Conflicting signals: what to expect from Signal’s cryptocurrency initiative

At the beginning of April, the privacy-focused messenger Signal announced that a new beta version for UK residents includes the Signal Payments feature. It allows linking a digital wallet to the account and making payments with the cryptocurrency MobileCoin (MOB).

Not all Signal users approved of the idea of integrating cryptocurrency payments, although these plans were disclosed by its founder Moxie Marlinspike and MobileCoin founder Joshua Goldbard to Wired back in 2017. Signal’s Reddit page is filled with unhappy posts: some are concerned that payment integration will not best serve the messenger’s security, others think the project is trying to “cash in on blockchain” or simply wants to profit from cryptocurrency. Former Signal employees also described the initiative as a “risky endeavour”.

Despite the not-quite-smooth marketing and vague comments from developers, the Signal initiative could indeed be an attempt to enhance users’ financial privacy, rather than undermine it. We looked into what is known about MobileCoin and the project’s ties to the messenger’s founder.

Signal — Snowden’s favorite messenger

Signal is a secure messenger developed by Signal Messenger LLC, funded by the nonprofit Signal Foundation. The app was released in 2013 — it was previously known as TextSecure. Until 2018, development was led by Moxie Marlinspike’s Open Whisper Systems.

Signal has open-source code, and its main feature is end-to-end encryption (E2EE). In theory this means that access to the transmitted information is available only to the chat participants — even the developers cannot read the conversations. The messenger does not collect data about users and does not show them ads. 

To provide end-to-end encryption, the messenger uses the Signal Protocol, whose reliability and security have been confirmed by independent experts. The protocol was developed by Open Whisper Systems, but is used by third-party apps such as WhatsApp, Facebook Messenger and Skype.

Until recently, Signal enjoyed popularity among those who require a confidential channel of communication: journalists, human rights defenders and political activists. The messenger was praised by Jack Dorsey and Elon Musk, and Edward Snowden has been using it since 2015.

I use Signal every day. #notesforFBI (Spoiler: they already know) https://t.co/KNy0xppsN0

— Edward Snowden (@Snowden) November 2, 2015

In January 2021, WhatsApp updated its terms of service and privacy policy. The changes sparked a wave of discontent among users, who began migrating to more private messengers.

One of the beneficiaries of the situation was Signal: if at the start of last year around 15 million people used it, after the WhatsApp saga the user base was estimated at 40 million.

The app’s funding comes solely from investments and donations, which Signal has recently begun accepting in cryptocurrencies. 

Since 2018, the development of the messenger has been led by the Signal Foundation. Co-founder of WhatsApp Brian Acton, who invested $50 million in the project, is a co-founder of the Signal Foundation. These are the only investments the messenger has attracted so far.

Signal operates on a very tight budget, and against the backdrop of the need to scale the tech stack, funding problems have likely worsened. The stability of Signal’s infrastructure remains unsettled. During spikes in user activity, the client software effectively carried out a DDoS attack on its own server.

Why Signal isn’t the perfect messenger: we need decentralization.

Federated Matrix supports connecting to other networks via bridges. This is the kind of infrastructure Signal should aim for: https://t.co/CmRoVb97yf pic.twitter.com/5YONWZ99aO

— Habra (@habr_com) January 27, 2021

Undoubtedly, Acton underpins Signal, with Forbes valuing his net worth at $2.6 billion, and users are generous with donations. However the “Wikipedia” business model may not work.

One possible option is a partnership with an organization that can provide funding in exchange for access to the user base. This could work in payments, and MobileCoin enters the scene.

Joshua Goldbard himself stated outright that he created MobileCoin to fund Signal, and in the coming years intends to donate large sums to the messenger. It should not be forgotten that Moxie Marlinspike also played a direct role in developing the cryptocurrency.

Private payments for everyone

MobileCoin, according to the white paper, is an attempt to create a fast and convenient private cryptocurrency for users who are not technically adept at storing private keys for extended periods.

The MobileCoin payment network uses a Rust-modified version of the Stellar Consensus Protocol (SCP). To conceal transaction details, MobileCoin employs CryptoNote and zero-knowledge proofs [zero-knowledge proof].

CryptoNote preserves user anonymity through ring signatures (hiding the sender) and one-time addresses (hiding the recipient). The zero-knowledge proof protocol allows the “verifying” side to assess the validity of a mathematical function without any information from the “proving” side.

All calculations related to accounting and verification of transactions are delegated by MobileCoin to server nodes, which run on the Microsoft Azure cloud platform and use a fully updated copy of the cryptocurrency’s blockchain. The nodes manage users’ keys, so the servers store digital signatures used to encrypt each participant’s transactions.

To prevent node operators from accessing private keys, the servers are equipped with Intel chips with Software Guard Extensions (Intel SGX). These are expensive processors that allow applications to create secure enclaves — areas in the virtual address space protected from external reading and writing. Before connecting such an enclave to the network the system can verify that it runs up-to-date software, but neither MobileCoin users nor node operators can decrypt and view data stored in this area.

According to Goldbard, the time to compute a transaction hash in MobileCoin’s blockchain is 3 seconds. Tests show that the cryptocurrency network can process around 100 TPS, with the possibility to scale the tech stack to 10,000 TPS.

MobileCoin was designed with the expectation that it would be used by 1 billion people in the future, the project team says.

Opaque ties

It turns out that on paper MobileCoin is a private payment network capable of throughput comparable to Visa. Its focus on messaging suggests it could be a natural candidate for the first cryptocurrency added to Signal. However, not all is as smooth as it seems at first glance.

Some experts note that the MobileCoin white paper in many places essentially copies Monero’s technical documentation.

Found via user dethos on HN — the whole paper is just a copy / paste of https://t.co/mPER7syez7 which explains monero for beginners (though not sure how successfully) and describing XOR makes some sense in the original context.

— Tadge Dryja (@tdryja) April 7, 2021

Riccardo Spagni, who stood at the origins of the latter, noted that MobileCoin is based on developments from his team. Spagni confirmed that Goldbard modified Monero’s code using Rust, but he does not understand why he “refers to the dead project [CryptoNote], rather than to the project that actually gave them the cryptocurrency.”

This sort of low-integrity behaviour never bodes well, regardless of how well-intentioned a project is at the start.

— Riccardo Spagni (@fluffypony) April 6, 2021

There are many questions about the token distribution process among users. According to the project’s cryptographer with the handle Koe, MobileCoin’s total supply is 250 million MOB, issued during the mainnet launch in December 2020. Goldbard noted that at present only half of those tokens are available for purchase.

Token sales are handled by MobileCoin Token Services, affiliated with the MobileCoin Foundation. Alongside the mainnet launch, MobileCoin was listed on the crypto-derivatives exchange FTX; in January the exchange Hotbit added it to its platform, and in April Bitfinex did. That is currently the full list of venues supporting MobileCoin. However, this did not stop the token from rising more than 800% since early March—perhaps aided by a short squeeze.

In an early version of MobileCoin’s white paper it is stated that in a private presale the company would sell investors 37.5 million MOB at $0.80 each. The total sale would thus be $30 million. But Goldbard denied the authenticity of this document. However, after analyzing the metadata of the ‘fake’ and official white papers, CoinDesk journalists concluded that the first was created on December 9, 2017, and the second two days later.

In spring 2018, MobileCoin Inc. did raise $30 million in funding from the cryptocurrency exchange Binance and four other investors. In March 2021 the organization in two tranches received another $11.4 million from venture firms General Catalyst and Future Ventures.

Goldbard asserts that in 2018 MobileCoin sold investors 15% of the tokens — they own a smaller share of the total supply. The project team also holds a smaller portion of tokens (49%), which MobileCoin plans to use for funding and developing the ecosystem. He says the project is currently consulting with lawyers about which mechanism is best to use for distributing the cryptocurrency.

Because users cannot obtain MobileCoin tokens through mining, at present they can only buy them — on the secondary market or directly from MobileCoin Token Services.

“MobileCoin Inc. aims to keep as few tokens as possible in its own hands,” wrote Goldbard, referring to supply centralisation. The community, however, is unhappy with the very idea of selling coins with a premine to users. 

In the fake white paper Moxie Marlinspike is mentioned as the technical director of MobileCoin. Goldbard himself wrote that he founded the project together with Marlinspike and Shayne Glinn. In a Forbes article from 2018, Marlinspike is also named as one of the creators of the cryptocurrency.

In the MobileCoin white paper it is stated that Marlinspike is a technical adviser to the project, who is paid for his work. According to Goldbard, Marlinspike never served as CTO or founder of MobileCoin, but helped develop the project from the start.

Possible affiliation between MobileCoin and Signal has sparked discontent among community members. In this light, users began seeking answers to their pressing questions, in particular — why Signal chose a centralized currency when there are Monero and ZCash? Some speculate that the messenger funded the development of the cryptocurrency, hoping to profit financially from its launch.

Why Signal chose MobileCoin

Signal could not afford to go the Facebook route and build a cryptographic protocol from scratch — according to the messenger’s head of PR, Juna Harada, the company simply has no resources for that. Therefore Signal decided to add support for digital wallets serviced by third-party companies.

That approach relieves the messenger of some regulatory risk. Even if a jurisdiction bans cryptocurrency payments in Signal, the company can disable the feature in a single country by activating a dedicated server flag.

Harada noted that currencies like ZCash meet Signal’s privacy requirements, but have too low transaction throughput. Projects like Lightning Network, by contrast, do not provide strict privacy guarantees. MobileCoin, however, fits the criteria, and its design makes it easy to integrate payments into the messenger.

The bulk of the criticism of integrating MobileCoin with Signal is understandable. In the blockchain industry, stories where a project is created solely for profit are not uncommon. The confusion over the relations between the parties only fans the flames. Moreover, people do not want to lose a convenient messaging tool whose security has stood the test of time.

But Moxie Marlinspike has built a reputation for putting the idea above money. He developed the largest end-to-end encryption system trusted by giants like Facebook and Google. It should not be forgotten that the Signal Foundation is a nonprofit organization that has certain restrictions on spending and staff salaries. Even if MobileCoin donates a substantial sum to Signal, Marlinspike could not simply stash it in his pocket.

Despite reasonable critique, there is no need to be biased against the joint initiative. The two sides have only begun testing the payment tool; its full deployment is far off, if it ever happens.

As of today, the issue of integrating cryptocurrency payments into Signal is relevant only to a very limited circle of users — UK residents. The latter can decide the “problem” by simply turning off the feature in the app’s settings.

Follow ForkLog news on Telegram: ForkLog Feed — the full stream of news, ForkLog — the most important news, infographics and opinions.