On November 16th, Meredith Whittaker, President of Signal, published a detailed breakdown of the popular encrypted messaging app’s running costs for the very first time. The unprecedented disclosure’s motivation was simple - the platform is rapidly running out of money, and in dire need of donations to stay afloat. Unmentioned by Whittaker, this budget shortfall results in large part due to the US intelligence community, which lavishly financed Signal’s creation and maintenance over several years, severing its support for the app.
Never acknowledged in any serious way by the mainstream media, Signal’s origins as a US government asset are a matter of extensive public record, even if the scope and scale of the funding provided has until now been secret. The app, brainchild of shadowy tech guru ‘Moxie Marlinspike’ (real name Matthew Rosenfeld), was launched in 2013 by his now-defunct Open Whisper Systems (OWS). The company never published financial statements or disclosed the identities of its funders at any point during its operation.
Sums involved in developing, launching and running a messaging app used by countless people globally were nonetheless surely significant. The newly-published financial records indicate Signal’s operating costs for 2023 alone are $40 million, and projected to rise to $50 million by 2025. Rosenfeld boasted in 2018 that OWS “never [took] VC funding or sought investment” at any point, although mysteriously failed to mention millions were provided by Open Technology Fund (OTF).
OTF was launched in 2012 as a pilot program of Radio Free Asia (RFA), an asset of US Agency for Global Media (USAGM), which is funded by US Congress to the tune of over $1 billion annually. In August 2018, its then-CEO openly acknowledged the Agency’s “global priorities…reflect US national security and public diplomacy interests.”
Archive links:
deleted
yet it’s fair to say that:
- Signal was incepted by US gov funds
- During most of it’s initial conception phase it was US gov funded
- therefore some of the characteristics its users still suffer today (like reliance on strong selectors, pinky-promise of non-retaining metadata, centralized architecture based on the same “cloud” as the one of the CIA and other decisions hostile to free/libre software users and ethics) originate from that era.
deleted
“Between 2013 and 2016, Open Whisper Systems received grants from the Shuttleworth Foundation,[49] the Knight Foundation,[50] and the Open Technology Fund.[51]”
“Marlinspike launched Open Whisper Systems’ website in January 2013.[2][1]”
(from the page you linked)
How is that not the OTF (100% funded by Radio Free Asia) since its inception? how is it not its initial conception phase?
deleted
well before 2013 it wasnt “Signal” but some proprietary software. After 2016 it wasn’t anymore “the initial phase”
Funny how you don’t seem to be wanting to see 2013-2016, but it’s OK. facts speak for themselves :)
I have mixed feelings about this article. It gets some stuff right, but also some stuff wrong and it misses some important details.
- I don’t think Signal has actually received money from OTF (Radio Free Asia) since 2015 or so; if it needed any today it would likely get it from one of the less transparent US government internet freedom funding vehicles. There is no indication they are “facing collapse” beyond a blog post talking about their expenses and soliciting donations.
- This article mentions “over a billion” people repeatedly, but doesn’t explain that number is actually referring to WhatsApp (which uses the encryption protocol developed by Signal). Signal says they have 40 million active users.
- It doesn’t mention that Brian Acton (billionaire WhatsApp founder) gave them a $50M interest-free loan when he co-founded the Signal Foundation with Moxie in 2018, and became its “executive chairman” or whatever. That “loan” had increased to over $100M by the end of 2018, and is presumably much larger today.
- It doesn’t mention that Signal Foundation president Meredith Whittaker worked at Google for over a decade, and co-founded a department there that worked alongside OTF on various internet freedom projects (and was later on the OTF advisory board herself)
- it doesn’t mention the salient properties of Signal which actually make it particularly beneficial to US interests (keeping the communications of privacy-desiring people associated with their phone numbers while concentrating their metadata on Amazon servers)
deleted
Did you read my other comment which is linked to from the one you’re replying to?
The parts of this reply that are in italics are direct quotes from it.
First, we have to assume a worst case scenario, where Signal not only logs all IP addresses (despite what multiple court cases have shown us), but that they do it both secretly and intentionally in order to store that data. Your theory already requires serious collusion between that company and the government, with no whistleblowers.
No, you don’t need to assume that Signal does anything. As I said, Signal says that they don’t retain any of this metadata, and I think it is likely that Signal employees are sincere when they say that. But someone with the right access at Signal’s ISP (Amazon) and anybody who can coerce, compel, or otherwise compromise those people (or their computers) can log it without Signal’s cooperation or knowledge.
And if that was the case, they wouldn’t want Sealed Sender actually functioning. So we also have to buy into an additional conspiracy that they added it as a red herring. What does your theory say about this: did they know they could work around it, or is it secretly flawed?
I think sealed sender does what it says it does, which is let you send messages without explicitly telling the server who the message is from. But that doesn’t change the fact that you’re connecting to their servers from the same IP address to send and receive and you need to identify yourself (with your phone number) to receive, so, the identity of the sender can be easily inferred if the server (or its operator) wants to correlate the information available to it.
Sealed sender only makes sense if the server is honest and doesn’t link the ‘anonymous’ sender with the non-anonymous receiver activities coming from the same IP address. But, if the server is honest, then a “no logging” policy would accomplish the same thing. Sealed sender is performative cryptography.
You can use words like “conspiracy” to dismiss the point, but tell me: if you’re completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?
How about the ease of which somebody could use Signal with a VPN? That defeats half of your metadata complaints.
A VPN hides your actual IP address from the server, but that is not the kind of metadata I’m talking about. I’m talking about who (which phone numbers, since that is Signal’s identifier) is talking to who, and when. A VPN only helps with this problem when there are other Signal users coming from the same VPN IP address at the same time as you, and then it only helps a little. It could help if you used a VPN for sending but not receiving, or vice-versa, or used different VPNs for each, but, Signal doesn’t do that (and if they did they’d probably run the ‘different’ VPNs themselves on cloud services anyway).
But if you were being fair, you would have to level the same accusation against every other messaging app, and the only ones I can think of have worse encryption (Session) or explicitly have servers under unilateral control (SimpleX) or fare far worse (Matrix, Threema, Wire, etc).
It’s ironic that the five things you picked actually all have the same major advantage over Signal (and WhatsApp, and Telegram): those five actually all are usable without a phone number! They each have their own problems, but at least it’s possible to use them all without a phone number!
What do you mean about SimpleX having servers under unilateral control? The software comes with several of the author’s servers baked in which you use by default, but I think it is easy to use a different one or to run your own. And a cool thing about SimpleX is that each direction of a conversation is on a different server, so within a single conversation you are often not sending and receiving from the same server, which is the opposite of the metadata centralization of Signal’s design. (Of course, when all of the servers involved are run by a single entity, which I think is probably the case for most SimpleX users today, that entity can still observe who is talking to who. But the protocol is explicitly designed to decentralize metadata instead of to centralize it. And it doesn’t use phone numbers, much less require them.)
deleted
it sounds like you’re formulating a conspiracy that implicates Signal themselves, claiming you believe they are being technically correct.
No, again, I think Signal employees sincerely believe that nobody is logging Signal metadata.
If I’m misreading your argument, please correct me. But there is a fine line between Just Asking Questions to promote a conspiracy theory, and just asking questions authentically, and it’s often hard to tell the difference.
There isn’t anything theoretical in what I’m saying, except for the implication that Signal’s financial backing might be related to its surveillance-friendly architecture.
You can use words like “conspiracy” to dismiss the point, but tell me: if you’re completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?
Because I’m not 100% confident, like most people under a broad range of reasonable threat models.
Good answer. So, when analyzing the security properties of thing that purports to protect against a compromised server, shouldn’t we logically consider the case that the server is compromised? And how does Sealed Sender fare in that case? Do you not see how it is performative cryptography?
Precisely. I think the design is good, but it’s a single entity controlling basically all the servers, which means that not only can they effectively be considered a single server, but using your argument they can effectively be assumed to be collecting the exact same metadata
Why do you think the default configured servers are “basically all the servers”? The way SimpleX works, if you’re using one of the default servers, and I am not, and we add each other as contacts, you probably wouldn’t even notice. And then we’d be each sending and receiving to eachother using servers operated by different entities. But again, even if we are both using the same default server, this is not “the exact same metadata” as Signal because there are no phone numbers involved.
US government: “Make us an app that people can use to subvert suppressive regimes.”
Developer: *makes Signal*
US Citizens: “Hey, that’s a useful app…” *installs*
US Government: “No, not like that!”
Developer: Um, hey, maybe you could donate?
US Citizens: Who are you? Wow, look at the time! \US government: “Make us an app that people can use so we are the only ones accessing their meta-data.” Developer: makes Signal US Government: 👍
deleted
Bruce Schneier is also probably just a conspiracy theorist, when he writes in 2014:
“By the way, the Register noted that Whisper Systems (along with Tor and several other privacy projects) received $450,000 from Radio Free Asia – which is pretty much an official State Department / CIA propaganda organ, isn’t it? How exactly does this work as a coherent national security strategy, when State is funding ‘privacy’ while NSA is funding eavesdropping? https://www.opentechfund.org/sites/default/files/attachments/otf2013annualreportfinal.pdf”
https://www.schneier.com/blog/archives/2014/11/whatsapp_is_now.html
oh and that linked annual report of the OTF, like the following ones, doesn’t seem to be online anymore… :))
what a joke
deleted
You’re right! I don’t know either.
The facts remain, though.
Removed by mod
Sorry everyone, I did try searching the lemmyverse for any previous postings of this article using “signal” in the search feature on my instance, but it turned up nothing at the time.
Lemmy.world seems to have a handle on all the cross posts: https://lemmy.world/post/9121235
deleted
Removed by mod
This article sounds extremely fishy and borderline conspiracy-like to me.
Imho the only guarantee of privacy I need is the source code.
Just dont stop at starbucks one morning and send those 5 bucks to Signal. One coffee a year will make a difference. I have my rocket emoji already.
The bit about Tor is interesting
Yeah, I got called an idiot for pointing out that connection here a few weeks ago.
deleted
Wait til you hear where TOR gets its funding!
Test
deleted by creator