The Signal Business Model – How Does Signal Make Money?

Executive Summary:

Signal is a messaging platform that offers end-to-end encryption for text messages as well as voice and video calls.

Signal makes money via donations. As a non-profit organization, it relies on these donations to continue offering its service.

Launched in 2014, Signal has grown to become one of the world’s most-used messaging apps. Close to 50 people now work for the organization, which is based in San Francisco.

What Is Signal?

Signal is a communication app that allows users to conversate with each other via text, voice message, or video calls.

Signal’s universal selling point is its focus on encryption and privacy. Users are not being tracked across platforms and messages are end-to-end encrypted.

The platform operates on an open-source basis, meaning anyone can contribute to its development. Signal’s codebase is stored and can be accessed via its GitHub repository.

T user experience is similar to other messaging platforms. Users can send each other texts or audio messages, create group chats, or even send (encrypted) stickers.

To sign up for the service, users simply have to provide their phone number. As such, the user’s Signal account is tied to the specific number he or she provides.

Signal can be used through a variety of devices, including (desktop) computers running on Linux, macOS, or Windows, as well as mobile phone and tablet applications (available on Android and iOS devices).

How Signal Started: Company History

Signal, headquartered in San Francisco, California, was launched in 2014 by security researcher Moxie Marlinspike (whose real name is Matthew Rosenfeld).

As you would imagine with someone using a fake alias, not much is known about Marlinspike’s upbringing.

For all we know, he was born and grew up in the state of Georgia. He was drawn to mathematics and computers from an early age, spending hours upon hours reading in the high school library.

As a child of the 1980s, his teenage years coincided with the rise of the world wide web. In his teens, he chatted with like-minded individuals on Internet Relay Chat (I.R.C.), a messaging platform popular among hackers.

After graduating high school in the late 1990s, Marlinspike moved to San Francisco to work as a software engineer for WebLogic, a company that became known for creating the first J2EE application server.

Soon after joining WebLogic, Marlinspike found himself disconnected from his peers in the Valley who’s ambitions seemed to be fuelled by money and not building quality and secure products.

After a few years, at the height of the Dotcom bubble, Marlinspike decided to quit his job and hitchhike through the country. Other adventures would include him buying a fiberglass boat on Craigslist for $1,000, restoring it, and sailing through the Florida Keys to Grand Bahama Island.

Nevertheless, he always balanced his adventures with a healthy amount of projects. For instance, in 2002, he discovered a major vulnerability in Microsoft’s Internet Explorer. Other security researchers were soon taking notice.

Marlinspike eventually moved to Pittsburgh where he occasionally attended cryptography classes at Carnegie Mellon. While in Pittsburgh, he uncovered a vulnerability that nearly every Internet browser.

The exploit, called a “man-in-the-middle attack”, gave malicious actors the ability to view and alter communication between two people. Furthermore, hackers could get access to sensitive data, including log-in credentials, without being detected.

In 2009, Marlinspike presented that vulnerability at Black Hat D.C, a security conference hosted in Washington. He then went on to criticize Paul Kurtz, the event’s keynote speaker who served under Presidents Bill Clinton and George W. Bush.

After Marlinspike wrapped up his talk, he dropped one last bomb by introducing SSLstrip, a tool that would fix those man-in-the-middle attacks. SSLstrip is keeping browser communication secure to this date and put Marlinspike on the map, making him one of the most sought-after security experts.

A year later, in 2010, Marlinspike (together with friend and Carnegie Mellon robotics Ph.D. student Stuart Anderson) left Pittsburgh and moved back to the Bay Area. Soon after, they launched Whisper Systems, which released two Android messaging apps named RedPhone and TextSecure.

Both apps were the predecessor to Signal and allowed users to communicate with each other in a fully encrypted fashion. In 2011, the business was sold to Twitter for an undisclosed sum. The takeover represented more of an acqui-hire as Twitter was affected by regular hacking attacks and needed to step up its security.

As a result, Twitter decided to shut down RedPhone, but relaunched the three weeks later amidst public backlash. Twitter, furthermore, announced that it would release the code for both RedPhone and TextSecure as open-source projects.

Marlinspike, in the meantime, went on to serve as Twitter’s head of product security. Influenced by a near-death experience in March 2012 (his catamaran crashed into a friend’s boat), he decided to leave Twitter in early 2013.

The early exit caused Marlinspike to lose out on about $1 million in stock incentives. Stuart Anderson, on the other hand, stayed on for another year. Today, ironically enough, he works at Facebook as a security researcher.

Meanwhile, Marlinspike relaunched Open Whisper Systems (OWS) as a non-profit while resuming work on the open-source versions of RedPhone and TextSecure. The non-profit was supported by the Freedom of the Press Foundation and received grants from the likes of the Open Technology Fund or Shuttleworth Foundation.

Despite the project’s limited budget (Marlinspike was only able to hire two to three developers in the early days), output remained high. In February 2014, OWS integrated end-to-end secured group chat and instant messaging functions into TextSecure. This became known as the Signal Protocol.

A few months later, in July 2014, OWS released the first-ever version of the Signal app for iOS devices. OWS, furthermore, announced that it would merge RedPhone and TextSecure into one single application that would be known as Signal.

The Signal Protocol wasn’t only adopted within the Signal messaging app, though. Other, more prominent actors became increasingly interested in its adoption. One of these was Brian Acton, one of WhatsApp’s co-founders.

The two already connected in 2013 and conversations were continued throughout 2014. WhatsApp, in the meantime, was acquired by Facebook for a whopping $22 billion. Then, in November 2014, WhatsApp finally announced that it would implement end-to-end encryption powered by the Signal Protocol.

Throughout 2015 and 2016, Signal continued to add a variety of features and products to its service, such as a desktop app or encrypted phone calls. 2016, in particular, proved to be an eventful year for the organization.

In October 2016, OWS was served with a federal subpoena for records on its users, including names, locations, and more. Much to the prosecutor’s surprise, the only data that Signal stored was when the user in question first signed up and their most recent login date.

Then, a month later, millions of users flocked to the service as a result of the 2016 presidential election. Signal saw a 400 percent increase in user growth over a week’s period.

Finally, countries like Egypt and the United Arab Emirates tried banning access to the service. Signal’s team bypassed the censorship by using a technique called domain fronting, which uses HTTPS encryption to cover up the server location request.

The domain fronting was conducted through Google domains, meaning that in any country that Google is available, Signal would be usable as well (looking at you, China).

By 2018, Signal wasn’t only used by cybersecurity geeks, but everyday people in hundreds of countries around the globe. To further push its adoption, OWS was eventually restructured into the Signal Foundation – with Brian Acton acting as the organization’s executive chairman.

Acton, furthermore, poured $50 million of his own money into the foundation. The capital injection helped to propel Signal to the next level, allowing Marlinspike to hire dozens of new personnel.

Throughout 2020, Signal proved to be vital in aiding the organization of peaceful protests, in particular around the Black Lives Matter (BLM) movement.

Yet, the organization’s biggest boost probably in early 2021. In January, Tesla and Space X CEO Elon Musk prompted his millions of Twitter followers to use the app.

His tweets were a direct response to an adjustment in WhatsApp’s privacy policy. The new privacy policy laid out how WhatsApp would share data with its mother company Facebook. Users would have to comply with that policy or not be able to use WhatsApp any longer.

Even though WhatsApp was already sharing data with Facebook since 2016, many users (Elon Musk being the most prominent of them) would have liked to have the option to opt out of the data-sharing practices.

As a result of this public outcry, many of WhatsApp’s users flocked to Signal’s service. The flood of new users, believed to be in the millions (Signal doesn’t share any public user numbers), even caused the service to crash a few times.

Despite Signal’s impressive growth, worries about its impact are starting to arise. A 2021 article by The Verge outlined that many of its employees grew increasingly worried about the app being misused for malicious reasons, such as organizing terrorist attacks.

Certainly, not everyone took a liking in that. In March 2021, China blocked access to the app. Signal is not alone in this regard, though. In the past, China had been known for restricting access to foreign applications in an effort to curb any potential protests and alike.

For now, Signal is solely focused on increasing its user base to bring private and secure messaging to as many people as possible. To that extent, the company has added a variety of new features over the course of 2021, including the ability to send stickers or set or the ability to customize disappearing messages.

It, furthermore, has added payments (via MobileCoin) to its platform in April 2021, allowing users to exchange funds between each other. Marlinspike himself is considered to be friendly with MobileCoin’s founders.

How Does Signal Make Money?

Signals makes money via donations. The underlying organization is the Signal Technology Foundation, which is a non-profit 501c3 tax-exempt organization based in the United States.

To this date, Brian Acton’s $50 million donation in 2018 remains the largest the foundation has ever received.

It has to be noted though that Signal does not disclose its donor’s identity, hence most of its contributions are unknown to the public.

People can donate to the Signal Technology Foundation here. Donations can be made in regular currencies (such as the United States Dollar) or cryptocurrencies (via The Giving Block).

Right now, Signal’s team is solely focused on increasing its user base. The theory, as outlined by The Verge article above, is that the organization could be self-sustaining once Signal hits 100 million active users.

At that point, there would simply be enough people willing to donate (either regularly or once) to fund operations.

Nevertheless, there may be various options to monetize Signal. For instance, it could offer the ability to purchase customized avatars or provide premium subscriptions in exchange for access to some features.  

DuckDuckGo, a privacy-focused search engine out of Philadelphia, has built a $100 million a year business without tracking users or storing their data. Telegram, a direct competitor of Signal, announced that it would start some form of monetization in 2022 or 2023.

Hi folks, my name is Viktor! By day, I lead a tech team of 10 for an e-commerce startup. At night, I work on expressing my weird thoughts through this blog. And if there's time, I cuddle my cat..