this post was submitted on 28 Aug 2024
609 points (98.0% liked)

Technology

59495 readers
3081 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] kbal@fedia.io 110 points 2 months ago (13 children)

I wish Signal was developed more openly, more like the linux kernel for a "critical infrastructure" example. I wish it had more features, so it could take the place of something like Slack. I wish it supported interoperability like fedi.

But it's good for what it is and I sure am glad it's around. People who disrespect it don't know what they're talking about.

[–] noughtnaut@lemmy.world 48 points 2 months ago (1 children)

You know, if you want to replace Slack, look into Mattermost. It's foss but otherwise pretty much exactly what Slack does so well.

load more comments (1 replies)
[–] ninjaturtle@lemmy.today 23 points 2 months ago (4 children)

Isn't matrix more like slack that you are looking for?

load more comments (4 replies)
load more comments (11 replies)
[–] Frozyre@kbin.melroy.org 78 points 2 months ago (1 children)

Bless the era of technology where Signal and ProtonMail exist.

[–] chemicalwonka@discuss.tchncs.de 22 points 2 months ago (8 children)

Signal yes, Proton I have my doubts

[–] BassTurd@lemmy.world 43 points 2 months ago (28 children)

I think yours is the first comment I've read that has Proton hesitancy. I'm curious what your reservations are.

[–] ElectroLisa@lemmy.blahaj.zone 11 points 2 months ago (1 children)

Not OP, I've heard criticism of their recent Duo subscription and their bitcoin wallet.

I use Proton services and my biggest gripe is their mediocre Linux VPN app. No binaries to download/Flatpak, advertised port-forwarding isn't fully implemented and requires playing around in a terminal, and UI feels less polished than it's Windows counterpart.

There's a community made Flatpak of ProtonVPN though, in case it helps anyone

load more comments (1 replies)
load more comments (27 replies)
load more comments (7 replies)
[–] sailingbythelee@lemmy.world 64 points 2 months ago (4 children)

This is a very rude question, but on this subject of being lean, I looked up your 990 and you pay yourself less than some of your engineers.

Yes, and our goal is to pay people as close to Silicon Valley’s salaries as possible, so we can recruit very senior people, knowing that we don’t have equity to offer them. We pay engineers very well. [Leans in performatively toward the phone recording the interview.] If anyone’s looking for a job, we pay very, very well.

So, I googled their tax filing out of curiosity. It's true that Meredith pays herself much less than her engineers, which is great. What I was rather shocked to see is that they pay their software developers enormous salaries. They're listing developers making over $400,000 per year, with their VP making over $660,000 per year. Now, I'm all for the value-creators making more money than the CEO. I just had no idea that software developers make that kind of coin. I was thinking of donating to Signal, but I'm kind of weirded out by those astronomical salaries.

[–] mosiacmango@lemm.ee 40 points 2 months ago* (last edited 2 months ago) (1 children)

That's inline with Silicon valley salaries. Basic houses cost 2mil there, so it's not completely outrageous.

As an example, openai pays all its engineers 300k flat+500k/yr in some stock based asset. Another example is Netflix, who are notoriously a very fickle employer, but salaries start in the 400k range and go up from there.

[–] sailingbythelee@lemmy.world 23 points 2 months ago* (last edited 2 months ago) (1 children)

Yes, the article makes the point that Signal needs to compete for talent with the rest of Silicon Valley. I get that. And we've all heard about the nearly unfathomable amounts of money that tech companies throw around. When you break it down to individual salaries, though, and see that even normal people in normal jobs are making a million dollars a year between salary and stock... well, I think it really exposes the spectacular wealth inequality that we have allowed to fester. I mean, sure, shelter costs may be high in Silicon Valley, but the cost of other goods remain about the same. A $50,000 truck that an average person in Nebraska might have to save for years to afford is barely a rounding error for folks making a million a year. I'm no economist, but it does seem like there are consequences for this kind of ever-growing wealth inequality.

It is also absurd on its face for a multi-millionaire developer to place a "Donate Now" button in an app and talk about being a non-profit to tug at the heart strings of people who make one-tenth of what the developers are making. It's feels like Scrooge asking Tiny Tim for a donation.

Anyway, I don't blame the developers for this absurd situation, and I do appreciate Signal, and Meredith is clearly a cool person who is fighting the good fight against big tech surveillance. But every once in a while an article like this reminds me how deeply fucked up the world is. It seems we are approaching pre-French Revolution levels of economic disparity, and maybe it helps explain why so many working class people are pissed off.

load more comments (1 replies)
[–] sugar_in_your_tea@sh.itjust.works 17 points 2 months ago

Not all SW devs make that kind of money. I don't live in Silicon Valley, and I make significantly less than that amount. I could probably get a job there making somewhere north of $300k, but my expenses would go through the roof and I'd be stuck in SV traffic all the time, no thank you. I get paid well, but less than half what Signal is paying.

[–] Linktank@lemmy.today 15 points 2 months ago (1 children)

I mean, how does a free app with no advertising in it make that kind of money?

[–] trailee@sh.itjust.works 22 points 2 months ago* (last edited 2 months ago)

A free app with no advertising doesn’t make that kind of money, it gets progressively deeper into debt to a good Silicon Valley rich guy who got it off the ground, Brian Acton.

His biography on the Signal Foundation website:

Brian Acton is an entrepreneur and computer programmer who co-founded the messaging app WhatsApp in 2009. After the app was sold to Facebook in 2014, Acton decided to leave the company due to differences surrounding the use of customer data and targeted advertising to focus his efforts on non-profit ventures. In February of 2018, Acton invested $50 million of his own money to start the Signal Foundation alongside Moxie Marlinspike. Signal Foundation is a nonprofit organization dedicated to doing the foundational work around making private communication accessible, secure and ubiquitous.

Prior to founding WhatsApp and Signal Foundation, Acton worked as a software builder for more than 25 years at companies like Apple, Yahoo, and Adobe.

The Wikipedia article on the Foundation says the loan balance was up to $105M later in 2018. Meanwhile, Acton is still worth $2.5B according to Wikipedia, so things are probably fine for now, even 6 years later.

But you’re right that Signal eventually needs revenue to keep even a small team of high caliber software engineers and devsecops folks around. You very much want excellent engineers to continue to be involved with critical encrypted communications software on an ongoing basis, so it will cost money indefinitely. Presumably Acton does not wish to bankroll it indefinitely.

Again back to the interview:

I wouldn’t imagine that most nonprofits pay engineers as much as you do.

Yeah, but most tech is not a nonprofit. Name another nonprofit tech organization shipping critical infrastructure that provides real-time communications across the globe reliably. There isn’t one.

This is not a hypothesis project. We’re not in a room dreaming of a perfect future. We have to do it now. It has to work. If the servers go down, I need a guy with a pager to get up in the middle of the fucking night and be on that screen, diagnosing whatever the problem is, until that is fixed.

So we have to look like a tech company in some ways to be able to do what we do.

I’m really glad they pay those engineers that much, so that Zuckerberg and his ilk can’t entice them away with oodles of money. One presumes they also believe in the cause, but I think this currently looks like Acton fighting surveillance capitalism with what capitalism got for him earlier in his career.

Cofounder Moxie Marlinspike is clearly a brilliant hacker and coder who was crucial to Signal’s creation, but I think it makes sense that he hasn’t stuck around to try to solve the long term business problem of keeping it aloft infinitely.

So what to do about it? The OP interview is with Meredith Whittaker, who’s entire job is figuring that out:

Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come—with zero compromises or corporate entanglements—so it can serve as a model for an entirely new kind of tech ecosystem.

I’m a recurring donor because I want Signal to succeed and I want to vote now with my wallet, but fundamentally it’s on Whittaker to figure out how to make the long term work. Here’s what she says:

I see Signal in 10 years being nearly ubiquitous. I see it being supported by a novel sustainability infrastructure—and I’m being vague about that just because I think we actually need to create the kinds of endowments and support mechanisms that can sustain capital-intensive tech without the surveillance business model. And that’s what I’m actually engaged in thinking through.

load more comments (1 replies)
[–] 01189998819991197253@infosec.pub 52 points 2 months ago (4 children)

My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.

[–] sugar_in_your_tea@sh.itjust.works 34 points 2 months ago (23 children)

You can use a username only for finding and adding friends, you only need the phone number to create an account. That's probably because Signal started as an alternative to Messages (or whatever it was called back then), so you could send SMS if you wanted, or secure messages to friends w/ Signal. The whole point was to be a gentle transition from SMS to private messaging. However, they eventually dropped the SMS feature, but it seems they kept the phone number as username thing.

It kind of sucks, but I think that's a reasonable limitation since the vast majority of people using this service will have a phone number. You could probably even sign up for a free trial of something (e.g. Google Fi) to sign up for Signal, set up the username, and then drop the phone number service. I don't know if there are any problems with this, but I don't think they do anything with your phone number after everything is set up.

[–] EpicGamer@lemmy.world 14 points 2 months ago (1 children)

I think another reason they use a phone number is that it can mitigate issues with people or bots creating hundred of accounts maybe

load more comments (1 replies)
load more comments (22 replies)
[–] ikidd@lemmy.world 14 points 2 months ago (2 children)

It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I won't use Telegram or Signal because of this.

[–] 01189998819991197253@infosec.pub 35 points 2 months ago (7 children)

It's about your posture. Most people who use signal use it to have privacy from governments. They're not hiding that they use signal, they're hiding what they write on signal. In this case, using your phone number isn't a big deal.

Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.

Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is "good enough" for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I don't know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.

load more comments (7 replies)
load more comments (1 replies)
load more comments (2 replies)
[–] trailee@sh.itjust.works 44 points 2 months ago (1 children)

Signal is the best thing going on in tech these days. I’m very glad it’s being led by Meredith Whittaker.

Did you know you can get a cool badge on your profile pic if you’re a recurring donor? $5 a month is far less than the value I get from it, but that’s all it takes for a cool badge (and knowing that you’re doing something active against the awful state of big tech today).

load more comments (1 replies)
[–] fubarx@lemmy.ml 14 points 2 months ago

As long as they stay away from public 'channels.'

There lie dragons.

[–] solrize@lemmy.world 8 points 2 months ago (8 children)

What is signal anyway? I've never paid attention to phone apps much. Why isn't it on F-droid if it's FOSS? Is it like irc but with encryption? I guess I should look into it.

[–] RecluseRamble@lemmy.dbzer0.com 22 points 2 months ago (7 children)

Why isn't it on F-droid if it's FOSS?

That got me interested and apparently, they fear forks running out of date.

Concerning F-Droid, we already providing an auto-updating APK directly from our site, and we really don't want forked versions of the app maintained by other parties connecting to our servers. Not only could the users using the forked version have a subpar experience, but the people they're talking to (using official clients) could also have a subpar experience (for example, an official client could try to send a new kind of message that the fork, having fallen out of date, doesn't support). I know you say you'd advocate for a build expiry, but you know how things go. Of course you have our full support if you'd like to fork Signal, name it something else, and use your own servers.

While that statement got plenty of thumbs down, I hate to admit that F-Droid is indeed out of date quite often. I currently can't find a source for this but I once read this has something to do with their signing process.

[–] sugar_in_your_tea@sh.itjust.works 12 points 2 months ago* (last edited 2 months ago) (1 children)

Yes, they manually sign every package.

But they could easily have their own F-Droid repository, I have repositories for FUTO apps like Grayjay and their keyboard, Bitwarden, and Newpipe, among others. Those are run by the projects themselves, so they're in charge of how often they update it, as well as how they sign it. So if they have issues with the "official" F-Droid repositories, they can always host their own. I honestly prefer projects that host their own repos precisely because they should, in theory, update faster.

That said, a self-updating APK is good enough for me. However, I didn't see an install option easily listed on their website and had to search for "signal android apk" to find the page. It should be listed on the regular install page on their website, next to the link to Google Play. I found three separate pages for getting it for Android, and all three had a link to Google Play and only one had the APK.

load more comments (1 replies)
load more comments (6 replies)
load more comments (7 replies)
load more comments
view more: next ›