What price for confidentiality? End-to-end encrypted (E2EE) messaging app Signal has released a interesting insight costs necessary to develop and maintain its privacy-friendly systems that protect user data from tracking by default.
THE blog post, written by Signal president Meredith Whittaker and developer Joshua Lund, reveals that it currently spends about $14 million a year on infrastructure to run the private messaging service; and another $19 million a year in personnel costs, totaling about $33 million to keep the lights on and its “several million” user posts hidden from unintended prying eyes.
It also projects that the cost of operating its service will reach around $50 million by 2025.
According to the post, just 50 full-time employees keep the messaging service running, while conducting research to continue pushing the boundaries of privacy and – in Whittaker’s case at least – occupying what looks like a full-time job in and of herself in public policy advocacy that has seen her commuting around the world in recent months to defend the right to privacy and try to repelling government incursions targeting E2EE.
The post sends a clear message: going against the tech industry by protecting users from surveillance is a costly – but vital – endeavor.
Signal is a non-profit organization, so it is not a money-making venture. But of course, it still needs to have enough funds to cover the costs. And it’s clear that costs increase as usage increases. Which means it needs to be proactive in finding ways to increase revenue without compromising its fundamentally user-friendly position.
As the blog post details, Signal goes much further in protecting user privacy than even mainstream messaging apps that have implemented its E2EE protocol (such as Meta-owned WhatsApp). “To take an example, profile photos and profile names are always end-to-end encrypted in Signal,” he writes. “This means that Signal does not have access to your profile name or chosen profile photo. This approach is unique in the industry. In fact, it was more than six years since we first announced this additional layer of protection, and to our knowledge, none of our competitors have adopted it yet.
“Other messengers can easily see your profile picture, profile name, and other sensitive information that Signal cannot access. Our choice here reflects our strong commitment to privacy, but it also means that it took Signal more effort to implement profile photo support. Instead of a single-engineer weekend project, our teams had to develop new approaches and concepts within the codebase (like profile keys), which they worked to deploy across multiple platforms. -forms after an extended testing period.
Disclose how much it (already) spends each year on essentials like storage ($1.3 million), servers ($2.9 million), recording fees ($6 million), tape ($2.8 million), other infrastructure needs like disaster recovery ($700,000), as well as the aforementioned $19 million for personnel (covering salaries, taxes and associated HR costs), seem intended to (gently) shake up the public – and hopefully entice a few more users to dip into their wallets to contribute and help secure a gold medal. -choice of standard private messaging.
“To put it bluntly, as a nonprofit, we don’t have profit-minded investors or board members hitting us in tough times, urging us to ‘sacrifice a little ‘intimacy’ in the name of achieving growth and monetary objectives. This is important in an industry where “free” consumer technology is almost always underwritten by the monetization of surveillance and invasion of privacy,” he warns.
“Instead of monetizing surveillance, we are supported by donations, including a generous initial loan from Brian Acton. Our goal is to get as close as possible to full support from small donors, relying on a large number of small contributions from people who care about Signal. We believe this is the safest form of funding in terms of sustainability: ensuring we remain accountable to the people who use Signal, avoiding any funding failure points, and rejecting the widespread practice of monetizing monitoring.
As the article also details, even alternative technology tools like Signal must fit into the coffers of industry giants that own and operate critical application infrastructures like cloud computing and, typically, are also active in the sector data capture and monitoring.