I am not very well versed in their revenue spendings, I thnks many companies and organisations give them grants and help Signal cover their costs.
Also Signal is a great project and I think most would agree on that front.(except some snake oil Bros on Reddit who claim the centralisation of Signal is a bad thing and/or requirement of ph number is a “selling out to NSA” without any understanding of the slightest in cryptography/ITSec)
Signal became popular because it used the phone number backbone to easily expand on contact lists. Signal started out as an SMS app, though they’ve since discontinued SMS support which is somewhat unfortunate since that was what made it seamless for users to “upgrade” their SMS conversations.
With the removal of SMS support and the introduction of usernames, there’s little reason to recommend Signal over Matrix. The only thing it has going now is whatever network effect it currently has as well as the ease of discovering contacts using Signal because of the phone number requirement.
As for centralization, Matrix is nice in that it is decentralized, though might have some concerns of its own. The issues in that article can be mitigated/fixed, however.
I agree that Signal is good, but that doesn’t dismiss the validity of its centralized nature, security, privacy, and anonymity concerns.
Many argue decentralisation is a bad thing for security.
Also Signal is the only IM messaging service that have a proven track record for protecting user data. All of the others have had some form of data breaches major vurnerabilities of some kind of the other.
Also phone number requirement is necessary since not having it would mean an influx of bots and spammers. There needs be an good solution to replace the current potentially bad solution.
Identify verification would be a problem. All of these are already thought by Signal. A flawed implementation benefits nobody.
I am not downplaying the “issues” Signal has. If phone number requirement is something that bugs you, by all means, use an alternative.
As for the decentralisation issue, there are no good e2e decentralised cryptographic protocols as of now. Signal protocol, which encrypts messages of billions of people worldwide( WhatsApp, Google, FB uses it, albeit they modify the protocol to collect metadata) is at a much mature stage than any other.