On November 16th, Meredith Whittaker, President of Signal, published a detailed breakdown of the popular encrypted messaging app’s running costs for the very first time. The unprecedented disclosure’s motivation was simple - the platform is rapidly running out of money, and in dire need of donations to stay afloat. Unmentioned by Whittaker, this budget shortfall results in large part due to the US intelligence community, which lavishly financed Signal’s creation and maintenance over several years, severing its support for the app.
Never acknowledged in any serious way by the mainstream media, Signal’s origins as a US government asset are a matter of extensive public record, even if the scope and scale of the funding provided has until now been secret. The app, brainchild of shadowy tech guru ‘Moxie Marlinspike’ (real name Matthew Rosenfeld), was launched in 2013 by his now-defunct Open Whisper Systems (OWS). The company never published financial statements or disclosed the identities of its funders at any point during its operation.
Sums involved in developing, launching and running a messaging app used by countless people globally were nonetheless surely significant. The newly-published financial records indicate Signal’s operating costs for 2023 alone are $40 million, and projected to rise to $50 million by 2025. Rosenfeld boasted in 2018 that OWS “never [took] VC funding or sought investment” at any point, although mysteriously failed to mention millions were provided by Open Technology Fund (OTF).
OTF was launched in 2012 as a pilot program of Radio Free Asia (RFA), an asset of US Agency for Global Media (USAGM), which is funded by US Congress to the tune of over $1 billion annually. In August 2018, its then-CEO openly acknowledged the Agency’s “global priorities…reflect US national security and public diplomacy interests.”
Archive links:
deleted
No, again, I think Signal employees sincerely believe that nobody is logging Signal metadata.
There isn't anything theoretical in what I'm saying, except for the implication that Signal's financial backing might be related to its surveillance-friendly architecture.
Good answer. So, when analyzing the security properties of thing that purports to protect against a compromised server, shouldn't we logically consider the case that the server is compromised? And how does Sealed Sender fare in that case? Do you not see how it is performative cryptography?
Why do you think the default configured servers are "basically all the servers"? The way SimpleX works, if you're using one of the default servers, and I am not, and we add each other as contacts, you probably wouldn't even notice. And then we'd be each sending and receiving to eachother using servers operated by different entities. But again, even if we are both using the same default server, this is not "the exact same metadata" as Signal because there are no phone numbers involved.