Concerning, bc it indicates that the extent of the concentration of power in the hands of a few hyperscalers is way less widely understood than I’d assumed. Which bodes poorly for our ability to craft reality-based strategies capable of contesting this concentration & solving the

The question isn’t "why does Signal use AWS?" It’s to look at the infrastructural requirements of any global, real-time, mass comms platform and ask how it is that we got to a place where there’s no realistic alternative to AWS and the other hyperscalers. 3/

Running a low-latency platform for instant comms capable of carrying millions of concurrent audio/video calls requires a pre-built, planet-spanning network of compute, storage and edge presence that requires constant maintenance, significant electricity and persistent attention

Instant messaging demands near-zero latency. Voice and video in particular require complex global signaling & regional relays to manage jitter and packet loss. These are things that AWS, Azure, and GCP provide at global scale that, practically speaking, others (in the western

This isn't ‘'renting a server.' It's leasing access to a whole sprawling, capital-intensive, technically-capable system that must be just as available in Cairo as in Capetown, just as functional in Bangkok as Berlin. Particularly given the high stakes use cases of many who rely

Such infrastructure costs billions and billions of dollars to provision and maintain, and it’s highly depreciable. In the case of the hyperscalers, the staggering cost is cross-subsidized by other businesses–themselves also massive platforms with significant lockin. 7/

Meaning that infrastructure like AWS is not something that Signal, or almost anyone else, could afford to just “spin up.” Which is why nearly everyone that manages a real-time service–from Signal, to X, to Palantir, to Mastodon–rely at least in part on services provisioned by

But even if Signal had the billions needed to recreate AWS, it’s not just about money. The talent to run these systems is rare & concentrated. The expertise, the tooling, the playbooks, the very language of modern SRE came out of these hyperscalers, and is now synonymous with

So, yes, Signal runs on AWS. It also runs on your phone, which runs on iOS (Apple) or Android (Google). And on Dekstop, via Windows (Microsoft). Each of these presents similar dependencies on large entrenched tech companies, and concomitant barriers and risks. 10/

In short, the problem here is not that Signal ‘chose’ to run on AWS. The problem is the concentration of power in the infrastructure space that means there isn’t really another choice: the entire stack, practically speaking, is owned by 3-4 players. 11/

So, Signal does what we can to provide a service w integrity in the concentrated ecosystem we're working in. We protect your comms w end-to-end encryption, so that we can use AWS and others as a highway across which to send Signal data in ways that don’t let AWS, or anyone else,

To conclude: my silver lining hope is that AWS going down can be a learning moment, in which the risks of concentrating the nervous system of our world in the hands of a few players become very clear. And that this can help us craft ways of undoing this concentration and creating

@mer__edith @signalapp I was not surprised that you run on cloud infra. Nothing wrong with that. I personally was surprised that an outage of a single zone of a single cloud provider brought down signal. Use several cloud providers in several zones and throw in some bare metal hetzner boxes.

@klaehnr @signalapp We do use multiple clouds in multiple zones

@mer__edith Presumably the surprise-concern was as much about disabling comms rather than accessing?

@danbri Not following?

@mer__edith @signalapp There is one US agency that can read signal messages or have them read by other offshore agencies. Understand that for 99.999999% of all people using signal, you are not interesting to those agencies. Signal should evolve beyond AWS to something similar to Simplex. While not

@mer__edith Respectfully, this is a cop out thread. Signal should not topple over when one aws zone fails. This is acceptable for an early stage startup, not for a global messaging platform. What people want to hear is an apology and a clear improvement plan

@mer__edith Your point about only a few hyper scalers is valid but probably just how things will work given economics. Infrastructure like that usually has limited options - at least there is some competition. However, based on this outage, there are implementation patterns that would have

@mer__edith If Signal's end to end encryption works properly, the infrastructure provider of the service should not be a privacy concern, because they cannot decrypt the messages. They are an availability concern, as we saw during the outage.

@mer__edith Great thread. Again, Signal is designed so that it can run on any server and the content exchanged will still be unreadable because of the E2EE. You could even run it through a server in Russia and Vlad still couldn't be able to read anything you are exchanging.

@mer__edith Do you see the use of Decentralized Physical Infrastructure Networks as a viable option in the future with more maturity? Considering it’s not only about the hardware only but everything else required to manage this

@mer__edith Well written @mer__edith Even non-tech ppl should understand the basics of E2EE and have a fundamental understanding of cloud providers. Sadly, most don’t and this type of explanation is exactly what they need. You and the @signalapp team are outstanding!

@mer__edith @signalapp Is Signal working on hardening its services by using multiple avenues?

@mer__edith @threadreaderapp unroll please

@mer__edith Yes, but I would also set up a Signal nodes.

@mer__edith single point of failure

@mer__edith When did Signal move to AWS? Was it since the beginning when it was TextSecure/RedPhone?

@mer__edith Here at @YourSitee, @signalapp is our everyday messenger for the team. We’re fully behind you and really appreciate the straight talk. Keep doing what you’re doing!

@mer__edith It doesn't matter to me which cloud @signalapp uses — as long as it's open source and the E2E encryption stays rock solid, my trust remains. All our devices run on big platforms owned by big companies, but true privacy comes from strong encryption, not where the servers are.

@mer__edith Question. The network of mobile phones is many many times larger. Is the global cellular network incapable of running something like Signal?

@mer__edith @signalapp Please also let us know now that why off late you have locked a part of signal messenger. Are you not trying to sell signal like WhatsApp so it's a request. Do not cheat us. Just tell us clearly

@mer__edith Privacy isn’t about where your data lives — it’s about who can read it. 🔐