On November 16th, Meredith Whittaker, President of Signal, published a detailed breakdown of the popular encrypted messaging app’s running costs for the very first time. The unprecedented disclosure’s motivation was simple - the platform is rapidly running out of money, and in dire need of donations to stay afloat. Unmentioned by Whittaker, this budget shortfall results in large part due to the US intelligence community, which lavishly financed Signal’s creation and maintenance over several years, severing its support for the app.
  • Pfosten@feddit.deEnglish
    871·
    10 months ago

    This article is ahistoric and unnecessarily conspirational.

    Signal and its predecessors like TextSecure have been run by different companies/organizations:

    • Whisper Systems
    • Open Whisper Systems
    • Signal Technology Foundation (and its subsidiary Signal Messenger LLC)

    Open Whisper Systems received about 3M USD total from the US government via the Open Technology Fund for the purpose of technology development … during 2013 to 2016. Source: archive of the OTF website: https://web.archive.org/web/20221015073552/https://www.opentech.fund/results/supported-projects/open-whisper-systems/

    The Signal Foundation (founded 2018) was started by an 105M USD interest free loan from Brian Acton, known for co-founding WhatsApp and selling it to Facebook (now Meta).

    So important key insights:

    • It doesn’t seem like the Signal Foundation received US government funding. (Though I haven’t checked financial statements.)
    • The US government funding seems to be a thing of the fairly distant past (2016). The article makes it sound like the funding was just pulled this year.
    • The US government funding was small compared to Signal’s current annual budget. It was not small at the time, but now Signal regularly makes more from licensing its technology than it regularly received from the US government. According to ProPublica, Signals financial statements for 2022 indicate revenue of about 26M USD
    • effward@lemmy.worldEnglish
      4·
      10 months ago

      Thank you for sharing this!

      One question: how can the loan from Brian Acton be interest free? I thought the federal government imposed minimum interest rates to prevent people from bypassing tax-free gifting limits.

    • Arthur Besse@lemmy.mlEnglish
      1·
      10 months ago

      It doesn’t seem like the Signal Foundation received US government funding

      The article doesn’t say that Signal Foundation did, it says Signal did… which is well-documented in OTF’s annual reports among other places.

      I agree that this article has lots of other problems, though; I describe more in my comment about it in another thread.

  • Otter@lemmy.caEnglish
    421·
    10 months ago

    The other comment by @Pfosten@feddit.de focuses on the contents of the article, which are more important. I took a peek at the author, Kit Klarenberg.

    The author also writes for The Grayzone (thegrayzone.com/author/kit-klarenberg/), which gets posted on Lemmy occasionally. Among other questionable and misleading pieces, The Grayzone and Kit put out articles ‘calling out’ Bellingcat and TOR…

    For the stuff below, if you have doubts in the source, please follow up on the linked sources each one contains. To be clear, we do need to hold these tools and services accountable. Spreading misleading content does not help with that. Even worse if it’s intentional disinformation

    https://en.wikipedia.org/wiki/The_Grayzone

    an American fringe,[7] far-left[19] news website and blog,[23] founded and edited by American journalist Max Blumenthal

    The website, initially founded as The Grayzone Project,[24] was affiliated with AlterNet before becoming independent in early 2018.[4] It is known for its critical coverage of the US and its foreign policy,[1] misleading reporting,[25][26] and sympathetic coverage of authoritarian regimes.[4][21][27][28] The Grayzone has downplayed or denied the Chinese government’s human rights abuses against Uyghurs,[32] published conspiracy theories about Venezuela, Xinjiang, Syria, and other regions,[33][34] and published pro-Russian propaganda during the Russian invasion of Ukraine.

    https://mediabiasfactcheck.com/the-grayzone/

    Overall, we rate The Grayzone Far-Left Biased and Questionable based on the promotion of propaganda, conspiracy theories, and consistent one-sided reporting.

  • cjf@feddit.ukEnglish
    14·
    10 months ago

    This is certainly one way to spin this.

    It doesn’t touch on all the other donations signal receives, including the major loan from Brian Acton. The OTF isn’t the only source of funding that signal has.

    Signal will be fine. In fact now that the OTF have withdrawn funding it’ll probably shake off the weird take that Signal is CIA tech.

    • bobgusford@lemmy.worldEnglish
      7·
      10 months ago

      OTF funding is also not a direct indication of funding from US intelligence or backdoors in the code. OTF could just be promoting development of software that breaks free of repressive regimes, which indirectly benefits US foreign policy.

  • jet@hackertalks.comEnglish
    134·
    10 months ago

    If signal can collapse because of a single contributor withdrawing support, then it kind of deserves to die. If It’s not robust enough to withstand the lack of money, it would never stand up to government intervention.

    Though I suspect signal is perfectly fine, this is just an outrage seeking article for clicks. Or unnecessary conspiracy. If you don’t trust signal, you have other options like simple x, briar…

    • Otter@lemmy.caEnglish
      15·
      10 months ago

      Intentional conspiracy, judging by who the author writes for

      • jet@hackertalks.comEnglish
        2·
        10 months ago

        It’s a good thought experiment. Let’s assume signal is a conspiracy.

        What do we do now?

        The article doesn’t seem to have any thesis here. If signal becomes untenable:

        Briar and simple x are the most promising in my mind, but I know there’s a lot of proponents of matrix.

        I personally don’t think session is sustainable, simply because they don’t have any development going on, no perfect forward secrecy added.

        If we’re talking about the signal replacement, we need a way for people to find their contacts. A phone contact list as a social graph is pretty good. I could see that being added as a discovery, optional, service for simplex, or even briar. But that would probably take quite a bit of development of work to do it in a non-Spammy fashion

          • jet@hackertalks.comEnglish
            1·
            10 months ago

            Yeah they had perfect forward secrecy when they forked from signal, and then they tore it out because it was too complex to fit in there model. That’s an admission their bad programmers, and we shouldn’t trust them with crypto, or nefarious and we shouldn’t trust them with crypto.

            Going back to what’s next:

            Contact Discovery is the major hurdle to adoption of any really secure platform. I do appreciate signals SGX enclaves, they solve the problem in a nice way… If you trust SGX enclaves. That being said, that’s not the only way to do it. Though I can’t think of many contact discovery mechanisms that don’t rely on a central source of truth. Maybe that’s the necessary evil for onboarding, but it doesn’t have to be part of the day-to-day operations.

  • davidgro@lemmy.worldEnglish
    146·
    10 months ago

    Wow. I really had no idea. I’m unsure if this implies anything about its security or not, the article kinda glosses over it I think.

    The other comments have clarified that the article was (at best) very misleading.

  • pdt8@futurology.todayEnglish
    518·
    10 months ago

    Always knew this project was a honeypot since they need your phone number to function. Why would a foss app force you to use a phone number? I bet the cia and other three letter organizations spend money advertising signal on various platforms.

    • Pfosten@feddit.deEnglish
      9·
      10 months ago

      For a project like Signal, there are competing aspects of security:

      • privacy and anonymity: keep as little identifiable information around as possible. This can be a life or death thing under repressive governments.

      • safety and anti-abuse: reliably block bad actors such as spammers, and make it possible for users to reliably block specific people (e.g. a creepy stalker). This is really important for Signal to have a chance at mass appeal (which in turn makes it less suspicious to have Signal installed).

      Phone number verification is the state of the art approach to make it more expensive for bad actors to create thousands of burner accounts, at the cost of preventing fully anonymous participation (depending on the difficulty of getting a prepaid SIM in your country).

      Signal points out that sending verification SMS is actually one of its largest cost centers, currently accounting for 6M USD out of their 14M USD infrastructure budget: https://signal.org/blog/signal-is-expensive/

      I’m sure they would be thrilled if there were cheaper anti-abuse measures.

        • BearOfaTime@lemm.eeEnglish
          7·
          10 months ago

          Bad actors can buy one.

          What does it cost to buy hundreds? It’s a great deterrent to bad actors creating many accounts.

          I really, really, really dislike using my phone number to verify. Like so much so it kept me off signal until about 6 months ago.

          I get it. I don’t like it, but I get the compromise until they can develop a better mechanism

            • jet@hackertalks.comEnglish
              1·
              10 months ago

              You could run a network like signal, and either charge a small amount of money per message, or a larger amount of money to register with the network.

              Hell you could do the WhatsApp model, charge a dollar for new users, the pay for the registration verification. The same thing.

              You just need some mechanism to add friction for mass spamming, be that money time or complexity.