On November 16th, Meredith Whittaker, President of Signal, published a detailed breakdown of the popular encrypted messaging app’s running costs for the very first time. The unprecedented disclosure’s motivation was simple - the platform is rapidly running out of money, and in dire need of donations to stay afloat. Unmentioned by Whittaker, this budget shortfall results in large part due to the US intelligence community, which lavishly financed Signal’s creation and maintenance over several years, severing its support for the app.
Always knew this project was a honeypot since they need your phone number to function. Why would a foss app force you to use a phone number? I bet the cia and other three letter organizations spend money advertising signal on various platforms.
For a project like Signal, there are competing aspects of security:
privacy and anonymity: keep as little identifiable information around as possible. This can be a life or death thing under repressive governments.
safety and anti-abuse: reliably block bad actors such as spammers, and make it possible for users to reliably block specific people (e.g. a creepy stalker). This is really important for Signal to have a chance at mass appeal (which in turn makes it less suspicious to have Signal installed).
Phone number verification is the state of the art approach to make it more expensive for bad actors to create thousands of burner accounts, at the cost of preventing fully anonymous participation (depending on the difficulty of getting a prepaid SIM in your country).
Signal points out that sending verification SMS is actually one of its largest cost centers, currently accounting for 6M USD out of their 14M USD infrastructure budget: https://signal.org/blog/signal-is-expensive/
I’m sure they would be thrilled if there were cheaper anti-abuse measures.
SMS messages suck because they are insecure, expensive as you noted, and tie you to something that you must continually pay for… And which, when used across multiple sites, could be used as a form of identifier. And of course, bad actors can simply buy one anyway. My hatred for phone number verification runs way deeper than Signal itself; if anything, Signal is more responsible than every website that begs for phone numbers (Microsoft, Twitter, Discord, fill in the blank)
That much being said, I agree that there is no easier solution. People have recommended Proof-of-Work, getting your phone to complete some arbitrary mathematical equation… But this is an even weaker defense, because it hurts people with low end phones and can be worked around by people with a little bit of money or just a desktop.
Bad actors can buy one.
What does it cost to buy hundreds? It’s a great deterrent to bad actors creating many accounts.
I really, really, really dislike using my phone number to verify. Like so much so it kept me off signal until about 6 months ago.
I get it. I don’t like it, but I get the compromise until they can develop a better mechanism
You’re right, the problem with something like proof-of-work is that it doesn’t prevent abuse at scale. With a sufficiently powerful computer, the same bad actor could crank out hundreds or thousands of phone numbers with the only variable being time and energy it takes to run their computer. (And the computer would only need to do something that takes a phone, even a low end phone, maybe a minute at most to do.)
At the very least, obfuscating phone numbers and allowing users to share usernames would be seriously preferential. I’m okay with Signal having some record of my phone number, but not so okay with handing it out to other people willy-nilly.
You could run a network like signal, and either charge a small amount of money per message, or a larger amount of money to register with the network.
Hell you could do the WhatsApp model, charge a dollar for new users, the pay for the registration verification. The same thing.
You just need some mechanism to add friction for mass spamming, be that money time or complexity.