- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.
Is it just me or is $19 million per year for 50 full-time employees insane?
Even for US salary standards.
Not necessarily.
Signal has people who are experts in their field. They engineer solutions that don’t exist anywhere else in the market to ensure they have as little information on you as possible while keeping you secure [0]. This in turn means high compensation + benefits. You don’t want to be paying your key developers peanuts as that makes them liable to taking bribes from adversaries to “oops” a security vulnerability in the service. In addition, the higher compensation is a great way to mitigate losing talent to private organizations who can afford it.
[0] Signal has engineered the following technologies that all work to ensure your privacy and security:
At least the private contact discovery is not very private:
Phone numbers are so not-sparse that there even was a game to text your “number neighbor”. I can probably build a pretty effective rainbow table for this with my current hardware.
You’re right, but security and privacy is about layers, not always 100% effective mitigations, especially not when the mitigation is a function (contact discovery) that requires a private list (your contacts) be compared against another one. For anyone where this is an actual security risk, they don’t have to to share their contacts. They will not know which of their friends/family are on Signal, but they can still use the service.
This feature does protect users in that any legal court order for Signal to present who is friends with who (as almost every other messaging provider has actual access to your list of contacts) is not possible. They’ve been subpoenaed multiple times[0] and all they can show is when an account was created and the last day (not time) a client pinged their servers.
Lastly, I’m not sure if this is even a feature or not but it wouldn’t be too difficult to introduce rate-limiting to mitigate this issue even more. As an example, its very unlikely that most people have thousands (or even tens of thousands) of people in their contacts. Assuming we go just a step beyond the 99th percentile, you can effectively block anyone as soon as they start trying to crawl the entire phone number address space, preventing the issue you’re describing.
[0] https://signal.org/bigbrother/
My guess: People who can be as competent with security as they need are very expensive.
For the current distribution I quote from the linked source :
Current Infrastructure Costs (as of November 2023): Approximately $14 million dollars per year.
Yes, but I was talking about the salary part, which is separate from the costs you mentioned.
It’s 19 million just for people.
Yhea no worries, I was just trying to get all the budgets together. I agree it seems quite an high budget
Also from the source:
Not at all. That’s $380K per person if everyone is making the same. Engineers with a few years of experience at Meta make $400K+.
Don’t forget the employer taxes, insurance, recruitment costs and so on. It wouldn’t surprise me if the employees are earning on average half that.
Exactly.
Role of thumb is an employee costs roughly twice their base salary, as the employee still needs to cover insurance, taxes, sick time, and other benefits.
That leaves an average salary of 190K for the 50 employees. That isn’t much for tech.