Moxie Marlinspike, the creator of the Signal secure messaging app, on Monday announced his resignation as CEO of the company.
Marlinspike said he had always intended to grow Signal to the point that it could go on without his direct involvement but that wasn't possible as recently as four years ago when he was writing most of the code, managing employees, and personally handling support. Fast forward to today and Marlinspike said he rarely writes code and feels comfortable leaving matters in the hands of his leadership team.
Signal is one of only two mobile messaging apps deemed secure enough to be recommended by the Electronic Frontier Foundation, where "secure" means encrypted end-to-end with some degree of credibility. The other, Signal's much larger rival, is Meta's (Facebook's) WhatsApp.
Coincidentally, Marlinspike's temporary replacement will be Brian Acton, the co-founder of WhatsApp, who left that company in 2018 to co-found, with Marlinspike, the Signal Foundation, the 501c3 non-profit that oversees Signal Messenger, LLC, the app company.
The foundation's mission is, "To develop open source privacy technology that protects free expression and enables secure global communication."
"I will continue to remain on the Signal board, committed to helping manifest Signal’s mission from that role, and I will be transitioning out as CEO over the next month in order to focus on the candidate search," explained Marlinspike in a post announcing his departure. "Brian Acton, who is also on the Signal Foundation board, has volunteered to serve as interim CEO during the search period."
Signal had about 40 million active monthly users at the start of 2021; WhatsApp has more than two billion active monthly users.
Trouble at the messaging mill
Signal over the past few months has been rolling out support for MobileCoin, a cryptocurrency that purportedly offers private digital transactions – it works off an encrypted blockchain as opposed to a public blockchain. Beta testing began last April in the UK.
The organization's decision to integrate MobileCoin – for which Marlinspike served as an advisor during development – has been controversial, and isn't easily reconciled with Marlinspike's recent well-received critique of "web3," the IT infrastructure associated with DeFi (decentralized finance), NFTs (non-fungible tokens), and associated cryptocurrencies. Nor does it fit easily with the notion that Signal is run by a non-profit.
- Signal banned for booking obviously targeted ads? That story's too good to be true, Facebook claims
- Signal app's Moxie says it's possible to sabotage Cellebrite's phone-probing tools with booby-trapped file
- Signal boost: Secure chat app is wobbly at the moment. Not surprising after gaining 30m+ users in a week, though
- Signal goes Gaussian to take privacy to the next level: All your faces don't belong to us
Stephen Diehl, a London-based software developer and cryptocurrency critic, last year condemned Signal's embrace of MobileCoin as a punch to the gut and a betrayal.
"So many of us have spent significant time and social capital moving our friends and family away from the exploitative data siphon platforms that Facebook et al offer, and on to Signal in the hopes of breaking the cycle of commercial exploitation of our online relationships," he wrote in a blog post in April, 2021. "And some of us feel used."
Two days ago, with Signal's MobileCoin integration now available to at least some the app's users in the US, Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, echoed Alex Stamos's concern that combining end-to-end encryption with difficult-to-trace payments is a recipe for conflict with law enforcement authorities and governments.
Cryptographer Bruce Schneier offered a similar assessment of adding MobileCoin support in Signal last year.
"It’s not even that Signal is choosing to tie itself to a specific blockchain currency. It’s that adding a cryptocurrency to an end-to-end encrypted app muddies the morality of the product, and invites all sorts of government investigative and regulatory meddling: by the IRS, the SEC, FinCEN, and probably the FBI."
Marlinspike did not respond to a request for comment. ®