Signal’s president reveals the cost of running the privacy-preserving platform—not just to drum up donations, but to call out the for-profit surveillance business models it competes against.
The encrypted messaging and calling app Signal has become a one-of-a-kind phenomenon in the tech world: It has grown from the preferred encrypted messenger for the paranoid privacy elite into a legitimately mainstream service with hundreds of millions of installs worldwide. And it has done this entirely as a nonprofit effort, with no venture capital or monetization model, all while holding its own against the best-funded Silicon Valley competitors in the world, like WhatsApp, Facebook Messenger, Gmail, and iMessage.
Today, Signal is revealing something about what it takes to pull that off—and it’s not cheap. For the first time, the Signal Foundation that runs the app has published a full breakdown of Signal’s operating costs: around $40 million this year, projected to hit $50 million by 2025.
Signal’s president, Meredith Whittaker, says her decision to publish the detailed cost numbers in a blog post for the first time—going well beyond the IRS disclosures legally required of nonprofits—was more than just as a frank appeal for year-end donations. By revealing the price of operating a modern communications service, she says, she wanted to call attention to how competitors pay these same expenses: either by profiting directly from monetizing users’ data or, she argues, by locking users into networks that very often operate with that same corporate surveillance business model.
“By being honest about these costs ourselves, we believe that helps provide a view of the engine of the tech industry, the surveillance business model, that is not always apparent to people,” Whittaker tells WIRED. Running a service like Signal—or WhatsApp or Gmail or Telegram—is, she says, “surprisingly expensive. You may not know that, and there’s a good reason you don’t know that, and it’s because it’s not something that companies who pay those expenses via surveillance want you to know.”
Signal pays $14 million a year in infrastructure costs, for instance, including the price of servers, bandwidth, and storage. It uses about 20 petabytes per year of bandwidth, or 20 million gigabytes, to enable voice and video calling alone, which comes to $1.7 million a year. The biggest chunk of those infrastructure costs, fully $6 million annually, goes to telecom firms to pay for the SMS text messages Signal uses to send registration codes to verify new Signal accounts’ phone numbers. That cost has gone up, Signal says, as telecom firms charge more for those text messages in an effort to offset the shrinking use of SMS in favor of cheaper services like Signal and WhatsApp worldwide.
Another $19 million a year or so out of Signal’s budget pays for its staff. Signal now employs about 50 people, a far larger team than a few years ago. In 2016, Signal had just three full-time employees working in a single room in a coworking space in San Francisco. “People didn’t take vacations,” Whittaker says. “People didn’t get on planes because they didn’t want to be offline if there was an outage or something.” While that skeleton-crew era is over—Whittaker says it wasn’t sustainable for those few overworked staffers—she argues that a team of 50 people is still a tiny number compared to services with similar-sized user bases, which often have thousands of employees.
read more: https://www.wired.com/story/signal-operating-costs/
archive link: https://archive.ph/O5rzD
Their leadership team is not overpaid relative to the industry and they are highly deserved of those salaries. They make an excellent product. The point isn’t that the leadership team makes 5mil between them, a drop in the bucket of the 50mil total operating cost. It’s hard to read your comment as anything but disingenuous.
Yeah, and about that historical comparison… WhatsApp sold out for $21bn. Signals top earners collectively would have to work for 4200 years to get there.
Those guys deserve every cent of their paycheck, because probably any of them could easily earn multiple of that at another company… given their skills and knowledge in the field.
The biggest miracle is them not selling out.
Jim O’leary (Vp, Engineering) $666,909 $0 $33,343
Ehren Kret (Chief Technology Officer) $665,909 $0 $8,557
Aruna Harder (Chief Operating Officer) $444,606 $0 $20,500
Graeme Connell (Software Developer) $444,606 $0 $35,208
Greyson Parrelli (Software Developer) $422,972 $0 $35,668
Jonathan Chambers (Software Developer) $420,595 $0 $28,346
Meredith Whittaker (Director / Pres Of Signal Messenger) $191,229 $0 $6,032
For anyone wondering: First number is base, second is related, third is other. I have no clue what those terms mean.
https://projects.propublica.org/nonprofits/organizations/824506840
I don’t know why developers are making more than the president of the company here, but that’s nice to see.
Usually the person setting the wages is setting their own wage higher than the rest.
It’s also wild to me that some developers are making nearly half a million a year. I can’t even crack 100k in my local currency (about $75k/yr USD) and my job is to run the infrastructure. If I don’t do my job, the company goes offline and all that fancy programming amounts for nothing.
US tech wages are just nuts. In the UK I’m basically maxed out for a non-London based software dev at about £70k (~$87k). Meanwhile I have a friend who has managed to land a job with a London based US tech firm on about £120k (~$150k) which is massive for here but reading this is still a long way off what is possible.
Here’s the thing with pay: they can either pay these people or find someone who will accept less.
These employees have options. Signal is competing with other companies to hire them, so the pay is determined by that market.
As for the “free” part, yep, the consumer determines the value here, and since most people are pretty content with garbage like SMS or WhatsApp (which is monetized by your data), “free” is what Signal is competing with.
Fortunately, those of us “in the know” have the opportunity to promote a free app to help build the network effect, and we can financially contribute as part of that.
(Not criticizing, just adding perspective).
Shitting on a company’s shit pay strucute is reasonable, but you can’t ignore that this is always a choice between other options. Google and Apple are at least as bad in that regard, and they’re worse in other ways. Steps in the right direction are better than not doing anything because there’s no perfect option. When you do that, things get worse, because the companies will force you to take steps the wrong way.
Can we really call a business nonprofit if they pay their CEO 5.7 million a year? Over 10% of operating costs going to one employee? That’s fucking insane
Edit - incorrect information
They are paying their CEO $0. Brian Acton, previously founder of WhatsApp, the guy who initially bankrolled the whole non-profit by a $50 million, 50 year, non-secured, 0% interst loan, later giving even more.
Source: https://en.wikipedia.org/wiki/Signal_Foundation#History
They pay some other C levels 400-600k. Source: https://projects.propublica.org/nonprofits/organizations/824506840 (compensation section)
Tech pay in the US.
Not wholly relevant to the above story, but worth calling out regardless.
But 19 million in costs for 50 staff would put everyone at roughly that wage right? Or what have I missed here
You’ve got tax, insurance, retirement plans, trainings…
The average wage will be around 200k. Still a lot for the average person, but not much for an experienced programmer/ sysadmin.
I am getting scared… That is not a normal pay here for an experienced developer. Who gets over 10k a month?! Sign me up! I would say even 100k in a year is a lot for someone, 60k to 80k is a bit more normal. But we also get payed vacationdays (30 days) plus all of the payed holidays and half days, and payed sickleave (80% of your pay) and monthly pension (4-6% of the pay). But that does not cost 140k - 120k for a company, and that was low?..
Everyone think this is normal in the us?!
Session, a fork of Signal, is better because as far as privacy goes as you don’t have to download it from a store that violates your privacy. Just go to the offcial site and download the apk.
I really only use matrix/element I just was just shocked they’re paying 6 mil a year for phone verification and they aren’t completely underwater
I use element, but for communication with family and friends I use signal. Element app is not as simple, it is a little clunky/buggy and slow. It is not ready for “normal” people.
You can download a self updating apk from Signal’s official website
As far as I know, this version doesn’t have push notifications for microG or google, so it will drain your battery a lot faster because it’s always on. People should just download the Google play version with Aurora Store.
The Aurora Store still uses Google for some pieces, it just provides an anonymized wrapper for them. The Aurora Store developer has an avatar of himself wearing a mask with the following profile info on GitLab.
Aayush Gupta (He, Him, His)
@theimpulson
Member since March 03, 2018
Bhilai, India
1:07 AM
Android Developer at Calyx Institute
aayush.io
aayushgupta219@gmail.com
He’s using Gmail, is that supposed to be ironically funny running all our engagement for his de-Googled product - through Google?
Before I switched to Graphene I ran CalyxOS. It was hacked to pieces and is no where near GrapheneOS or even PostmarketOS I’d say. In fact, I think iOS is probably more secure than CalyxOS!
As well microG has this, anyone step through all that code to verify?
topDomainOf(Uri.parse(appId).host) == "gstatic.com" && rpId == "google.com" -> {
// Valid: Hardcoded support for Google putting their app id under gstatic.com.
// This is gonna save us a ton of requests
true
}
I’ve verified that a straight Session apk install on GrapheneOS does not use Google in any way.
This version detects if you have Google Play Services when you first launch it. If you do, it’ll use it, if not, it moves to websockets.
If you installed GPS after launching Signal, you’ll need to go to in and erase Signal’s app data for it to reset again.
The biggest benefit is that Session can run completely independant of platform (Google/Apple) push services and will run completely self-contained. You can set Session to check for messages every X minutes. Of course while the app is open and focused, it’s real-time. This removes metadata collection on when/where/how you are messaging.
