this post was submitted on 28 Aug 2024

2 points (100.0% liked)

Technology

59566 readers

3220 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

Under Meredith Whittaker, Signal Is Out to Prove Surveillance Capitalism Wrong (www.wired.com)

submitted 2 months ago by neme@lemm.ee to c/technology@lemmy.world

167 comments fedilink hide all child comments

(page 2) 50 comments

sorted by: hot top controversial new old

[–] sailingbythelee@lemmy.world 0 points 2 months ago (4 children)

This is a very rude question, but on this subject of being lean, I looked up your 990 and you pay yourself less than some of your engineers.

Yes, and our goal is to pay people as close to Silicon Valley’s salaries as possible, so we can recruit very senior people, knowing that we don’t have equity to offer them. We pay engineers very well. [Leans in performatively toward the phone recording the interview.] If anyone’s looking for a job, we pay very, very well.

So, I googled their tax filing out of curiosity. It's true that Meredith pays herself much less than her engineers, which is great. What I was rather shocked to see is that they pay their software developers enormous salaries. They're listing developers making over $400,000 per year, with their VP making over $660,000 per year. Now, I'm all for the value-creators making more money than the CEO. I just had no idea that software developers make that kind of coin. I was thinking of donating to Signal, but I'm kind of weirded out by those astronomical salaries.

[–] mosiacmango@lemm.ee 0 points 2 months ago* (last edited 2 months ago) (1 children)

That's inline with Silicon valley salaries. Basic houses cost 2mil there, so it's not completely outrageous.

As an example, openai pays all its engineers 300k flat+500k/yr in some stock based asset. Another example is Netflix, who are notoriously a very fickle employer, but salaries start in the 400k range and go up from there.

[–] sailingbythelee@lemmy.world 0 points 2 months ago* (last edited 2 months ago) (1 children)

Yes, the article makes the point that Signal needs to compete for talent with the rest of Silicon Valley. I get that. And we've all heard about the nearly unfathomable amounts of money that tech companies throw around. When you break it down to individual salaries, though, and see that even normal people in normal jobs are making a million dollars a year between salary and stock... well, I think it really exposes the spectacular wealth inequality that we have allowed to fester. I mean, sure, shelter costs may be high in Silicon Valley, but the cost of other goods remain about the same. A $50,000 truck that an average person in Nebraska might have to save for years to afford is barely a rounding error for folks making a million a year. I'm no economist, but it does seem like there are consequences for this kind of ever-growing wealth inequality.

It is also absurd on its face for a multi-millionaire developer to place a "Donate Now" button in an app and talk about being a non-profit to tug at the heart strings of people who make one-tenth of what the developers are making. It's feels like Scrooge asking Tiny Tim for a donation.

Anyway, I don't blame the developers for this absurd situation, and I do appreciate Signal, and Meredith is clearly a cool person who is fighting the good fight against big tech surveillance. But every once in a while an article like this reminds me how deeply fucked up the world is. It seems we are approaching pre-French Revolution levels of economic disparity, and maybe it helps explain why so many working class people are pissed off.

load more comments (1 replies)

[–] Linktank@lemmy.today 0 points 2 months ago (1 children)

I mean, how does a free app with no advertising in it make that kind of money?

load more comments (1 replies)

[–] sugar_in_your_tea@sh.itjust.works 0 points 2 months ago

Not all SW devs make that kind of money. I don't live in Silicon Valley, and I make significantly less than that amount. I could probably get a job there making somewhere north of $300k, but my expenses would go through the roof and I'd be stuck in SV traffic all the time, no thank you. I get paid well, but less than half what Signal is paying.

load more comments (1 replies)

[–] graphene@lemm.ee 0 points 2 months ago (1 children)

Wasn't there some controversy about Signal's creation being supported by the US government to provide private communications for anti-us-enemy organisation or something? I'm sure I remember it correctly...

[–] graphene@lemm.ee 0 points 2 months ago (1 children)

https://www.theregister.com/2024/05/14/telegram_ceo_calls_out_rival/

Alleged and mostly bullshit from the Telegram founder it seems.

load more comments (1 replies)

[–] fubarx@lemmy.ml 0 points 2 months ago

As long as they stay away from public 'channels.'

There lie dragons.

[–] 01189998819991197253@infosec.pub 0 points 2 months ago (4 children)

My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.

[–] ikidd@lemmy.world 0 points 2 months ago (2 children)

It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I won't use Telegram or Signal because of this.

[–] 01189998819991197253@infosec.pub 0 points 2 months ago (1 children)

It's about your posture. Most people who use signal use it to have privacy from governments. They're not hiding that they use signal, they're hiding what they write on signal. In this case, using your phone number isn't a big deal.

Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.

Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is "good enough" for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I don't know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.

[–] ikidd@lemmy.world 0 points 2 months ago (4 children)

But putting a phone number in immediately exposes protesters to association. Sure, Signal can't give out the contents of messages, but it still has the chain of contact. So if a government gets hold of this record, legally or otherwise, now you have everyone associated to a suspect phone number/person and can start rounding them up.

It's the complete antithesis of freedom of association when there's a record of everyone that you've contacted. The contents don't enter into that problem, and I can't see why they feel the need to keep this as part of their system. It purposely makes it impossible to use this for something like peaceful protest. So, no, it doesn't give you privacy from governments, because governments that don't respect freedom of association will use that information to punish dissidents.

I can't imagine any reason to use phone numbers except to purposefully keep this chain of association for governments to use. Even Facebook doesn't require this sort of personal proof, and it's suspicious as hell.

[–] noodlejetski@lemm.ee 0 points 2 months ago* (last edited 2 months ago) (1 children)

Sure, Signal can't give out the contents of messages, but it still has the chain of contact.

it doesn't. they've been ordered to hand over data multiple times, and the only thing tied to the phone number they have is 1. time the account has been created and 2. last time the account connected to the server: https://signal.org/bigbrother/

load more comments (1 replies)

load more comments (3 replies)

load more comments (1 replies)

[–] sugar_in_your_tea@sh.itjust.works 0 points 2 months ago (16 children)

You can use a username only for finding and adding friends, you only need the phone number to create an account. That's probably because Signal started as an alternative to Messages (or whatever it was called back then), so you could send SMS if you wanted, or secure messages to friends w/ Signal. The whole point was to be a gentle transition from SMS to private messaging. However, they eventually dropped the SMS feature, but it seems they kept the phone number as username thing.

It kind of sucks, but I think that's a reasonable limitation since the vast majority of people using this service will have a phone number. You could probably even sign up for a free trial of something (e.g. Google Fi) to sign up for Signal, set up the username, and then drop the phone number service. I don't know if there are any problems with this, but I don't think they do anything with your phone number after everything is set up.

[–] 01189998819991197253@infosec.pub 0 points 2 months ago (1 children)

Yeah. And I don't fault them for this route. I just with I could sign up without a phone number. Maybe the username thing is a predecessor to allowing usernam-only registration in the future.

[–] sugar_in_your_tea@sh.itjust.works 0 points 2 months ago (2 children)

Yeah, hopefully. It would also be awesome to have a web login so I could access messages and whatnot when using someone else's computer w/o having to install something.

I don't know what direction they're going, but I'm honestly okay with the caveats that currently exist.

[–] 01189998819991197253@infosec.pub 0 points 2 months ago (3 children)

Having web logon would mean they would need to hold the decryption key in some form (or have a weak decryption key, your credentials), so, while convenient, I think it would degrade security and possibly privacy. Unless you mean to receive new messages, the way the desktop app works?

load more comments (3 replies)

load more comments (1 replies)

load more comments (15 replies)

load more comments (2 replies)

[–] solrize@lemmy.world 0 points 2 months ago (2 children)

What is signal anyway? I've never paid attention to phone apps much. Why isn't it on F-droid if it's FOSS? Is it like irc but with encryption? I guess I should look into it.

[–] dubyakay@lemmy.ca 0 points 2 months ago (1 children)

It's more like WhatsApp or messenger (pick your poison on which one I am referring). Fairly lightweight. No useless features. And I think there's an F-Droid version, running as Molly.

[–] solrize@lemmy.world 0 points 2 months ago (1 children)

Interesting, it looks like molly.im has its own f-droid repo, but there is nothing about Molly in the regular f-droid repo. Thanks though. I guess I should look into this a bit more. I'm way out of date with phone stuff.

[–] vii@lemmy.ml 0 points 2 months ago (3 children)

Molly allows you to use alternative push servers (instead of Google's), amongst other things.

load more comments (3 replies)

[–] RecluseRamble@lemmy.dbzer0.com 0 points 2 months ago (2 children)

Why isn't it on F-droid if it's FOSS?

That got me interested and apparently, they fear forks running out of date.

Concerning F-Droid, we already providing an auto-updating APK directly from our site, and we really don't want forked versions of the app maintained by other parties connecting to our servers. Not only could the users using the forked version have a subpar experience, but the people they're talking to (using official clients) could also have a subpar experience (for example, an official client could try to send a new kind of message that the fork, having fallen out of date, doesn't support). I know you say you'd advocate for a build expiry, but you know how things go. Of course you have our full support if you'd like to fork Signal, name it something else, and use your own servers.

While that statement got plenty of thumbs down, I hate to admit that F-Droid is indeed out of date quite often. I currently can't find a source for this but I once read this has something to do with their signing process.

[–] sugar_in_your_tea@sh.itjust.works 0 points 2 months ago* (last edited 2 months ago) (1 children)

Yes, they manually sign every package.

But they could easily have their own F-Droid repository, I have repositories for FUTO apps like Grayjay and their keyboard, Bitwarden, and Newpipe, among others. Those are run by the projects themselves, so they're in charge of how often they update it, as well as how they sign it. So if they have issues with the "official" F-Droid repositories, they can always host their own. I honestly prefer projects that host their own repos precisely because they should, in theory, update faster.

That said, a self-updating APK is good enough for me. However, I didn't see an install option easily listed on their website and had to search for "signal android apk" to find the page. It should be listed on the regular install page on their website, next to the link to Google Play. I found three separate pages for getting it for Android, and all three had a link to Google Play and only one had the APK.

load more comments (1 replies)

[–] solrize@lemmy.world 0 points 2 months ago (4 children)

Hmm, ok, thanks. But I'm kind of tired of version churn: who needs to keep changing a chat program? IRC has been around since the 1980s or so and still works fine.

load more comments (4 replies)

load more comments