I really wish the EU would put up funds for open source software, like signal, it seems to be something they could get behind for the greater good. My previous job involved creating a graphical programming language for the generation of GPU shaders, which the EU partly funded. I knew it was going nowhere, and it made me slightly sad tax payer money was being used on something I knew, despite my best efforts, would not work.
I just wonder about the process and the results. I mean, it doesn't look to me, as if there is a management behind this, that actually has a goal.
It looks more like they are giving funds to projects who apply for them. IMO, they should state 3 clear goals and sponsor specific projects which reach those goals. To give some example how those could look like:
- create a decentralized, federated instant messaging platform, that is build on public standards
- create an e-learning platform that is usable with already established devices
- establish a market for the created software with partners
Naturally, all result would have to be open-source products and the goals would need some details/numbers to measure them. They could even invest into already established projects, but please, with easy to understand goals.
I work in EU research funding programs. The process is very bureaucratic, making it difficult for any small company to apply. Not to mention projects without a company.
It's also quite ineffective at giving money to the projects that are meaningful.
Large companies and large university projects rake in plenty.
Yeh so true. One of fhe great things about the Open Tech Fund was that it makes it easier for people with open source ideas, like Signal or our own Umbrella security training app, to get funding. Doing that through European funds would be impossible.
Not just EU funds, but those are currently the largest funds at NLnet.
NLnet does 'funding as a service'. If you want to fund a particular area of FOSS, we (I work there) can administer that. We provide low overhead funding to FOSS projects and pay particular attention to how the ecosystem benefits from projects.
So 'boring' projects that improve adherence to standards, increase deployments of standards compliant software, test standards compliance are very welcome. Redecentralizing the web requires this work, but few people think that this work is fundable. It is and in our opinion is has a high ROI for society.
Can confirm, though I need to qualify that most of my experience is in the software related programs.
In each and every framework so far, the EU is touting 'reduced administrative overhead', 'simplification of participation' and 'focus on SME's', but has in practice done exactly the opposite.
Especially since Horizon 2020, there has been a 'coup' by the large enterprise and large academic research groups. You can see the same trends in national programs as well.
I hope it won’t become like Canada’s SRED credits where the consultant that helps you make it look like you’re eligible costs 1/3 of the credits you get. These credits in turn keep otherwise completely unprofitable and doomed startups funded while the product delivers no value whatsoever. It’s borderline a scam and the program’s spirit has been completely abused by now.
This is another real issue I've seen in some places, especially regions that are trying to "do" tech, but where it doesn't come naturally.
It hurts me to watch systems full of broken incentives emerge and have money thrown into them repeatedly - there's "tech startups" (which would be laughed out of the valley due to their head-count and lack of any product market fit) receiving large ongoing subsidies to their payrolls while they slowly pretend to iterate on a product, all because they have "created" an agreed number of jobs, and need to keep those chairs full.
Europe on the whole doesn't have a culture of taking the same level of risks with capital, and there's a real push to fund things that are "safe" and help cover up weaknesses in the market - funding a company to hire people into basic tech roles at below-market pay helps to reduce graduate unemployment, which covers up the fact their education isn't giving them the right skills. That's pleasing to government.
On the other hand, giving 1m EUR to a small company with low head-count but a great idea could be a game-changer, and lead to far greater longer-term gains, but any government funding like this would be accompanied by so much red tape that you'd spend half of the 1m EUR on satisfying the monitoring requirements of the grant, attending monthly external progress review meetings, defending your progress to agreed (and inflexible) milestones etc.
That last point is perhaps the killer for innovation - most of the innovation funding schemes I've seen require detailed project plans before receive a cent of funding, and then hold you rigorously to that plan. Need to pivot? Welcome to the multi-page "change request form", which must be approved by a panel of non-technical bureaucrats before you can dare to change direction. They'll get back to you within 3 months, until which time you should continue with your original plan, as you will still be judged by your previous milestone payment plan. Your idea not working? That's not an acceptable outcome - you simply must deliver what you said! Failure is not welcome, you must deliver exactly what you said, else they will complain you are causing them to under-spend by the end of the financial year (as they now won't pay you!)...
Part of the problem with the process is that, for various well-intentioned reasons, there's a major focus placed on delivering objective evaluation on any kind of funded research or work. Bureaucrats want to demonstrate the impact their funding had, so that next time around (in say 5 or 6 years) they can make the case for the same amount of money (or indeed more). This leads to a system where "safe pairs of hands" are favoured, due to their ability to "play the game" and deliver the right kinds of metrics. A larger organisation can deliver "more jobs created" as they have the operating capital in place to run hiring using the research funding money, and commit up-front to "creating" those jobs (which they would have needed anyway, but can now fund, in part or in whole, through the funded project).
That's why, in my view, the bigger companies and universities do well - they have a scale that helps them to deliver these kinds of outputs. As a small company, the "spend-and-claim-back" approach to most research funding can be a real issue, especially if the claims are delayed due to bureaucratic "checks and balances". These are necessary to prevent blatant outright fraud (i.e. people not doing the work they say they did, and pocketing the cash), but they tend to be applied across the board, rather than in a targeted way proprortional to the level of risk, and size of the organisation. The end result is smaller players spend more time (proportionately) handling bureaucracy if they do win funding.
RE selecting meaningful projects, this is arguably because EU research funding looks further ahead, at lower technology readiness levels. An open source project used by everyone is "high TRL" and therefore hard to fund. If they have an entity (as you point out, many don't, which makes them harder to fund),
If you don't have a company to pay yourself through an official payroll system, I believe there are rules in place which effectively define that you work a maximum of 8 hours per day, 5 days per week, and that you can't possibly earn more than 25 EUR per hour, which is of course completely out of line with the sector, and makes it really hard to work without creating a company. At which point you then become subject to state aid rules, and need to keep a handle on that.
And beyond the research programmes, any kind of "innovation funding" then drags you into the state aid system of partial funding, which is very difficult for a small company - getting 60% of full payroll costs funded sounds nice, but it requires you have the cashflow/capital in place to run payments through payroll, in order to claim back a percentage. Not ideal for the kinds of non-commercial "critical internet infrastructure" that need this kind of funding the most.
I disagree. I believe the governments should fund existing open source software that are considered to be "critical" infrastructure (as in lots and lots of people rely on it) instead of chasing some random goals and adding bureaucracy on top that would slow down lead developers.
Just give them money and trust them that they'll do whatever it is they've done so far that many people recognised and started relying on their solution to the problem.
Without looking them up, there's exactly three pieces of software in the list above your comment that I don't recognize: FLUX TL, WSO2, midPoint. I'm happy to see all the other names on it, and I'm pretty sure I'll feel the same way about these three after I look them up.
I am not so sure that we disagree. I would consider instant messaging services 'critical infrastructure'. The difference seems to be, that you want to support projects that are large already, while I would certainly put more focus on smaller projects as those are the ones which can initiate change.
I find it heartbreaking, that we still depend on WhatsApp and Zoom. Neither service owner is particular trustworthy. Communication is definitely critical infrastructure and yet, the open-source alternatives are very limited (in quality, not in quantity). So investing in this kind of functionality is key.
In terms of software, Signal and Jitsi are great alternatives to WhatsApp and Zoom. People don't use them because of network effects, not because the incumbents are inherently superior.
For many use-cases they are indeed proper alternatives, but Jitsi has a much lower limit when it comes to numbers of participants. So if someone wants to organize a group call (the typical use-case) you come a with a lot more scenarios into trouble using Jitsi. And it hurts me to write this, because I hate how much growth Zoom had in the last year while being dishonest about critical encryption features. I would love to promoted Jisti and have tried so in the past, but I can't recommend something when it doesn't fit the use-case.
Signal, on the other hand, probably comes close to the WhatsApp features (I use neither one) and while I encourage everyone to to switch, I am missing the federation aspect. IMO, communication should be federated by law (which would also solve the network effect problem). Imagine a world where you could not call someone who has a phone number from a different provider? The current state of instant messaging is exactly this.
XMPP solved these problems decades ago and just because the standard didn't catch up with the speed of the mobile revolution, we don't have to reinvent everything from scratch. Properly implemented modern clients work very well (including reliability and battery consumption), the big issue though is that many traditional clients don't support all features and all companies in the business try, to build walled gardens as those tend to driver stock prices.
Yeah,and they crumble to bits like Signal is doing right now, breaking the wave of mass adoption.
Cynical, profit driven and well funded operations have enough capital to weather these downpours, indeed they’re actually planning for them.
I hope Signal sorts their capacity quickly, I’m terrified that my circles switch back to WhatsApp. And then I’m fucked, I either surrender myself to Facebook or cut off from society
While better than nothing, I'd argue a bug bounty is perhaps the opposite of what's truly needed - incentivising the finding of vulnerabilities is good, but it needs people to fix those.
Alas, this is what happens when tech policy is written by people without tech experience, I suspect.
Signal isnt federated or self-hostable. As long as its not, I dont see it as completely open source software because we still have to depend on their servers to use Signal.
I feel public money should only be donated to them once people are able to setup their own signal instances, like Matrix.
France for example uses Matrix for their internal communications. They don't use the public homeserver, rather, they use their own.
I know you mean well, and I understand the feeling, but how can you say in the same breath that the EU funds useless software and that you wish they funded more software?
Why would the newly-funded software be the useful kind instead of the useless kind?
Because if they got more serious about it, they'd install committees to evaluate proposals, et cetera., like they do for scientific research proposals.
The funding should be in return for a chunk of profits (ie. The EU becomes a shareholder).
They should employ teams of investors to decide where EU money is best invested.
They should use their governmentness to investigate companies after a few years and where they find someone got rich, yet the company failed, put some people in prison. Being the EU they can say "using legal loopholes to suck the company dry is in itself illegal".
What you’re wishing for is to force your fellow man to donate to a cause you deem worthy. EU funds don’t come from nowhere - they are taken from citizens.
You go donate an hours wage a week instead; that’s virtuous.
Forcing others to fund wars is not moral. Neither is forcing others to fund mobile apps.
No one hinders you from donating to Signal if you wish, but if I am a Matrix user, do you want to use the violent force of the state to force me to fund Signal? It’s a moral absurdity.
Virtuos does not mean effective. I am of the opinion that we should have a democratic government that is able to spend some of their citizens money on projects deemed worthwile.
This is how public schools are funded in my country and I like that we fund them like this instead of private schools with fees that would exclude some families.
This model of funding works for a lot of public infrastructure and I doubt individual donations would make up for that.
I think it is critical for this public funding to be under democratic control. Otherwise it is definitely unjust.
In the end I think public funding / taxes is a way to bypass the tragedy of the commons (not sure if that is the right term here).
That's how taxes work, unfortunately you can't pick and choose to which causes they go.
That's why, in a democracy, you vote to elect your representative who will, hopefully, make sure your taxes contribute to causes you deem worthy. Be it open source, health services, education, ...
You are right - taxation is coercion and not virtuous. You are also right about representative democracy - the incentive is to have the state fleeze your neighbour as much as possible. For those working in the bureaucracy the incentive is to convince the boss you need a larger budget next year.
Certainly far from “love thy neighbour”.
Donate yourself, you can be a hundred times more efficient than EU bureaucracy, no exaggeration
Eh, but in reality no not really. The PyPy project is one example of a fantastic outcome for OSS (among others): they where heavily reliant on EU funding to get to the point they are now. VLC, glibc, Keepass, Kafka, tomcat and others have had EU funds for their security bounty programs.
My 10 EUR contribution to this via my taxes (simplistic and incorrect) is fine. Angry anti-tax anti-big-gov rhetoric involving wishful thinking whilst ignoring the reality we actually live in does little to advance your cause, and for lack of a better word makes you sound rather silly.
I wisth they do not put up funds to signal. It is closed ecosystem. Even traditional phone calls are more open (having federated independent operators and interoperable implementations).
In short, federation makes a lot of things more difficult, and Signal opted not to do that to get a polished product quickly. Still, it's not either-or. As I remember it, Moxie welcomes the Matrix developers to try their approach and would be glad if they can get it right, he was just worried that it'd basically never lift off.
I think it's not bad to donate to either project, it's a good thing that we have both.
I mean, isn't that sort of the fundamental problem with government funding? They're not very good at picking winners, and when they make winners by picking, sometimes it still turns out to be a mistake (e.g. diesel in Europe).
Still, it does seem something infrastructure/utility-ish like Signal would be a good candidate for at least some support.
Not as impactful as a realtime donation but I recently changed my Amazon Smile charity to the Signal Foundation after a few years with my previous selection. I was surprised to learn they were an available option.
I also installed a browser extension to automatically bring me to smile.amazon when buying anything on Amazon - so far it has had no weird glitchiness when not buying something and works exactly as advertised. Highly recommend looking into this option if you're forgetful like me - so far it has helped me donate 4 times that I would have otherwise forgotten.
I was jumping through similar hoops for a while to get Amazon smile donations, but then I looked at their numbers for how much gets donated and it was a pretty trivial amount. I don't remember what I found (anyone have any stats on Amazon smile donation percentages?) but I decided it wasn't worth my effort compared to adding an extra few dollars to my direct donations.
It's not bad if you connect it to an Amazon Business account. I give hundreds of dollars to the charity I select. Also it's a thing that's easy to opt-into with an extension and just goes on forever, so totally worth doing it.
All my friends are in Signal. One of my favorite group chats is in Signal. My mom is using Signal, I just sent her a message I might need to leave WhatsApp, so she immediately installed Signal all by herself. Now we have video chats that have been working really well.
I mean, this is the first time the mobile app gives trouble. I'd wish the desktop app would be better, like it's been the biggest problem between me and Signal. Otherwise it's an amazing tool and I'm happy to donate for it to be even better.
They could easily add an optional badge to avatars showing that you donated $1 that year via an optional in-app purchase. The subtle social pressure in a lot of group chats would be pretty effective, and it would help raise awareness that it is run by a non-profit foundation.
This sounds good on first pass, but consider the implication of allowing donations (and thus, payment method information) to be tied to a Signal users account. I specifically _wouldn't_ want this.
It's easy. You "gift" the badge to a user via the Signal homepage when making a connection. There's no required connection between the gift-giver and the receiver. Is the person who gifted the badge the same as the receiver? Could very well be, but there's no way to prove that.
All you need to store server-side is "this user has the badge until date X".
> Could very well be, but there's no way to prove that.
Sure, but espionage and surveillance are rarely about proving anything, they're about making good educated guesses. Besides, the receiver will very likely be among your friends and acquaintances, so the NSA would only have to look at your social circle to find them.
You could enable offsite donations that provide a receipt/hash that denotes (donation -> validated), without being tied to any individual. Then the user could copy/paste a generic, non-correlated code into Signal to authenticate activity.
One of my friends who just jumped ship to Signal this week said in his first Signal message to me that he wished he’d “bought some shares” in Signal when I first told him about it...
The first challenge is getting people to join the platform.
The second challenge is educating them on how it’s actually funded... (ie NOT by pimping out your personal data for shareholder benefit).
"...As of June 2020, Signal had more than 32.4 million total downloads, and the app had approximately 20 million monthly active users as of December 2020...." [0]
"...The initial $50M in funding was a loan, not a donation, from Brian Acton to the new nonprofit Signal Technology Foundation. By the end of 2018, the loan had increased to $105,000,400, which is due to be repaid on February 28, 2068. The loan is unsecured and at 0% interest..." [1]
What happens when they add 50M or 100M more users?
Why is this structured as a loan? It sounds like it's structured in such a way that he isn't interested in getting paid back. Is it so he can exercise control in a weird scenario like a buyout? Is it some weird tax thing?
I'm assuming so that if moxy gets hit by a bus and someone else tries to step in and monetize it, he gets his money back. If it remains free and open source I'm sure he'll forgive it.
Its just for books. Loan is still an asset, but donation is not. He will have this asset for abt 50 yrs in the book, that's useful if he want raise money for something else.
Pretty sure he don't intend to get it back.
If I give you a gift, it is income and you owe taxes on it. If I give you a loan, it is not income and no taxes are owed. But tax man will expect you to pay it off! If I forgive you a loan, that is also taxable income, in the amount that you have not yet paid off, so no loophole there.
It is possible that it avoids having the Signal Foundation fail the public support test, usually a requirement that a public charity receive at least 1/3 of their donation revenue from donors giving less than 2% of the nonprofit's overall receipts. Failing this would cause the foundation to be a private foundation.
There could be conflict of interest if it’s a gift considering Acton was involved with WhatsApp before Signal was formed.
And a donation would bring him deductions which he probably doesn’t want..
And there is a gift tax but since it’s a non profit, it gets different treatment. But having said that IRS scrutiny increases with such large donations.
Chances high for an IRS audit. Etc.
So many reasons why the loan aspect is a better idea.
I think there is a limit to the amount of gift in cash or other assets you can make without triggering a federal gift tax of around 40%. For an individual there is a limit of life time gift tax exemption around 11.5 million and 23 million if the gift is made as a couple.
1. A loan is a business transaction here. There is an expectation that it will be repaid. It can also be forgiven. A donation to a non profit can be ‘rewarded’ by way of tax deductions.
So Acton will profit from a similar tech he has already sold to Facebook as WhatsApp. His wealth likely came from WhatsApp sale to Facebook. It can be argued as conflict of interest.
Loan deals are very clean. Cut and dried. Any implied contract between the parties ends when the loan is repaid and the relationship is terminated.
2. I can’t speak for Acton. Or in any legal capacity, but if it were me, tax deductions to a non profit can be rife with complications because if he ever gets involved with signal as a board member or employee, it might rise questions.
3. Signal foundation is not a charity.
4. Even a billionaire ..and especially one..would prefer to keep books less complicated for IRS. Donations are often scrutinized for money laundering or tax evasion.
5. A gift invites taxes, iirc. Like..if I gifted you above 15k(and you are not my family or part of a trust/insurance beneficiary etc), you will have to pay taxes on the realized value of the gift.
6. This might have been an ideological instinct for Acton as there seems to have been some disagreement between Acton and FB on how they intended to take WhatsApp. Maybe this isn’t about money at all. Who knows. Hence the ‘Etc’.
Also I don’t know exactly what kind of non profit Signal is...
> I think there is a limit to the amount of gift in cash or other assets you can make without triggering a federal gift tax of around 40%.
AFAIK, this does not apply when giving to a charity.
> I can’t speak for Acton. Or in any legal capacity, but if it were me, tax deductions to a non profit can be rife with complications because if he ever gets involved with signal as a board member or employee, it might rise questions.
And the loan won't raise similar questions? Why?
> Signal foundation is not a charity.
> A gift invites taxes, iirc. Like..if I gifted you above 15k(and you are not my family or part of a trust/insurance beneficiary etc), you will have to pay taxes on the realized value of the gift.
> Also I don’t know exactly what kind of non profit Signal is...
Well, you CAN donate to your own company and claim it for a tax deduction, I do it all the time.
That being said, this basic point seems like it might explain the whole thing. I can believe that he cannot be the sole (or nearly sole) donor and have the company be a 501(c)(3) rather than a private foundation or similar.
This is one of the most frictionless donation buttons ever. I love it.
Patreon, Paypal, SEPA transfer, all those are a hassle, comparatively.
This donation thing used by Signal works exactly as it should be. Enter numbers, hit enter, done. No "please cookie us", no 20 times transfer to other domains, no account creation, and they also don't require stuff like MasterCard 3D secure (which IMNSHO really is useless for donations).
I don't think the problem is money, at least for now. They are either running in a datacenter and can't add capacity fast enough, or have a scale bottlenech in their design, and just weren't designed for this scale.
me too. just donated. please comment below if you also donated. let's keep this thing running! Its personal interest now, because I moved bunch of groups from whatsapp and its not working now! but at the same I love these guys for what they do.
Signal is being used by at least 10 well-paid medical professionals (group chat) that I know of, and one of them proclaimed today that Signal is owned by Elon Musk (probably because he tweeted about it). I did not care to educate them. And this is in a first world country with a rather wealthy population.
Why am I saying this? Users don't give a damn, they expect free things, and they expect things which work. They have been taught to use appstores on their phones where tapping on a button installs an app and everything just works with zero effort on their end, while completely ignoring the work that someone put into creating the very app they depend on. Majority will never, ever, even think about it, let alone click on the developers website to find out who created the miracle they use.
This practice needs to end. I believe that it is time to stop making free products. Developers should unite in this and finally start to value their hard work.
Your belief about Skype being owned by Bill Gates is kinda factually true. Not necessarily Bill Gates himself, but Microsoft acquired Skype back in 2011.
> Signal uses encryption protocols sponsored by Broadcasting Board of Governors, a sister federal agency to the State Department. In plain words, data easily accessible by CIA, NASA and FBI.
I wonder what NASA will do with my Signal messages, maybe use them for a giggle in between transmissions from Mars.
> I wonder what NASA will do with my Signal messages
They batch them up and send them to deep space through SETI. The aliens are the real ones behind surveillance operations which they use to create a reality TV show. And with this NASA prevents the world from being destroyed from said aliens.
Very good point. People will happily pay 50 pounds a month for an IPhone and thinking nothing of it. But then really struggle to pay a penny for an app that runs in that iPhone. There’s some funny psychology going on.
Paying for software vs phones is not really an apples to apples comparison.
A better comparison would be how people gladly pay ten bucks a month for spotify/netflix but would probably never pay that for messaging and IMHO that's where the industry should be going.
People in the past also thought music and movies should be free and pirated the shit out of them, but by making it simple and accessible, for ten bucks a month, most people with a job just won't bother with piracy anymore, even though they gladly pay for something they'll never actually own.
So, the billion dollar question is, how do we transfer that model to messaging?
I keep dreaming about a Pied Piper like decentralized internet.
What i don't like is that "everything" is 10$ a month. I would like to subscribe to some payment aggregator where they charge me X dollars a month in one transaction, then pays it out to developers/service providers. This way things could go down in price too, since the fees would be lower because of less transactions. This way cheaper services like messaging could be 1$ a month without being eaten up by fees.
Netflix and spotify give me quick access to lot of content and I value it. I don’t care what software gives me this content.
With messaging it’s different. Transferring messages is relatively simple topic to do as a software. But the cost of running and maintaining it is hard and that’s what users don’t care.
There is very little to no awareness of what it takes to create software. We, the developers who have released our work for free, have allowed this to happen. It feels like mobbing, heck, we keep reading about other devs mobbing others by opening GitHub issues and demanding new features or bugfixes for software they did not pay for. I really hope that we can do something about raising awareness.
I can’t remember if it was always that way. When the App Store opened I guess there was a standard price of 59p for an app. Before that, 59p would have been seen as a ridiculous price to pay for a copy of software. Imagine buying windows 95 on a CD for 59p. By setting the bar so low for app prices at the start, it’s possibly just become the way it is now.
This got worse with the introduction of GitHub. Obnoxious users were always a problem, but before centralized OSS warehouses at least they had to go to the project's web site and mailing list.
Where they'd be told to get lost if they misbehaved.
With GitHub, the branding of products is lost and most credit goes to GitHub. If a user isn't satisfied, he does the proverbial left-swipe and goes to the next project in a second.
If you tell a user to get lost, you violate the tenets of the new corporate sponsored cultural revolution: Newcomers are always right.
The last 10 years have been a coordinated attack on OSS to make developers obedient and silent cogs. It works, because at present they are showered with money in return.
One big hangup users have is a difference in expectations. They know what they're getting with the money they pay towards their iPhone. Heck - most users will gladly pay exorbitant prices for a cup of coffee as long as it meets their expectations. The same cannot be said for a given app they pull off the App Store. The quality experience can vary greatly from app to app. Even then, an app that fits your lifestyle may not fit mine, so a recommendation isn't necessarily a guarantee of value.
For me I think it is a question of ownership. It is easier to pay for something you actually own. Software already is intangible, but add in modern licensing, app stores, etc and you really do not have any ownership over your software. Even in the case of open source software like signal, Apple could chose to boot them off the app store tomorrow and I would lose my "investment".
There was a time in the 90s/00s where you bought software in a big box, and it came with all sorts of manuals and such. The tangible assets (manual, floppy, box, whatever) along with the licensing agreement made that software much more valuable than the software we use today.
I remember when some of them came with hardware dongles. Adobe After Effects had a dongle that you had to attach to your keyboard cable in order for the app to launch. The mental value I attributed to that dongle was immense. I think I still have it around here somewhere...
I'd venture to guess that speed/simplicity of installing an app is also something users subconsciously factor in. The faster/smoother the installation, the less appreciation they have for the app. I remember installing Windows 95 from floppy disks.. boy oh boy, I appreciated every file that was successfully installed and admired it every time it booted into desktop.
"Free" isn't a model you should pick if you're going to care you aren't guaranteed to get compensated it's a model you should pick when you want to give a cool idea a chance to take off for the good of everyone without risk of being turned into something else if it is successful.
Problem is that the largest of the free products aren't free. They are surveillanceware. "Free" is used as a gimmick to get them onto as many phones as possible to surveil people. Those players have zero incentive to change that, and will be more than happy to use "free" to edge out any paid competition. This is how paid apps became almost non-existent outside of professional niches.
What happens when a whistleblower or dissident wants to use Signal? Should they be forced to cough up a payment with a traceable credit card or app store account in order to use it?
For that reason alone I think it's important for the service to be free. Though I would perhaps support some reasonable free usage limits if needed to prevent abuse.
How sympathetic are the Signal developers to the concerns of dissidents, really? Signal has had a policy of many years to require a phone number – buying a SIM card now requires providing government ID in so many countries – and only now have they promised progress on this front someday. They also recommend that users install through the Play Store, and they only grudgingly provide a standalone APK. Anyone with the Play Store installed presumably has the full Google software suite that leaks location data, what one enters into the keyboard, etc. that the state can exploit. (And also Signal is based in the US where they are vulnerable to NSLs.)
This all makes me assume that Signal’s security is meant to shield phone owners against advertisers and ordinary criminals, not the state.
> How sympathetic are the Signal developers to the concerns of dissidents, really?
There’s a known problem where the majority of Chinese Android users use a third-party IME to enter text. This is vulnerable to eavesdropping and easy for Signal to detect and warn the user about. Chinese people have been asking them to do this for over a year, telling them that they know of people who have been detained by the government after using Signal, thinking it was secure. Signal have constantly ignored and dodged this. Just lately, their attitude seems to be that somebody needs to prove it is being actively exploited before they will look into it.
Until I saw their behaviour on this, I was recommending Signal to people. Now I can’t help but feel it’s security cosplay. They pride themselves on strong encryption, but won’t lift a finger when people unwittingly use Signal in an insecure context and are being extraordinarily evasive about it.
I mean, technically it is not their responsibility to make sure everything surrounding the app is also secure. Someone could also be watching users over their backs, their device could be rootkitted. Where do you draw the line? I think it would be better to put resources into developing an open-source, non-compromised IME but that is out of scope.
Yes, and I acknowledged that in my own post. But it took years to get to the point where they are even talking about upcoming support for this, let alone actually providing it. In the interim, this aspect of great importance to people living in authoritarian regimes was ignored.
I agree that it's unfortunate that the initial attachment to phone numbers has thus far made Signal harder to use for dissidents in many countries. But I can also understand that there are legitimate constraints that led them to go this route initially (abuse & spam prevention come to mind).
I can also acknowledge that it's a universally good thing that they are moving in a positive direction here, and I do not hold it against them for being unable to solve all problems for all people at the same time.
NSLs are a problem generally, but I have a lot less concern in Signal's case because they have no data, and they'd have to be forced to make significant software modifications to enable targeted interception of messages. This is something I expect they would be motivated to fight, more so than any for-profit company might.
Let's acknowledge and appreciate progress where it is being made.
It has taken years: one of the major GitHub issues requesting alternate identifiers than a phone number for privacy’s sake dates from 2014. [0] The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
> The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
You realise that this is something completely different than what you wanted to imply are you? Up until they introduced the PIN, they've been defending the phone number. Just because someone had a issue on github, doesn't mean they've been working on it...
Whether they were working on the Github issue or not, is irrelevant. Those Github issues (if not their own intuition already) would have already made them aware that by requiring a phone number, they were compromising user privacy. Of course they had their arguments for requiring a phone number.
You think I’m knocking the app. I’m not, I think it is the best option available. I just feel that as long as the phone number was required, they could have been clearer to ordinary users about the threats that Signal aimed to protect users from: advertisers and ordinary criminals, sure, but not necessarily the state authorities, and so it might not be suitable for dissidents for the time being.
Exactly, they have made arguments for the usefulness of the phone number as an identifier. But to the best of my knowledge, they have never specifically acknowledged in a blog post the state’s linkage of phone numbers to individual identities in many countries today, and the risks that this poses to dissidents.
Moxie is one of the best security researchers in the business, he was definitely aware of this before anyone ever brought it up on GitHub. Was it really so hard for the Signal devs to acknowledge this downside on the blog?
This is all probably correct, and should change in the long term. In the short term, I hope you've donated to Signal, and it would also help if you'd dispel the misinformation when you hear it.
The world would be better if the world were better, but until it is, would you mind helping out a bit?
Is Signal having a problem of not enough money? I'd heard rumors they'd burned through the $100mm USD donation already but didn't want to believe them.
Is there any indication that applying capital to the problems we're seeing will fix them?
I want to help, but only in a way that will be effective in improving the situation. If they already have enough money, giving them more will not. If they don't have enough money following a $100mm USD donation, it's possible that giving them more will not.
Havent heard about them using the entire $100mn unless you have a source. I cant imagine the current situation is making their spend rate go up however.
The problem is, this is not a sustainable model (Wikipedia is a whole other universe and can not be compared) and it bugs me so much to see developers pour their souls into projects which end up dying.
I think it is acceptable, in this day and age, for people to expect instant messaging apps that are gratis and "just work". Technology and society should be at a state where - assuming you have network connectivity at all - that should be the case.
At the same time, I agree that there is practically criminal negligence of the education of people about what makes those techno-social institutions which "just work", work:
* Commercial interests and the role and nature of large corporations in tech and elsewhere;
* The massive amount of hard work, expertise, and good will invested by people in public-benefit work (which could be writing FOSS or volunteering in retiree caregiving etc.)
* What the machinery of government - and its myriad branches and institutions - does, beyond the political horse race shown on the evening news;
and through that, the realization that free lunches get made by someone, and its very important who and how they get made.
> Majority will never, ever, even think about it
It is a challenge for us to educate people around us about this fact.
> I believe that it is time to stop making free products.
Software is free by its very nature. It is only state coercion via threats of incarceration and violence that we are deterred from copying software.
I'm always surprised anew how unworldly people here can be.
Are you even aware that most people are not your "well-paid" medical professionals? Where is this offensive ignorance coming from? How do you even dare to say something like that? We're talking about a non-profit who brings a good and secure messenger even to 3rd world countries. How about you shut your mouth about everybody on the planet and use it to convince your "well-paid professionals" to pay instead? The general population does already pay for too much. They don't need a arrogant Schweizer Goldjunge to drag even more money out of them.
Oh and, you're not getting enough recognition and praise from your customers? Maybe you should make something which would really justify it? I'd recommend a FREE APP which helps poor people! Jesus, you run a page which rips off content other people provided you for FREE...unbelievable...
You’re wrong on so many levels (I was born and raised in a 3rd world country and survived 4 years of war under siege). I am not a Schweizer Goldjunge, and even if I was, suggesting that developers should value their work more definitely does not warrant your tone.
It’s an interesting dichotomy: many say they want to make the world a better place but also (1) have a personal philosophy of “the regular user is always wrong”, and (2) will do their damndest to argue how developers and IT corporations are always right and virtuous (FB just wanted to connect people; people didn’t vote with their wallets so now they spy on people just to make ends meet).
I don't think the practice of people easily downloading/installing apps through app stores is going to end. In my network I'm not alone in paying for free apps to support development if they're value-added.
Governments probably shouldn't simply ban all free products, but it certainly might be reasonable to ban some economic activities that enable some business models for sustaining free products.
Of course not, but it wouldn't hurt if we all got better at valuing our work more. Heck, majority of developers I worked with are decent, loving people, who could simply never dare to ask to be compensated for the work they do...
for changing amazon smile: is it "Signal Technology Foundation - Location: Mountain View, CA"? no description available unfortunately. seem to be a bunch with the name signal and that was the closest in name to what seems to be the signal foundation
> I just donated to Signal after seeing the error banner in the app.
I've tried to donate, but none of my 3 cards worked, I got "card rejected error" without any info why and none of banking apps notified me about new transactions.
I use the Privacy app and generated a merchant specific credit card for Signal. This is the best way I have found to do online transactions. You don't even need to use your actual name or address when making a payment to a merchant since Privacy acts as a proxy for you. https://privacy.com
don't forget that you can use the Signal protocol in Skype with Skype Private Conversations and delete your own call metadata afterwards as well.
edit : which presumably drives licensing income from Microsoft to The Signal Foundation, which I am presuming is better than nothing and if like me you can start using Signal protocol for calling your family elders via Skype without friction, and I simultaneously create widespread adoption of the Signal protocol, I can't see any downside myself anyhow.
if you can please consider making a regular recurring payment of a few bucks every month rather than a one-shot lump sum. this is because it's easier for a company to budget and plan with recurring revenue than a one-off donation.
Recurring and steady incoming is certainly useful for any company, but I would advise against doing tiny monthly donations over a larger yearly one! Processing fees are going to take away a significant chunk of your total donation relatively speaking if your individual donations are small.
Let's do some math: In signal's case, since they use Donorbox, there is a 2.9% + 30¢ fee for credit card transactions going via Stripe (in addition to another percentage that goes to donor box). If you were to donate $24 once per year, Signal would end up with just over $23 after processing fees had been deducted. If you donated $2 per month, they would end up with $19.7 per year, an additional $3 being spent on fees!
Edit: unless they have some special lower cost stripe rate of course, in which case you can ignore my comment altogether ;)
I've been using Signal for a couple years now. Finally deleted WhatsApp this week. This is the first outage of Signal that I noticed. It's a shame, but growing pains do happen.
I don't really want to see a bill for e.g. £0.41 every month on my credit card statement, and at some point the transaction fees would become a bother for Signal.
I'd have ticked "recurring annually" if the option had existed.
I don't know what options show up depending on the route you use to donate, but the link on the Android app [0] takes you to a page that does allow recurring contributions.
Except you have to be careful so the monthly amounts don't end up so small that the credit card processing fees eat up the majority of your donation! The processing done via Stripe (which is used by Donorbox) has a fixed minimum fee of 30 cents per transaction.
Edit: unless they have some special lower cost stripe rate of course, in which case you can ignore my comment altogether ;)
Adding more servers to support more users, also means more bandwidth. Those are increasing costs at a rate that they had not planned. Their spend rate has to be insane now to keep things running on top of their rents, utlities, opex. They have to be needing more money than they planned for.
If you talk about Brian Acton, he sold WhatsApp to Facebook and btw made a big gift to the FreeBSD foundation and is the founder of the Signal Foundation.
We have no info as to how much money they need or how much they currently have. For all we know, this was just an area of oversight and not related to funding at all.
I’d prefer to pay yearly than to feel the spectre of guilt for using a “free” app.
$100 million given current growth wont last as long. Telegram 4 years had a run rate of $1 million per month for servers and dev costs. At that time they had about 200 million users.
Signal is using AWS & GCP ( for cloud fronting ), they could be approaching that spend level.
> $100 million given current growth wont last as long.
That is 100% their problem, though. I trust that they will develop a sustainable business model when it becomes necessary. Otherwise, look at their tax info shared above. Sporadic donations won't even make a small dent.
I mean, shoot, they won't even give us a hint at how much to donate to cover our own costs. That would be a start.
WhatsApp used to charge $1/ yr at 200 million users, which kept them well funded. A $1 donated by just the Android users at 50 million + would be $50 million per year.
TBF they havent had to think about this too much before the last 5 days, so give them some time to come up with a plan.
In the mean throw them whatever you are comfortable with.
Hell if I know. Give what feels right to you - imagine the service going away tomorrow, and someone saying "If only you'd paid $X/mo, this wouldn't be happening!" What's the value of X where you'd regret not having done so?
Not really worried about funding its existence for the sake of it just not freeloading my use while it's here and I decide it's worth it which is what the gp was referring to as well.
I'd still argue to give the amount the service is worth to you, but if you're not willing to do that, then I'd say bilal4hmed is probably right - $1/mo is probably sufficient. Facebook, Twitter, etc. all have ARPUs at or below $12/yr.
> Engineers design pickle forks to last the lifetime of the plane, more than 90,000 landings and takeoffs, a term known as "flight cycles" in the aviation industry, without developing cracks.
That number made me do a double take.
Seems planes never stay on the ground for very long.
Planes are extremely expensive pieces of machinery and you don't make money if you're not flying passengers with them. I'd be more surprised if they weren't in the air as many hours as possible.
They literally stay only the turn around time in commercial aviation in busy operations. At least that is the goal. And of course maintenence and repair.
And an airframe is used over decades. Add some serious safety factor and you are up there at 90000.
But since the 737 max grounding, NGs have seen more usage. So bad news for Boeing. And heaven forbid another grounding - there will literally be not enough physical planes to fly in the skies.
This is one of the questions I want to see answered in stimulation not in real life. There is a lot of discretionary flying, but there are place whose connection to the world is plane.
You will also have route cancelations. And there will be social costs along the economical as well. All in all unpleasant situation.
It will be good to have someone that understands airplanes to comment on how severe the issue is and possible remedies.
The media have incentive to drum up the issues with boeing and be a tad sensationalist.
From what I understood it will require disassembly of quite a big chunk of the airplane. So it will be expensive and worse slow.
>There is a lot of discretionary flying, but there are place whose connection to the world is plane.
Are you talking about far away towns in, say, Alaska? Those may not be the kind of planes for which we're discussion scarcity, but alas.
Me and my colleagues were flown for training from Oregon to one of our offices in California, this week. So was the trainer. There's still a lot of room to optimize the need for air travel.
The Galapagos comes to mind. The entire economy is premised upon commercial jets landing there hourly. Puerto Rico, Bahamas, etc.
Even Continental but remote tourism-driven places like Costa Rica.
I think the price response to a shortage of planes would be super-linear, given that those who fly regularly are not representative of the average economic means. Prices would more than double.
Sometimes they fly routes that are only 30min long. With a 30min turnaround, that could mean a flight every hour.
If they kept one plane flying round trips all day, they might fit 16 flights into a day and theoretically burn through the 90,000 cycles in under 16 years.
Not quite 30minute flights but approaching there at ~40min and ~50min.
Southwest airlines for example exclusively flies a fleet of 737-type variants. Cadence for some of these flights can be over 10x daily, in each direction. The total fleet can see 4k+ flights per day.
Yes, they exist in Europe, they ban be dirt cheap, executed by companies run by penny pinchers and mostly superfluous. Going by train is in many cases faster because it gets you from city center toncity center without any airport overhead. But it also costs a multiple of a plane ticket, which should not be the case.
Yes but the cases when taking such short flights instead of trains make sense is when you commute form a small city airport to an international hub for a layover to an international flight and that saves you lots of time as you've already been through security once and you're already inside the airport fairly close to your departure gate so you can arrive pretty close time wise to your next flight as opposed to having to commute from the train station to the airport and be there ~2 hours before the flight to clear security and all.
Nobody takes the plane for 30 min to get from city center to city center, we do it because we have to catch another flight from that city's airport and it's quicker by plane.
We have railroads. The three trips listed by the previous poster all include LAX. LA is surrounded by mountains. The train from LA to SF takes ten hours. The flight is one. California has been trying to build a high speed rail to connect LA to the Bay Area for a long time now, but it's projected to cost 30 billion dollars and the timeline is ridiculous. Last I understood, the project has been shelved indefinitely.
Because the U.S. is a) much less densely populated, b) is very spread out, c) leading to very long distances between cities (which makes rail expensive), but d) very homogeneous in culture and language, so e) families and companies spread out a lot, f) which means train travel is not really practical, but also g) many of these short-haul flights are connections to/from long-haul flights and there's no way we'd take a several hour train ride to then go to an airport, to then take a long-haul flight to then do the whole thing again.
Here was one that reached almost 90k cycles in 20 years due to a lot of short flights [1]. Total flight hours were 35k, so an average flight was under 25 minutes.
Air NZ used to fly 737s between CHC and WLG. Runway to Runway flight time can be as little as 30min if the wind is blowing in the right direction. Feels weird because there is only about 5min of cruising between accent and decent.
However, demand wasn't high enough to justify non-stop round trips, they replaced the 737s with two A320 flights a day, with a bunch of ATR-72 and Dash 8 flights throughout the day.
The classic example is of course Hawaii Air Flight 243. Before the incident, that airframe accumulated 89,680 cycles in 19 years (over 35,496 flight hours) doing short hops between Hawaiian islands.
With South West I took a 737 (definitely not the MAX, probably the NG) a few times from ISP (Long Island, NY) to BWI (Baltimore / Washington). It's not 30 minutes but close enough at 40-45 minutes. These flights were within the last 2 years.
The Madrid-Barcelona "air shuttle" by Iberia has up to 26 flights a day in each direction https://www.iberia.com/es/news-updates/relaunched-the-air-sh... but they use more than one plane. Still, a lot of cycles! In the peak hours there can be a plane leaving each 15 min. You don't need to book a specific one, just a ticket for the shuttle service and then you just turn up at any time.
Not an aerospace engineer, but this seems like a weird way to measure airplane life. A transpacific plane could have 1/10 the cycles but equal airtime, and one would think that the stresses of flight are worth considering. Wonder why it's not measured in hours, like say, tractors, or miles flown. Do we measure any other engined vehicle this way?
There are a variety of ways that age of something can be measured with two common examples in everyday life being people and cars commonly measured in years and kms/miles respectively. The metric chosen is one that adds value for understanding the impact.
Aeroplanes and their components do have a lot of different ways of having their ages measured, depending upon what one cares about. Engines are a good example of something where the hours spent running is usually the most salient.
For fusalages, as we're talking about here, pressurisation cycles is actually very important in pressurised airframes. This is because it is the main source of material fatigue which is a major cause of issues - usually in the form of cracks. This was discovered the hard way with the de Havilland Comet[0].
Smaller non-pressurised planes are normally measured in total flight hours, but the effect of repeatedly pressuring and depressuring is so great that it's the biggest factor that will affect the life of the bigger airframes.
A cycle involves pressurizing the cabin relative to the atmosphere approaching flight altitude, and then depressurizing during the descent.
The pressure differential may not seem like much, 6-10 psi in most cases, but the cabins are quite large, so these forces become substantial. Advanced airframes like the composite 787 use that extra strength, in large part, to lower cabin altitude (i.e. keep higher pressure) because it has such a substantial effect on passenger comfort.
Cycles is absolutely the best way to consider airliner lifespan because that is the most significant stress on the airframe.
I know in addition to salary there are other "hidden" costs like health care etc, but even taking that into account their employees must be taking home a pretty significant wage.
While not quite to the same level of obfuscation, your suggestion reminded me of this project:
http://www.cipherdyne.org/fwknop/
Its essentially port knocking with a single encrypted packet.
Haven't tried it (yet) myself but sounds interesting.
I realised I was more than happy to pay WhatsApp's yearly charge back in the pre-Facebook days (think it was 70p or so?).
Figured I could give Signal a few quid every now and then, maybe keep a server up for a few seconds :)
Donation link should anyone be interested: https://signal.org/donate/