(2021-01-25) Newton The Battle Inside Signal

Casey Newton: The battle inside Signal. Signal app appears to have more than 40 million users, up from approximately 20 million last month

On January 6th, WhatsApp users around the world began seeing a pop-up message notifying them of upcoming changes to the service’s privacy policy

Last month, according to one research firm, the six-year-old app had about 20 million users worldwide. But in a 12-hour period the Sunday after WhatsApp’s privacy policy update began, Signal added another 2 million users

Signal still has a small fraction of the market for mobile instant messaging — Telegram, another upstart messenger, says it added 90 million active users in January alone

In the months leading up to and following the 2020 US presidential election, Signal employees raised questions about the development and addition of new features that they fear will lead the platform to be used in dangerous and even harmful ways.

Employees worry that, should Signal fail to build policies and enforcement mechanisms to identify and remove bad actors, the fallout could bring more negative attention to encryption technologies from regulators at a time when their existence is threatened around the world.

Like a lot of problems, this one started with an imperative familiar to most businesses: growth.

On October 28th, Signal added group links, a feature that has become increasingly common to messaging apps. With a couple of taps, users could begin creating links that would allow anyone to join a chat in a group as large as 1,000 people. And because the app uses end-to-end encryption, Signal itself would have no record of the group’s title, its members, or the image the group chose as its avatar.

During an all-hands meeting, an employee asked Moxie Marlinspike how the company would respond if a member of the Proud Boys or another extremist organization posted a Signal group chat link publicly in an effort to recruit members and coordinate violence.

“The response was: if and when people start abusing Signal or doing things that we think are terrible, we'll say something,” said Bernstein, who was in the meeting, conducted over video chat. “But until something is a reality, Moxie's position is he's not going to deal with it.”

Marlinspike told me. “The overriding theme there is that we don't want to be a media company. We’re not algorithmically amplifying content.

For years, the company has faced complaints that its requirement that people use real phone numbers to create accounts raises privacy and security concerns. And so Signal has begun working on an alternative: letting people create unique usernames. But usernames (and display names, should the company add those, too) could enable people to impersonate others — a scenario the company has not developed a plan to address, despite completing much of the engineering work necessary for the project to launch.

Signal has also been actively exploring the addition of payments into the app. Internally, this has been presented as a way to help people in developing nations transfer funds more easily.

People I spoke with told me they regard the company’s exploration of cryptocurrency as risky since it could invite more bad actors onto the platform and attract regulatory scrutiny from world leaders.

Signal’s growth imperatives are driven in part by its unusual corporate structure. The app is funded by the Signal Foundation, which was created in 2018 with a $50 million loan from WhatsApp co-founder Brian Acton. Signal’s development is supported by that loan, which filings show has grown to more than $100 million, and by donations from its users.

Employees have been told that for Signal to become self-sustaining, it will need to reach 100 million users.

Signal has set about acquiring users

Those efforts have been led by two people in particular: Marlinspike, a former head of product security at Twitter whose long career in hacking and cryptography was recently profiled in The New Yorker, and Acton, whose title as executive chairman of the Signal Foundation dramatically understates his involvement in the project’s day-to-day operations.

he has increasingly devoted his time to building Signal. He participates in all-hands meetings and helps to set the overall direction of the company, employees said. He interviews engineers, screening them for their ideological commitment to encryption technology. He writes code and helps to solve engineering challenges.

Signal employees I spoke to worry that the app’s appetite for growth, coupled with inattention to potential misuses of the product, threaten its long-term future. (Of course, not growing would threaten its long-term future in other ways.)

Marlinspike said, it was important to him that Signal not become neutered in the pursuit of a false neutrality between good and bad actors. Marginalized groups depend on secure private messaging to safely conduct everything from basic day-to-day communication to organized activism, he told me. Signal exists to improve that experience and make it accessible to more people, even if bad actors might also find it useful.