I feel like a crazy person for having to write this, but: if you are starting a business (yes, non-profits are businesses), then you need to have a business plan. If you launch a business and you have not done the work to have a business plan, then in 99.999% of situations, your business will fail. A business plan includes market & competitive research, a revenue plan based on that research that includes realistic pricing models and costs, a marketing plan, and several options for when things don't turn out like you planned. This isn't even Business 101, this is like Remedial Intro to Business. If you don't have this worked out before you launch, you have already failed.
The corollary for this is as a user, you should determine whether or not the business you are planning to depend on has a business model before you choose to depend on them. If there is no apparent income stream, then the business will close at some point and you may as well skip all the heartburn and choose not to use that business for anything you care about. BlueSky, I'm looking at you right now.
Here is an example of one of their core growth plan items from the strategy above:
"Social Media Campaigns, Organic and Paid
Driving key messages around digital hygiene, decentralisation, and security on social media platforms to raise awareness."
The whole pdf is basically a collection of the remedial "go-to" SaaS growth blog posts everyone thinking about startups read: make content, build a community, turn your community into advocates, write about things people care about etc etc.
Given I've done this stuff for some 20+ years now, here is what is missing and frankly what most folks miss/don't want to admit:
This document basically has no ICP, who is the ideal customer? What is their persona? Who specifically are they, like, super specifically! You can't start with "oh anyone who wants anon-privacy first msg'ing!" That would have been like me at digitalocean saying "oh it's for anyone who needs a VM" - you can't execute a series of steps with that, you can't boil the ocean so to speak, we had to work through communities one at a time, we did: rails, node, php, devops/config management, in that order, split up over quarters and years, maybe it looked like we just...did developers, but we didn't, we slowly worked our way through all the developer communities slightly tailoring towards them while keeping things general enough.
The biggest problem here tho is the classic vitamin vs. aspirin problem. They're selling "better privacy" and "decentralization" - these are vitamins for the vast majority of people - they're things people say they care about in surveys but don't actually switch apps for. The 85% of adults who "want to do more to protect their privacy" aren't switching off WhatsApp. Are they the most secure messenger, or are they a token ecosystem with staking? Those attract fundamentally different people with different motivations...so just bolting them together creates confusion.
Folks need to stop thinking "we're going to do marketing" = "we're going to build a business" marketing, go to market, growth.. these are tiny components of overall business strategy. </rant>
> I feel like a crazy person for having to write this, but: if you are starting a business (yes, non-profits are businesses), then you need to have a business plan.
Not in tech you don't. The business plan these days is try and get as much investment money as you can to redistribute to your friends, have a few parties, hand out some Macbooks and try to get acquired by Google before your runway runs out.
> try to get acquired by Google before your runway runs out.
And on the user side, treat this outcome (company whose product you use being acquired by Google) the same as the company announcing it will go out of business within the next year, because Google will almost certainly shut the service down.
Exactly. The explicit plan for many/most tech startups is to raise VC money and get an exit before everything falls apart.
My last job was one of these. Everyone except the CEO and one designer quit. The money was drying up, CEO spent all his time chasing flashy big name customers who didn't want anything to do with us while ignoring customers begging to buy our product.
When I was in college, we were required to take a business class (Business 101) that mandated a finished business plan as part of the project.
It had to be long, in-depth, and include everything you mentioned.
I was incredibly surprised when I entered the tech and startup workforce that these were generally absent.
I had misunderstood the class and instructor and thought that you couldn't even start a business without one.
Then, when I started raising money for my own venture, I thought for sure a complete business plan was a prerequisite.
Nope. A few graphs, preferably hockey-shaped, and a good story were all that was necessary.
My venture failed, of course. But if I were to do it again, I would do myself the favor of having a complete plan. It would definitely save a lot of headaches and guessing in the moment.
There is some great irony that you can have a flashy app with good user growth, and get a chunk of cash from a vc firm. But if you want to get a loan from a Bank to open a restaurant you best have a business plan.
Privacy enthusiasts tend to align with anarchists - people who intrinsically distrust institutions. Maybe this also correlates with qualities like blind optimism, or disbelief in institutions like capitalism?
> Privacy enthusiasts tend to align with anarchists - people who intrinsically distrust institutions
That's not a reasonable definition. The distrust in the institution is actually a side effect of questioning the authority for authority sake. Anarchists aren't a bunch of individualists that want to burn down whatever we've got in terms of mechanisms in the society regardless if they are necessary. It's just the manifestation of the dialectical opposite of the expression of power and authority.
And privacy enthusiasts just know very well that power shifts and what once was a necessary mechanism can be abused by an elected authoritarian leader.
Slack (originally an MMO), Nintendo (card games), Nokia (rubber shoes) and Netflix (DVDs over snail mail) would disagree.
"We'll gather a bunch of talented people together, figure out what this industry needs and then do that, let's hope we can do that before the money runs out" can be a viable business plan. There's no guarantee it's going to work, there's never a guarantee a plan is going to work, but it can work sometimes.
Plans are useless, but planning is essential. IIRC Nintendo had been operating for decades before they shifted to videogames. And Glitch (the MMO that gave birth to Slack) was also very much a product with a plan. Plan failed, or execution failed, or the industry shifted, or something else, or all or the above. But for sure it was not just "a bunch of talented people."
My advice: If you want people to give you money so that you don’t have to shut down, and you’re writing a ten paragraph plea for donations, consider using one of those paragraphs to tell people what your thing is.
Their logo actually links to their front page for once so it's not too hard to find out that Session is "The decentralized private messaging app", even if you're on a touchscreen. No need to fuss around and figure out how to get from "session.blogplace.org" to "getsession.com" by editing raw URLs like I feel happens with half the posts like this.
It could still use a paragraph or two of "why we believe it's important for this particular decentralized private messaging app to exist when there are about six hundred other decentralized private messaging apps out there that nobody but people who care passionately about decentralization are using", though.
Session was Australian based which means they would have to do all sorts of horrible things when asked by the government, such as even letting police impersonate users...
I just checked and they claim to have moved their infra to Switzerland.
There are many other issues, some I've forgotten about since I would never trust it in the first place. They also require a phone number even!
Seeing them go, I feel neutral. It's always good to have more anonymity software, just not this for me.
No? Where did you get this from? I have used the app was never asked anything. I was given an id I could share with others and that's it. Very simple. I wish more apps had this easy onboarding process.
No legal mechanism with such breadth exists in Australia. There was a great deal of overblown media reporting but the law [0] makes it explicitly clear that any request that requires a "systemic weakness", "systemic vulnerability" or anything of the like is null and void. Those terms are defined [1]. Note that it doesn't say the government can't request such a thing, it says that such a request "has no effect". It's simply dead on arrival.
My understanding is that the government could compel Facebook to publish a version of WhatsApp with a special mode that sends all messages to the police if the user ID is 1234567. This introduces a vulnerability but it is limited to one specific person. If your user ID is not 1234567, you're completely unaffected.
However my understanding is that the government cannot compel Facebook to compel a version of WhatsApp that, when it receives a special message, silently starts sending plaintext copies of every other message it receives to the police. Such a mechanism would be a systematic weakness that affects people other than those for which a warrant has been issued, so the notice would "have no effect".
The government could also not compel a source-available app with verifiable builds to stop distributing them so that it can add a secret user ID branch like the one I mentioned above for WhatsApp.
That’s not really a big deal since the session encryption was insecure anyway. It feels almost like a honeypot after they've removed forward secrecy. If you’re looking for a decentralized alternative SimpleX Chat is a more secure option.
Considering how fiercely anti-encryption the UK is/has become (because "only child molesters care about encryption!"), this is sadly reason enough for me not to trust it.
Do I believe they have a backdoor in their software? No.
But if the UK passes a law demanding they introduce one...
The problem with XMPP is that most clients use an outdated and insecure implementation of OMEMO. This includes popular clients such as Conversations and Gajim. Currently only Profanity and Kaidan use the latest version and you must always assume that the encryption has been secretly downgraded because the other person is using an insecure client. I highly recommend Soatek's blog post on this topic. https://soatok.blog/2024/08/04/against-xmppomemo/
Afaik Germany is one of the most expensive countries for employing white collar jobs?
The gross income to the employee might be 75k in Germany, but the cost to the employer is roughly twice that amount in turn.
In my (very naive) mental model, US salaries are higher, have less "overhead" for the employer, but leave more responsibility (healthcare, retirement) to the employee.
Employer cost is not 2x, more like 1.2x, employer overhead is mostly insurance related stuff. We had salaray to employer cost tables at my previous job.
What true though is that after taxes you might just receive 60% of your total salary once you deduct taxes and insurances.
Yeah , but the German pension system is unfortunately a scam .
Therefore everyone is responsible for their own retirement (private investments e.g etfs) .
> In my (very naive) mental model, US salaries are higher, have a lot less "overhead" for the employer, but leave more responsibility (healthcare, retirement) to the employee.
Unfortunately this time, AI does not have vacations, healthcare, retirement or bills to pay and is available 24/7, 365 days on demand.
Many companies only see this as an opportunity to cut down on employees in 2026 and Session will do the same.
So that is why to answer your question:
> ...Germany is one of the most expensive countries for employing white collar jobs?
The main reason why the downsizing will continue until "AGI" is achieved internally.
Surprised to hear this since my understanding was that Session was run on a crypto coin based, user hosted onion routing servers. Do they mean the dev company behind Session is shutting down?
An anecdote I have: a friend once had narcotics shipped intl. through Session a few years ago.
Within the US, it's far more common than you think. That's typical senior dev money in a large company in cities like St Louis or KC. What is rare outside of the biggest markets is the whole "enough RSUs to double your salary" thing.
Nah, like others have said - 150k is fairly normal for senior positions in any decently sized metro in the US at this point.
Even a decade ago, seniors could easily be pulling 120-150k in markets like Houston/Atlanta/Miami/etc... The relatively cheap markets.
I'm in Atlanta and I'd actually say 150k is a lowball offer for a senior in this market at this point. I'd expect 175k+.
Now - the flip side of this is that current competition is fairly insane with all the recent tech layoffs. So it's possible we're seeing some market correction. But I don't really think it's going to come down much. Between inflation and rising costs... 150k just isn't what it used to be. If it comes down... it's going to be because we're entering a real depression.
---
The amount of money the US government has printed in the last 7 years is... insane. And while it was starting to taper back down in 2023 and early 2024... then we got the GOP, and the GOP is objectively bad with money (not that the dems are that much better...). So m1 supply is rising at a relatively steady rate again.
We going to feel the consequences for a LONG time (or very, very badly for a medium time... with unknown results).
At least in my experience, having worked in both Florida and California, that's more of a wash than people imagine it's going to be -- and more so than the "cost of living calculators" tend to demonstrate, at least if you're a renter.
I actually ran a few numbers based on current costs. If you're making $120K/yr in Florida and paying the average cost for a 1-bedroom rental in Tampa ($1,642/mo, as of April 2026 according to Apartments.com), your after-tax take home is $98 (24% federal tax bracket, no state tax) and you have $78.4K after rent. If you're making $180K/yr in California and paying the average cost for a 1-bedroom rental in San Jose ($2,705/mo), your after-tax take home is $130.5K (24% federal tax bracket, 9.3% CA state tax bracket) and you have $98K left after housing.
You can keep fiddling with the numbers, but in most cases, the premium for getting a tech job in Silicon Valley is sufficiently high that you really are making more in absolute dollars despite the higher cost of living.
That math breaks down if you have kids and need 4bdrm house commutable distance to work in good school district - prohibitively expensive in Bay Area and affordable on engineer salary in most tier 2 cities. If you do not have kids, Bay Area clearly wins, especially if you are ok with studio/1bdrm.
Interestingly I applied for one of their senior frontend positions that required a "high level of experience" in Australia, they said 120k AUD with no room to go higher. Went with an offer of 170k instead.
For a senior developer, $150,000 is about right. I'm looking at the latest half dozen jobs I've seen on LinkedIn for open senior developer positions and they all start at that number, and range up to $185k to $200k. Digging a little deeper, I see some th atstart well above that number, but it's for the huge companies you're thinking of -- Google, Netflix, Github.
Time to broaden their hiring pool then, $150k is double the cost of a senior developer in many other parts of the world (yes including English speaking first world countries).
When you've got 90 days till the doors close you cant be picky about your hiring pool.
Read the posting. They dont have money for a team, they don't have money for a senior developer. Whether $150k/FTE or $75k doesn't matter, because they don't have either of those.
Once the server and other costs have been paid, the have money for... maybe a part-time junior in Cambodia.
The claim is that 150k is the baseline that is often exceeded. I don't know the region you're looking for on LinkedIn, but what I see for European jobs is that they barely crack 100k for developers. At least the senior, non highly specialist, jobs I'm seeing.
Manchester is only about 10% below London, other cities along the M62 are about 15% below according to the salary benchmarking data I've seen. The bigger difference is more in the number and type of available roles.
That salary would be above the median for most perm senior dev positions in London, but still well within the usual range for established tech companies and well-funded startups.
For a Senior perhaps. The figures I find for Switzerland are more in the 90-120 range depending on the source. Also, I think what OP was referring to is the 'most markets' bit. Switzerland is the best paying country in Europe (discounting London).
> Switzerland is the best paying country in Europe (discounting London).
How does that look when you correct for costs of living, because I imagine that would put London at the bottom of the list, as one of those places where senior-level tech salary is not enough to afford living in the city itself (and I don't mean the City of London, but the rest of it too).
"Session is an end-to-end encrypted messenger that protects your private data. A decentralized app designed, built, and operated by a global community of privacy experts."
I had never heard of this, why session over signal?
Edit: here is a snippet from google AI:
Signal is a secure, user-friendly WhatsApp alternative requiring a phone number, while Session prioritizes maximum anonymity with no phone number, onion routing, and a decentralized network
It's sad but I'll forever remember them for having the best tagline ever on their frontpage:
"Send messages, not metadata"
We all know who this is directed at: the project(s) pretending to offer privacy but that need to collect your cellphone and that'll happily be able to know who you exchanges messages with.
Project(s) whom, moreover, have often weird shills that, if you squint your eyes just a little bit, suddenly look like xxxINT moles.
So if only for that tagline, thanks a huge lot: metadata are more important than the content of the messages themselves and you have no privacy if your phone number and contacts are known.
I'd love to know where the $600k that Vitalik Buterin donated to them 3 short months ago went. I don't think they've adequately addressed this question.
A few months ago, a Session update logged me out. I tried to log back in, but my passphrase caused Session to crash. I tried the Play Store version, the F-Droid version, and the desktop version.
Support told me that login method had been around for a while, and I didn’t know it. So suddenly, I was locked out and couldn’t access MY ACCOUNT. I used to promote Session, but since their support response was basically a big “fuck you,” I say “fuck you too,” and I hope people switch to SimpleX.
They should keep a single competent and curious senior developer who can do it all. In this age of AI, you can make do without having a whole team of developers.
I could never get it to work and I've tried several times. I kind of get the feeling I'm being blocked at the ISP level. We entered an era of the Internet where you're just not allowed to create secure communications.
Ha, and it was also used as a kind of low-rent/unmoderated alternative to Onlyfans.
Certainly, there were enough people making money through it that they should have been able to cover operating expenses. How did they go about appealing for donations - was there a notification inside the app, or did they rely on word of mouth?
I like the idea. But I’m pretty happy with Signal. Signal does require a phone number I think, but otherwise seems very similar.
Grounding identity in a phone number is very reasonable for almost all normal usage. It makes recovery simple. It does block the ultra paranoid use cases though. Oh well.
I primarily use a nearly-bottom end android phone that's a few years old and just recently switched to an even older, even lower end android phone that is six years old. Neither has that issue.
Obviously, I'm not really claiming that it's not possible people are experiencing this issue, but it can't possibly be widespread.
I feel like most likely people are using android skins that aggressively kill apps in the background.
I have that exact issue on a couple of not exactly low end Samsung phones. Holding them side by side with signal open. Delivery times vary wildly. Whereas WhatsApp just works (though I hate it for other reasons)
>Grounding identity in a phone number is very reasonable for almost all normal usage
In many jurisdictions, telecoms form an abusive oligopoly, and you need to provide a state-issued identity document to get a phone number.
That is not at all reasonable for normal usage - unlike well-known non-abusive authentication methods, such as a keypair; or its even simpler cousin, the username/password.
I guess it depends on what you consider normal. Most of the humans I know find it vastly easier to produce a state issued id to an authority than to generate a public/private key pair.
Well, I and a lot of the people I'm going to talk to through things like Signal are going to have a state ID regardless as I live in a country where one practically needs to drive a car to function in society.
On top of that so many other things just inherently expect one to have a phone number. It would be somewhat odd to not have a phone number for most of the people I know and talk to through platforms like Signal.
So to your question of which is easier, having the state ID and a phone number is easier because I'll already have that for a multitude of reasons.
If you live in a place where its rare to have a phone number, then yes I agree Signal probably isn't a good choice.
Obtaining your first id is obviously difficult. But so is obtaining your first computer. If you’re on good terms with your government, obtaining the id is easier. That’s really the key. Sure if you focus on hostile states this stuff all makes sense. If you’re insistent on hiding from authorities then many things become much more difficult, by design.
Signal's code quality is not conducive to security. They had an extremely bad state management bug that resulted in photos being sent to random contacts in your list (potentially life ruining implications if you're sending private photos).
For this reason, it's hard to trust them. The encryption quality is irrelevant if the slop coded client is blasting random photos to random contacts.
Send a GIF to Contact A, Contact B receives random private images? Absolutely inexcusable slop code project. This class of state management bugs should not be possible with a well-architected client, period.
Signal's E2E encryption is more like End 2 Random End.
> In most markets Senior developers often command salaries exceeding $150,000 USD per year, and on top of this there are legal and operational overheads for running the STF.
Translation:
Our product makes no money, has no use case and we need $1M to survive.
Two ways a PE "cost saver" would fix this:
1. Claude + 1x senior engineer (in India).
2. CTO + Claude and no senior engineers / employees.
Given we have (allegedly) achieved "AGI" (heavily disputed) they don't need as many employees.
Especially those that are after $150k+ which when you can vibe code with Claude for less than $10k anyway. /s
So you are suggesting that a private communications and messaging system that proports to offer reliable anonymity is a reasonable use case for more-or-less unsupervised development by Claude? Because that is just the sort of use case where I would NOT trust an unsupervised AI.
I feel like a crazy person for having to write this, but: if you are starting a business (yes, non-profits are businesses), then you need to have a business plan. If you launch a business and you have not done the work to have a business plan, then in 99.999% of situations, your business will fail. A business plan includes market & competitive research, a revenue plan based on that research that includes realistic pricing models and costs, a marketing plan, and several options for when things don't turn out like you planned. This isn't even Business 101, this is like Remedial Intro to Business. If you don't have this worked out before you launch, you have already failed.
The corollary for this is as a user, you should determine whether or not the business you are planning to depend on has a business model before you choose to depend on them. If there is no apparent income stream, then the business will close at some point and you may as well skip all the heartburn and choose not to use that business for anything you care about. BlueSky, I'm looking at you right now.
nah. we never had a business plan and are still going strong 11 years later. 99.999% is a gross exaggeration of reality.
we’ll never actually have this data, but I bet there isn’t much correlation if any between having a business plan and being successful.
have you started a successful business?
I think this was their business plan. See if it works and, if it doesn't, shut it down
Is that a problem? Seems like a fair strategy. lol
Fair early, fail fast is a cornerstone of startup culture
Only if you're using other people's money.
https://cdn.sanity.io/files/btop3zhg/production/6cdd8502a5fd...
Closest thing I could find poking around.
Here is an example of one of their core growth plan items from the strategy above:
"Social Media Campaigns, Organic and Paid Driving key messages around digital hygiene, decentralisation, and security on social media platforms to raise awareness."
The whole pdf is basically a collection of the remedial "go-to" SaaS growth blog posts everyone thinking about startups read: make content, build a community, turn your community into advocates, write about things people care about etc etc.
Given I've done this stuff for some 20+ years now, here is what is missing and frankly what most folks miss/don't want to admit:
This document basically has no ICP, who is the ideal customer? What is their persona? Who specifically are they, like, super specifically! You can't start with "oh anyone who wants anon-privacy first msg'ing!" That would have been like me at digitalocean saying "oh it's for anyone who needs a VM" - you can't execute a series of steps with that, you can't boil the ocean so to speak, we had to work through communities one at a time, we did: rails, node, php, devops/config management, in that order, split up over quarters and years, maybe it looked like we just...did developers, but we didn't, we slowly worked our way through all the developer communities slightly tailoring towards them while keeping things general enough.
The biggest problem here tho is the classic vitamin vs. aspirin problem. They're selling "better privacy" and "decentralization" - these are vitamins for the vast majority of people - they're things people say they care about in surveys but don't actually switch apps for. The 85% of adults who "want to do more to protect their privacy" aren't switching off WhatsApp. Are they the most secure messenger, or are they a token ecosystem with staking? Those attract fundamentally different people with different motivations...so just bolting them together creates confusion.
Folks need to stop thinking "we're going to do marketing" = "we're going to build a business" marketing, go to market, growth.. these are tiny components of overall business strategy. </rant>
> I feel like a crazy person for having to write this, but: if you are starting a business (yes, non-profits are businesses), then you need to have a business plan.
Not in tech you don't. The business plan these days is try and get as much investment money as you can to redistribute to your friends, have a few parties, hand out some Macbooks and try to get acquired by Google before your runway runs out.
> The business plan these days is try and get as much investment money
I know you're trying to be snarky, but this is itself a business plan and will impact how the company is operated.
> try to get acquired by Google before your runway runs out.
And on the user side, treat this outcome (company whose product you use being acquired by Google) the same as the company announcing it will go out of business within the next year, because Google will almost certainly shut the service down.
Exactly. The explicit plan for many/most tech startups is to raise VC money and get an exit before everything falls apart.
My last job was one of these. Everyone except the CEO and one designer quit. The money was drying up, CEO spent all his time chasing flashy big name customers who didn't want anything to do with us while ignoring customers begging to buy our product.
When I was in college, we were required to take a business class (Business 101) that mandated a finished business plan as part of the project.
It had to be long, in-depth, and include everything you mentioned.
I was incredibly surprised when I entered the tech and startup workforce that these were generally absent.
I had misunderstood the class and instructor and thought that you couldn't even start a business without one.
Then, when I started raising money for my own venture, I thought for sure a complete business plan was a prerequisite.
Nope. A few graphs, preferably hockey-shaped, and a good story were all that was necessary.
My venture failed, of course. But if I were to do it again, I would do myself the favor of having a complete plan. It would definitely save a lot of headaches and guessing in the moment.
There is some great irony that you can have a flashy app with good user growth, and get a chunk of cash from a vc firm. But if you want to get a loan from a Bank to open a restaurant you best have a business plan.
Privacy enthusiasts tend to align with anarchists - people who intrinsically distrust institutions. Maybe this also correlates with qualities like blind optimism, or disbelief in institutions like capitalism?
> Privacy enthusiasts tend to align with anarchists - people who intrinsically distrust institutions
That's not a reasonable definition. The distrust in the institution is actually a side effect of questioning the authority for authority sake. Anarchists aren't a bunch of individualists that want to burn down whatever we've got in terms of mechanisms in the society regardless if they are necessary. It's just the manifestation of the dialectical opposite of the expression of power and authority.
And privacy enthusiasts just know very well that power shifts and what once was a necessary mechanism can be abused by an elected authoritarian leader.
> Privacy enthusiasts tend to align with anarchists
That's a mighty broad brush you're painting with over there.
What do anti privacy enthusiasts align with?
Statists, I suppose.
Slack (originally an MMO), Nintendo (card games), Nokia (rubber shoes) and Netflix (DVDs over snail mail) would disagree.
"We'll gather a bunch of talented people together, figure out what this industry needs and then do that, let's hope we can do that before the money runs out" can be a viable business plan. There's no guarantee it's going to work, there's never a guarantee a plan is going to work, but it can work sometimes.
You’re neglecting the fact that each one of those businesses had a plan, they just pivoted to more successful plans.
Plans are useless, but planning is essential. IIRC Nintendo had been operating for decades before they shifted to videogames. And Glitch (the MMO that gave birth to Slack) was also very much a product with a plan. Plan failed, or execution failed, or the industry shifted, or something else, or all or the above. But for sure it was not just "a bunch of talented people."
I believe NetFlix actually had a plan to stream movies from the start (hence the name) and just did the DVD shipping as a way to get started.
My advice: If you want people to give you money so that you don’t have to shut down, and you’re writing a ten paragraph plea for donations, consider using one of those paragraphs to tell people what your thing is.
If we knew what it was, we might want to help.
It's Signal but blockchain
Their logo actually links to their front page for once so it's not too hard to find out that Session is "The decentralized private messaging app", even if you're on a touchscreen. No need to fuss around and figure out how to get from "session.blogplace.org" to "getsession.com" by editing raw URLs like I feel happens with half the posts like this.
It could still use a paragraph or two of "why we believe it's important for this particular decentralized private messaging app to exist when there are about six hundred other decentralized private messaging apps out there that nobody but people who care passionately about decentralization are using", though.
(This is not a question that I feel their FAQ addresses, either: https://getsession.org/faq)
It's in the footer but yeah
Session was Australian based which means they would have to do all sorts of horrible things when asked by the government, such as even letting police impersonate users...
I just checked and they claim to have moved their infra to Switzerland.
There are many other issues, some I've forgotten about since I would never trust it in the first place. They also require a phone number even!
Seeing them go, I feel neutral. It's always good to have more anonymity software, just not this for me.
> They also require a phone number even!
No? Where did you get this from? I have used the app was never asked anything. I was given an id I could share with others and that's it. Very simple. I wish more apps had this easy onboarding process.
https://www.theguardian.com/australia-news/2024/nov/05/sessi... they moved more than their infra
> They also require a phone number even!
"You don’t need a mobile number or an email to make an account with Session." - https://getsession.org/faq#identity-protection
No legal mechanism with such breadth exists in Australia. There was a great deal of overblown media reporting but the law [0] makes it explicitly clear that any request that requires a "systemic weakness", "systemic vulnerability" or anything of the like is null and void. Those terms are defined [1]. Note that it doesn't say the government can't request such a thing, it says that such a request "has no effect". It's simply dead on arrival.
My understanding is that the government could compel Facebook to publish a version of WhatsApp with a special mode that sends all messages to the police if the user ID is 1234567. This introduces a vulnerability but it is limited to one specific person. If your user ID is not 1234567, you're completely unaffected.
However my understanding is that the government cannot compel Facebook to compel a version of WhatsApp that, when it receives a special message, silently starts sending plaintext copies of every other message it receives to the police. Such a mechanism would be a systematic weakness that affects people other than those for which a warrant has been issued, so the notice would "have no effect".
The government could also not compel a source-available app with verifiable builds to stop distributing them so that it can add a secret user ID branch like the one I mentioned above for WhatsApp.
[0]: https://classic.austlii.edu.au/au/legis/cth/consol_act/ta199...
[1]: https://classic.austlii.edu.au/au/legis/cth/consol_act/ta199...
That’s not really a big deal since the session encryption was insecure anyway. It feels almost like a honeypot after they've removed forward secrecy. If you’re looking for a decentralized alternative SimpleX Chat is a more secure option.
My issue with SimpleX is that the company is in the UK, and it's developed in the UK under UK law. https://simplex.chat/transparency/
Considering how fiercely anti-encryption the UK is/has become (because "only child molesters care about encryption!"), this is sadly reason enough for me not to trust it.
Do I believe they have a backdoor in their software? No.
But if the UK passes a law demanding they introduce one...
Or the mature and robust XMPP + OMEMO.
The problem with XMPP is that most clients use an outdated and insecure implementation of OMEMO. This includes popular clients such as Conversations and Gajim. Currently only Profanity and Kaidan use the latest version and you must always assume that the encryption has been secretly downgraded because the other person is using an insecure client. I highly recommend Soatek's blog post on this topic. https://soatok.blog/2024/08/04/against-xmppomemo/
Not sure why it's always a binary: either give us $1M or we shut down.
Vast majority of products and services can continue on or near zero, with slow or zero velocity.
Really, you can't fire half the team if you have to and keep operating?
1.75M MAU requires very small infrastructure.
Yeah, there is no way they need $1M for the servers, come on...
God forbid someone get paid for their work.
Paid is desirable. Overpaid, not so much.
$150k is overpaid for a senior engineer?
In most of the world, yes.
Depends on what "senior" means. Every company has its own definition.
If it were actually decentralised, it wouldn't really have huge costs to worry about...
> In most markets Senior developers often command salaries exceeding $150,000 USD per year
Why not outsource this to a cheaper country? For example, here in Germany salaries are about half of that, and the talent pool is excellent.
Afaik Germany is one of the most expensive countries for employing white collar jobs?
The gross income to the employee might be 75k in Germany, but the cost to the employer is roughly twice that amount in turn.
In my (very naive) mental model, US salaries are higher, have less "overhead" for the employer, but leave more responsibility (healthcare, retirement) to the employee.
Employer cost is not 2x, more like 1.2x, employer overhead is mostly insurance related stuff. We had salaray to employer cost tables at my previous job.
What true though is that after taxes you might just receive 60% of your total salary once you deduct taxes and insurances.
Yeah , but the German pension system is unfortunately a scam . Therefore everyone is responsible for their own retirement (private investments e.g etfs) .
> In my (very naive) mental model, US salaries are higher, have a lot less "overhead" for the employer, but leave more responsibility (healthcare, retirement) to the employee.
Unfortunately this time, AI does not have vacations, healthcare, retirement or bills to pay and is available 24/7, 365 days on demand.
Many companies only see this as an opportunity to cut down on employees in 2026 and Session will do the same.
So that is why to answer your question:
> ...Germany is one of the most expensive countries for employing white collar jobs?
The main reason why the downsizing will continue until "AGI" is achieved internally.
Id do it for 1/3rd!
Claude (or any other chatbot) can do it for 1/100th of the cost and faster than anyone.
So $150k+ is overpriced.
this is true, Claude and other LLMs are highly skilled at producing secure code
Name checks out.
Less Claudtistic apps, not more.
Add 30% on top of your salary to cover social contributions+ healthcare.
Surprised to hear this since my understanding was that Session was run on a crypto coin based, user hosted onion routing servers. Do they mean the dev company behind Session is shutting down?
An anecdote I have: a friend once had narcotics shipped intl. through Session a few years ago.
They don’t say how they plan to avoid a repeat scenario a few months down the line.
Donations are fine, but something needs to change or people are just propping up a non-viable business.
Never heard of them, and this page doesn't tell me what they do, but I've laughed at this line
> In most markets Senior developers often command salaries exceeding $150,000 USD per year
Not really, there's basically a single sub-market in the US market where that is the norm.
Within the US, it's far more common than you think. That's typical senior dev money in a large company in cities like St Louis or KC. What is rare outside of the biggest markets is the whole "enough RSUs to double your salary" thing.
Nah, like others have said - 150k is fairly normal for senior positions in any decently sized metro in the US at this point.
Even a decade ago, seniors could easily be pulling 120-150k in markets like Houston/Atlanta/Miami/etc... The relatively cheap markets.
I'm in Atlanta and I'd actually say 150k is a lowball offer for a senior in this market at this point. I'd expect 175k+.
Now - the flip side of this is that current competition is fairly insane with all the recent tech layoffs. So it's possible we're seeing some market correction. But I don't really think it's going to come down much. Between inflation and rising costs... 150k just isn't what it used to be. If it comes down... it's going to be because we're entering a real depression.
---
The amount of money the US government has printed in the last 7 years is... insane. And while it was starting to taper back down in 2023 and early 2024... then we got the GOP, and the GOP is objectively bad with money (not that the dems are that much better...). So m1 supply is rising at a relatively steady rate again.
We going to feel the consequences for a LONG time (or very, very badly for a medium time... with unknown results).
the rare market is 250k+. You can get 150k in cleveland or milwaukee
I'd consider this a lowball in Austin
Whats the take-home after housing and expenses tho? It's the same in CA... massive salaries, but also massive taxes+housing expenses.
At least in my experience, having worked in both Florida and California, that's more of a wash than people imagine it's going to be -- and more so than the "cost of living calculators" tend to demonstrate, at least if you're a renter.
I actually ran a few numbers based on current costs. If you're making $120K/yr in Florida and paying the average cost for a 1-bedroom rental in Tampa ($1,642/mo, as of April 2026 according to Apartments.com), your after-tax take home is $98 (24% federal tax bracket, no state tax) and you have $78.4K after rent. If you're making $180K/yr in California and paying the average cost for a 1-bedroom rental in San Jose ($2,705/mo), your after-tax take home is $130.5K (24% federal tax bracket, 9.3% CA state tax bracket) and you have $98K left after housing.
You can keep fiddling with the numbers, but in most cases, the premium for getting a tech job in Silicon Valley is sufficiently high that you really are making more in absolute dollars despite the higher cost of living.
That math breaks down if you have kids and need 4bdrm house commutable distance to work in good school district - prohibitively expensive in Bay Area and affordable on engineer salary in most tier 2 cities. If you do not have kids, Bay Area clearly wins, especially if you are ok with studio/1bdrm.
Interestingly I applied for one of their senior frontend positions that required a "high level of experience" in Australia, they said 120k AUD with no room to go higher. Went with an offer of 170k instead.
Well, that aligns with both "total raise of 93k AUD" and "we need more money to afford to hire senior people"
For a senior developer, $150,000 is about right. I'm looking at the latest half dozen jobs I've seen on LinkedIn for open senior developer positions and they all start at that number, and range up to $185k to $200k. Digging a little deeper, I see some th atstart well above that number, but it's for the huge companies you're thinking of -- Google, Netflix, Github.
Time to broaden their hiring pool then, $150k is double the cost of a senior developer in many other parts of the world (yes including English speaking first world countries).
When you've got 90 days till the doors close you cant be picky about your hiring pool.
Read the posting. They dont have money for a team, they don't have money for a senior developer. Whether $150k/FTE or $75k doesn't matter, because they don't have either of those.
Once the server and other costs have been paid, the have money for... maybe a part-time junior in Cambodia.
The claim is that 150k is the baseline that is often exceeded. I don't know the region you're looking for on LinkedIn, but what I see for European jobs is that they barely crack 100k for developers. At least the senior, non highly specialist, jobs I'm seeing.
>Never heard of them
They're big on dark web drug markets.
That salary is not unheard of at all in London. Especially when you convert £ to $.
Sure but Londons known for being high wages. Now change that location to Cornwall or the North of England and watch it get almost cut in half.
Manchester is only about 10% below London, other cities along the M62 are about 15% below according to the salary benchmarking data I've seen. The bigger difference is more in the number and type of available roles.
That salary would be above the median for most perm senior dev positions in London, but still well within the usual range for established tech companies and well-funded startups.
not unheard of, but not typical.
They are based in Switzerland . 140k USD median dev salary
Interesting claim, where do you gather that data? The quick results I got where from a 2024 report on TheNextWeb claiming its around 90k USD equivalent in Switzerland https://thenextweb.com/news/european-cities-highest-salaries...
Market rate for a senior engineer in much, much poorer Poland exceeds 80k at current exchange rates - ask me how I know.
I also had a contract in Switzerland for a brief, beautiful moment and in 2020 it was not weird to have an hourly rate exceeding 90CHF/h in this role.
Permanent employees were making anywhere in the range of 100-130k CHF, so the 140k USD figure is close adjusted for inflation.
https://swissdevjobs.ch/salaries
Thanks for the data, 117500 CHF converted today is around 148k USD, and that means being in the top 25%
It clearly says that the median is 110k CHF ~ 140k USD
For a Senior perhaps. The figures I find for Switzerland are more in the 90-120 range depending on the source. Also, I think what OP was referring to is the 'most markets' bit. Switzerland is the best paying country in Europe (discounting London).
> Switzerland is the best paying country in Europe (discounting London).
How does that look when you correct for costs of living, because I imagine that would put London at the bottom of the list, as one of those places where senior-level tech salary is not enough to afford living in the city itself (and I don't mean the City of London, but the rest of it too).
I wouldn’t have replied if the session foundation hadn’t been based in Switzerland.
Yeah I'm not sure what they do, or why they need support
A collection of strongly opinionated crypto experts running on hopes more than money is no way to run a government^W^W a messaging app
I had never heard of this, why session over signal?
Edit: here is a snippet from google AI:
> 65000 USD in donations > enough for infrastructure for the next 90 days
20k per month in infrastructure. Excuse me, what?
They're taking about paying for full time developers.
> To date, the STF has received approximately $65,000 in donations. This is enough to maintain critical Session infrastructure for the next 90 days.
Excuse me, what?! Spending $22k a month in infra as a pre-money startup is insane.
It's sad but I'll forever remember them for having the best tagline ever on their frontpage:
We all know who this is directed at: the project(s) pretending to offer privacy but that need to collect your cellphone and that'll happily be able to know who you exchanges messages with.Project(s) whom, moreover, have often weird shills that, if you squint your eyes just a little bit, suddenly look like xxxINT moles.
So if only for that tagline, thanks a huge lot: metadata are more important than the content of the messages themselves and you have no privacy if your phone number and contacts are known.
This is extortion.
They're hoping one of the rich dark web drug lords that use the app will sponsor them with crypto.
Never heard of Session until today.
I'm amazed by how many companies I first discover via their shutdown announcement on Hacker News.
I'd love to know where the $600k that Vitalik Buterin donated to them 3 short months ago went. I don't think they've adequately addressed this question.
seems like it was $300k (the total was split between simpleX and session), but still—fair question
A few months ago, a Session update logged me out. I tried to log back in, but my passphrase caused Session to crash. I tried the Play Store version, the F-Droid version, and the desktop version.
Support told me that login method had been around for a while, and I didn’t know it. So suddenly, I was locked out and couldn’t access MY ACCOUNT. I used to promote Session, but since their support response was basically a big “fuck you,” I say “fuck you too,” and I hope people switch to SimpleX.
I don't personally use it, but regardless, it'd be a shame to see it go
If you need decentralized messaging and not some cryptocoin front, Delta Chat (https://delta.chat/) is what you're looking for.
They should keep a single competent and curious senior developer who can do it all. In this age of AI, you can make do without having a whole team of developers.
I could never get it to work and I've tried several times. I kind of get the feeling I'm being blocked at the ISP level. We entered an era of the Internet where you're just not allowed to create secure communications.
Sad. I will need a new way to communicate with my guy.
Ha, and it was also used as a kind of low-rent/unmoderated alternative to Onlyfans.
Certainly, there were enough people making money through it that they should have been able to cover operating expenses. How did they go about appealing for donations - was there a notification inside the app, or did they rely on word of mouth?
“Gas, grass or ass - nobody rides for free”
https://simplex.chat is the best option.
I like the idea. But I’m pretty happy with Signal. Signal does require a phone number I think, but otherwise seems very similar.
Grounding identity in a phone number is very reasonable for almost all normal usage. It makes recovery simple. It does block the ultra paranoid use cases though. Oh well.
Session is not similar to Signal.
Session aims to provide anonymity, Signal aims to provide privacy.
>> Grounding identity in a phone number is very reasonable for almost all normal usage.
Yeah if you compare that with Facebook messenger and other such services but if you want secure communication it's not reasonable.
signal is really crappy. It fails at the most basic feature which is : deliver the message on time.
does it? have you been trying to use signal while disconnected from the internet?
I had a friend who complained about this too. I never understood it. She had a really cheap old android phone. Maybe that’s the issue?
I primarily use a nearly-bottom end android phone that's a few years old and just recently switched to an even older, even lower end android phone that is six years old. Neither has that issue.
Obviously, I'm not really claiming that it's not possible people are experiencing this issue, but it can't possibly be widespread.
I feel like most likely people are using android skins that aggressively kill apps in the background.
I have that exact issue on a couple of not exactly low end Samsung phones. Holding them side by side with signal open. Delivery times vary wildly. Whereas WhatsApp just works (though I hate it for other reasons)
> otherwise seems very similar.
It's worth mentioning that Session had started out as a fork of signal.
>Grounding identity in a phone number is very reasonable for almost all normal usage
In many jurisdictions, telecoms form an abusive oligopoly, and you need to provide a state-issued identity document to get a phone number.
That is not at all reasonable for normal usage - unlike well-known non-abusive authentication methods, such as a keypair; or its even simpler cousin, the username/password.
I guess it depends on what you consider normal. Most of the humans I know find it vastly easier to produce a state issued id to an authority than to generate a public/private key pair.
What's easier: to obtain state ID, or to sign up to a website with your preferred username and password?
Well, I and a lot of the people I'm going to talk to through things like Signal are going to have a state ID regardless as I live in a country where one practically needs to drive a car to function in society.
On top of that so many other things just inherently expect one to have a phone number. It would be somewhat odd to not have a phone number for most of the people I know and talk to through platforms like Signal.
So to your question of which is easier, having the state ID and a phone number is easier because I'll already have that for a multitude of reasons.
If you live in a place where its rare to have a phone number, then yes I agree Signal probably isn't a good choice.
Obtaining your first id is obviously difficult. But so is obtaining your first computer. If you’re on good terms with your government, obtaining the id is easier. That’s really the key. Sure if you focus on hostile states this stuff all makes sense. If you’re insistent on hiding from authorities then many things become much more difficult, by design.
Signal's code quality is not conducive to security. They had an extremely bad state management bug that resulted in photos being sent to random contacts in your list (potentially life ruining implications if you're sending private photos).
For this reason, it's hard to trust them. The encryption quality is irrelevant if the slop coded client is blasting random photos to random contacts.
Source?
It would've taken you less time to Google, but sure: https://www.bleepingcomputer.com/news/security/signal-fixes-...
Send a GIF to Contact A, Contact B receives random private images? Absolutely inexcusable slop code project. This class of state management bugs should not be possible with a well-architected client, period.
Signal's E2E encryption is more like End 2 Random End.
> In most markets Senior developers often command salaries exceeding $150,000 USD per year, and on top of this there are legal and operational overheads for running the STF.
Translation:
Our product makes no money, has no use case and we need $1M to survive.
Two ways a PE "cost saver" would fix this:
1. Claude + 1x senior engineer (in India).
2. CTO + Claude and no senior engineers / employees.
Given we have (allegedly) achieved "AGI" (heavily disputed) they don't need as many employees.
Especially those that are after $150k+ which when you can vibe code with Claude for less than $10k anyway. /s
Job done.
So you are suggesting that a private communications and messaging system that proports to offer reliable anonymity is a reasonable use case for more-or-less unsupervised development by Claude? Because that is just the sort of use case where I would NOT trust an unsupervised AI.
That is probably the reason they added the /s at the end