fedi.
But it's good for what it is and I sure am glad it's around. People who disrespect it don't know what they're talking about.
You know, if you want to replace Slack, look into Mattermost. It's foss but otherwise pretty much exactly what Slack does so well.
This is a very rude question, but on this subject of being lean, I looked up your 990 and you pay yourself less than some of your engineers.
Yes, and our goal is to pay people as close to Silicon Valley’s salaries as possible, so we can recruit very senior people, knowing that we don’t have equity to offer them. We pay engineers very well. [Leans in performatively toward the phone recording the interview.] If anyone’s looking for a job, we pay very, very well.
So, I googled their tax filing out of curiosity. It's true that Meredith pays herself much less than her engineers, which is great. What I was rather shocked to see is that they pay their software developers enormous salaries. They're listing developers making over $400,000 per year, with their VP making over $660,000 per year. Now, I'm all for the value-creators making more money than the CEO. I just had no idea that software developers make that kind of coin. I was thinking of donating to Signal, but I'm kind of weirded out by those astronomical salaries.
That's inline with Silicon valley salaries. Basic houses cost 2mil there, so it's not completely outrageous.
As an example, openai pays all its engineers 300k flat+500k/yr in some stock based asset. Another example is Netflix, who are notoriously a very fickle employer, but salaries start in the 400k range and go up from there.
Yes, the article makes the point that Signal needs to compete for talent with the rest of Silicon Valley. I get that. And we've all heard about the nearly unfathomable amounts of money that tech companies throw around. When you break it down to individual salaries, though, and see that even normal people in normal jobs are making a million dollars a year between salary and stock... well, I think it really exposes the spectacular wealth inequality that we have allowed to fester. I mean, sure, shelter costs may be high in Silicon Valley, but the cost of other goods remain about the same. A $50,000 truck that an average person in Nebraska might have to save for years to afford is barely a rounding error for folks making a million a year. I'm no economist, but it does seem like there are consequences for this kind of ever-growing wealth inequality.
It is also absurd on its face for a multi-millionaire developer to place a "Donate Now" button in an app and talk about being a non-profit to tug at the heart strings of people who make one-tenth of what the developers are making. It's feels like Scrooge asking Tiny Tim for a donation.
Anyway, I don't blame the developers for this absurd situation, and I do appreciate Signal, and Meredith is clearly a cool person who is fighting the good fight against big tech surveillance. But every once in a while an article like this reminds me how deeply fucked up the world is. It seems we are approaching pre-French Revolution levels of economic disparity, and maybe it helps explain why so many working class people are pissed off.
Not all SW devs make that kind of money. I don't live in Silicon Valley, and I make significantly less than that amount. I could probably get a job there making somewhere north of $300k, but my expenses would go through the roof and I'd be stuck in SV traffic all the time, no thank you. I get paid well, but less than half what Signal is paying.
Yeah, that's not especially enormous compared to startups in the valley offering huge equity alongside already generous compensation packages.
My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.
You can use a username only for finding and adding friends, you only need the phone number to create an account. That's probably because Signal started as an alternative to Messages (or whatever it was called back then), so you could send SMS if you wanted, or secure messages to friends w/ Signal. The whole point was to be a gentle transition from SMS to private messaging. However, they eventually dropped the SMS feature, but it seems they kept the phone number as username thing.
It kind of sucks, but I think that's a reasonable limitation since the vast majority of people using this service will have a phone number. You could probably even sign up for a free trial of something (e.g. Google Fi) to sign up for Signal, set up the username, and then drop the phone number service. I don't know if there are any problems with this, but I don't think they do anything with your phone number after everything is set up.
I think another reason they use a phone number is that it can mitigate issues with people or bots creating hundred of accounts maybe
Yeah. And I don't fault them for this route. I just with I could sign up without a phone number. Maybe the username thing is a predecessor to allowing usernam-only registration in the future.
It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I won't use Telegram or Signal because of this.
It's about your posture. Most people who use signal use it to have privacy from governments. They're not hiding that they use signal, they're hiding what they write on signal. In this case, using your phone number isn't a big deal.
Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.
Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is "good enough" for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I don't know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.
But putting a phone number in immediately exposes protesters to association. Sure, Signal can't give out the contents of messages, but it still has the chain of contact. So if a government gets hold of this record, legally or otherwise, now you have everyone associated to a suspect phone number/person and can start rounding them up.
It's the complete antithesis of freedom of association when there's a record of everyone that you've contacted. The contents don't enter into that problem, and I can't see why they feel the need to keep this as part of their system. It purposely makes it impossible to use this for something like peaceful protest. So, no, it doesn't give you privacy from governments, because governments that don't respect freedom of association will use that information to punish dissidents.
I can't imagine any reason to use phone numbers except to purposefully keep this chain of association for governments to use. Even Facebook doesn't require this sort of personal proof, and it's suspicious as hell.
Sure, Signal can't give out the contents of messages, but it still has the chain of contact.
it doesn't. they've been ordered to hand over data multiple times, and the only thing tied to the phone number they have is 1. time the account has been created and 2. last time the account connected to the server: https://signal.org/bigbrother/
Signal is the best thing going on in tech these days. I’m very glad it’s being led by Meredith Whittaker.
Did you know you can get a cool badge on your profile pic if you’re a recurring donor? $5 a month is far less than the value I get from it, but that’s all it takes for a cool badge (and knowing that you’re doing something active against the awful state of big tech today).
As long as they stay away from public 'channels.'
There lie dragons.
What is signal anyway? I've never paid attention to phone apps much. Why isn't it on F-droid if it's FOSS? Is it like irc but with encryption? I guess I should look into it.
Why isn't it on F-droid if it's FOSS?
That got me interested and apparently, they fear forks running out of date.
Concerning F-Droid, we already providing an auto-updating APK directly from our site, and we really don't want forked versions of the app maintained by other parties connecting to our servers. Not only could the users using the forked version have a subpar experience, but the people they're talking to (using official clients) could also have a subpar experience (for example, an official client could try to send a new kind of message that the fork, having fallen out of date, doesn't support). I know you say you'd advocate for a build expiry, but you know how things go. Of course you have our full support if you'd like to fork Signal, name it something else, and use your own servers.
While that statement got plenty of thumbs down, I hate to admit that F-Droid is indeed out of date quite often. I currently can't find a source for this but I once read this has something to do with their signing process.
Yes, they manually sign every package.
But they could easily have their own F-Droid repository, I have repositories for FUTO apps like Grayjay and their keyboard, Bitwarden, and Newpipe, among others. Those are run by the projects themselves, so they're in charge of how often they update it, as well as how they sign it. So if they have issues with the "official" F-Droid repositories, they can always host their own. I honestly prefer projects that host their own repos precisely because they should, in theory, update faster.
That said, a self-updating APK is good enough for me. However, I didn't see an install option easily listed on their website and had to search for "signal android apk" to find the page. It should be listed on the regular install page on their website, next to the link to Google Play. I found three separate pages for getting it for Android, and all three had a link to Google Play and only one had the APK.
Nobody is going to use Signal when it lacks so many features. Feels like MSN messenger compared to it's peers.
what do you mean? i use it a lot and it works great, photos, videos, phone calls, optional temporary location sharing with friends, and encryption.
what features do you want it to have that it's lacking?
Don't forget, cross-platform!
i totally forgot, another great point
Don’t forget voice calls! It has some rough edges there (my audio doesn’t always connect successfully, etc), but when it works the codec sounds better than a standard phone call and there’s no mass surveillance. I use it in place of phone calls for all the people in my network who have it, including my immediate family.
that's a great point, i use the voice calls daily.
added above.
I'm guessing they probably want stickers or something
Edit: apparently this is available on signal so I have no fucking idea then
This is a most excellent place for technology news and articles.
