On November 16th, Meredith Whittaker, President of Signal, published a detailed breakdown of the popular encrypted messaging app’s running costs for the very first time. The unprecedented disclosure’s motivation was simple - the platform is rapidly running out of money, and in dire need of donations to stay afloat. Unmentioned by Whittaker, this budget shortfall results in large part due to the US intelligence community, which lavishly financed Signal’s creation and maintenance over several years, severing its support for the app.

On November 16th, Meredith Whittaker, President of Signal, published a detailed breakdown of the popular encrypted messaging app’s running costs for the very first time. The unprecedented disclosure’s motivation was simple - the platform is rapidly running out of money, and in dire need of donations to stay afloat. Unmentioned by Whittaker, this budget shortfall results in large part due to the US intelligence community, which lavishly financed Signal’s creation and maintenance over several years, severing its support for the app.

Never acknowledged in any serious way by the mainstream media, Signal’s origins as a US government asset are a matter of extensive public record, even if the scope and scale of the funding provided has until now been secret. The app, brainchild of shadowy tech guru ‘Moxie Marlinspike’ (real name Matthew Rosenfeld), was launched in 2013 by his now-defunct Open Whisper Systems (OWS). The company never published financial statements or disclosed the identities of its funders at any point during its operation.

Sums involved in developing, launching and running a messaging app used by countless people globally were nonetheless surely significant. The newly-published financial records indicate Signal’s operating costs for 2023 alone are $40 million, and projected to rise to $50 million by 2025. Rosenfeld boasted in 2018 that OWS “never [took] VC funding or sought investment” at any point, although mysteriously failed to mention millions were provided by Open Technology Fund (OTF).

OTF was launched in 2012 as a pilot program of Radio Free Asia (RFA), an asset of US Agency for Global Media (USAGM), which is funded by US Congress to the tune of over $1 billion annually. In August 2018, its then-CEO openly acknowledged the Agency’s “global priorities…reflect US national security and public diplomacy interests.”

[Article continues…]

Archive links:

  • Arthur BesseA
    165 months ago

    I have mixed feelings about this article. It gets some stuff right, but also some stuff wrong and it misses some important details.

    • I don’t think Signal has actually received money from OTF (Radio Free Asia) since 2015 or so; if it needed any today it would likely get it from one of the less transparent US government internet freedom funding vehicles. There is no indication they are “facing collapse” beyond a blog post talking about their expenses and soliciting donations.
    • This article mentions “over a billion” people repeatedly, but doesn’t explain that number is actually referring to WhatsApp (which uses the encryption protocol developed by Signal). Signal says they have 40 million active users.
    • It doesn’t mention that Brian Acton (billionaire WhatsApp founder) gave them a $50M interest-free loan when he co-founded the Signal Foundation with Moxie in 2018, and became its “executive chairman” or whatever. That “loan” had increased to over $100M by the end of 2018, and is presumably much larger today.
    • It doesn’t mention that Signal Foundation president Meredith Whittaker worked at Google for over a decade, and co-founded a department there that worked alongside OTF on various internet freedom projects (and was later on the OTF advisory board herself)
    • it doesn’t mention the salient properties of Signal which actually make it particularly beneficial to US interests (keeping the communications of privacy-desiring people associated with their phone numbers while concentrating their metadata on Amazon servers)
      • Arthur BesseA
        45 months ago

        Did you read my other comment which is linked to from the one you’re replying to?

        The parts of this reply that are in italics are direct quotes from it.

        First, we have to assume a worst case scenario, where Signal not only logs all IP addresses (despite what multiple court cases have shown us), but that they do it both secretly and intentionally in order to store that data. Your theory already requires serious collusion between that company and the government, with no whistleblowers.

        No, you don’t need to assume that Signal does anything. As I said, Signal says that they don’t retain any of this metadata, and I think it is likely that Signal employees are sincere when they say that. But someone with the right access at Signal’s ISP (Amazon) and anybody who can coerce, compel, or otherwise compromise those people (or their computers) can log it without Signal’s cooperation or knowledge.

        And if that was the case, they wouldn’t want Sealed Sender actually functioning. So we also have to buy into an additional conspiracy that they added it as a red herring. What does your theory say about this: did they know they could work around it, or is it secretly flawed?

        I think sealed sender does what it says it does, which is let you send messages without explicitly telling the server who the message is from. But that doesn’t change the fact that you’re connecting to their servers from the same IP address to send and receive and you need to identify yourself (with your phone number) to receive, so, the identity of the sender can be easily inferred if the server (or its operator) wants to correlate the information available to it.

        Sealed sender only makes sense if the server is honest and doesn’t link the ‘anonymous’ sender with the non-anonymous receiver activities coming from the same IP address. But, if the server is honest, then a “no logging” policy would accomplish the same thing. Sealed sender is performative cryptography.

        You can use words like “conspiracy” to dismiss the point, but tell me: if you’re completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?

        How about the ease of which somebody could use Signal with a VPN? That defeats half of your metadata complaints.

        A VPN hides your actual IP address from the server, but that is not the kind of metadata I’m talking about. I’m talking about who (which phone numbers, since that is Signal’s identifier) is talking to who, and when. A VPN only helps with this problem when there are other Signal users coming from the same VPN IP address at the same time as you, and then it only helps a little. It could help if you used a VPN for sending but not receiving, or vice-versa, or used different VPNs for each, but, Signal doesn’t do that (and if they did they’d probably run the ‘different’ VPNs themselves on cloud services anyway).

        But if you were being fair, you would have to level the same accusation against every other messaging app, and the only ones I can think of have worse encryption (Session) or explicitly have servers under unilateral control (SimpleX) or fare far worse (Matrix, Threema, Wire, etc).

        It’s ironic that the five things you picked actually all have the same major advantage over Signal (and WhatsApp, and Telegram): those five actually all are usable without a phone number! They each have their own problems, but at least it’s possible to use them all without a phone number!

        What do you mean about SimpleX having servers under unilateral control? The software comes with several of the author’s servers baked in which you use by default, but I think it is easy to use a different one or to run your own. And a cool thing about SimpleX is that each direction of a conversation is on a different server, so within a single conversation you are often not sending and receiving from the same server, which is the opposite of the metadata centralization of Signal’s design. (Of course, when all of the servers involved are run by a single entity, which I think is probably the case for most SimpleX users today, that entity can still observe who is talking to who. But the protocol is explicitly designed to decentralize metadata instead of to centralize it. And it doesn’t use phone numbers, much less require them.)

          • Arthur BesseA
            15 months ago

            it sounds like you’re formulating a conspiracy that implicates Signal themselves, claiming you believe they are being technically correct.

            No, again, I think Signal employees sincerely believe that nobody is logging Signal metadata.

            If I’m misreading your argument, please correct me. But there is a fine line between Just Asking Questions to promote a conspiracy theory, and just asking questions authentically, and it’s often hard to tell the difference.

            There isn’t anything theoretical in what I’m saying, except for the implication that Signal’s financial backing might be related to its surveillance-friendly architecture.

            You can use words like “conspiracy” to dismiss the point, but tell me: if you’re completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?

            Because I’m not 100% confident, like most people under a broad range of reasonable threat models.

            Good answer. So, when analyzing the security properties of thing that purports to protect against a compromised server, shouldn’t we logically consider the case that the server is compromised? And how does Sealed Sender fare in that case? Do you not see how it is performative cryptography?

            Precisely. I think the design is good, but it’s a single entity controlling basically all the servers, which means that not only can they effectively be considered a single server, but using your argument they can effectively be assumed to be collecting the exact same metadata

            Why do you think the default configured servers are “basically all the servers”? The way SimpleX works, if you’re using one of the default servers, and I am not, and we add each other as contacts, you probably wouldn’t even notice. And then we’d be each sending and receiving to eachother using servers operated by different entities. But again, even if we are both using the same default server, this is not “the exact same metadata” as Signal because there are no phone numbers involved.