Many technologists today were disappointed to learn that Signal, an encrypted messaging service, is adopting MobileCoin (MOB), a new cryptocurrency that went live in December, for payments.
Signal is hugely popular in the tech world. I use it, and many of the people I correspond with use it as a safe and secure way of communicating. And many prefer it over WhatsApp and Telegram.
Now, the non-profit wants to take the next step into becoming a payments service—so you can send money, and nobody will know who you are sending it to, or why. Here’s the blog post announcing the beta build.
Andy Greenberg wrote up a story in Wired covering the main points of the announcement yesterday. The idea is to have a cryptocurrency designed to work efficiently on mobile devices while protecting users’ privacy—and anonymity. For now, Signal’s payment feature will be available only to users in the UK, and only on iOS and Android—not the desktop.
What is worth underscoring is that Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, was a paid advisor to MobileCoin. In fact, he was the original CTO of the company, according to an early MobileCoin white paper.
The price of MOB surged from $7 to $68 in the last week, according to Coinmarketcap—possibly because word of the announcement had leaked—before taking a dump overnight, dropping to $39. (MOB trades mainly on FTX, an Antigua and Barbuda-based cryptocurrency exchange.)
The price movements look a little like insider trading—just a little.
Interestingly, Signal kept their server code closed-source for a year to hide the integration. It only just recently re-open-sourced it, so who could have possibly known this big announcement was forthcoming?
Marlinspike told Wired he does not hold any MOB, which is hard to believe, given he was involved with the coin’s early development. (It is common practice in crypto for advisers and developers to get paid with the crypto of the projects they are involved in.) But who knows? Maybe he can’t hold any coins right now for regulatory reasons.
Most technologists, except for a vocal few, don’t like cryptocurrency, and for good reason. The space is rife with fraud and scams. So you can start to understand why they are unhappy.
“Signal users are overwhelmingly tech savvy consumers and we’re not idiots, Stephen Diehl, a UK-based software engineer, wrote in a blog post. “Do they think we don’t see through the thinly veiled pump and dump scheme that’s proposed? It’s an old scam with a new face.”
“Signal isn’t integrating just any random shitcoin, it is integrating Moxie Marlinspike’s random shitcoin,” Nicholas Weaver, an infosec specialist and researcher at the International Computer Science Institute in Berkeley, tweeted. “Gee, what a coinkidink. I wonder how much he’s unloaded on suckers already as a result of this pump & dump?”
One item the Wired article failed to mention: In April 2018, MobileCoin took $30 million in BTC and ETH from Binance Labs, the blockchain incubator of Binance—another popular offshore crypto exchange.
(Both FTX and Binance are huge Tether customers, by the way.)
The money is flowing in from elsewhere, too.
Last month, the project got an additional $11.35 million from venture capitalists Future Ventures and General Catalyst.
MobileCoin is a pre-mined coin. It has a total fixed supply of 250 million MOB. The project sold 35.7 million coins to private investors for $0.80 per coin in order to raise $30 million, according to its 2017 white paper.
So who is holding the rest of the coins?
Joshua Goldbard, the project’s founder, recently said on Hacker News that half the coins have now been sold, leaving MobileCoin in control of at least half the supply.
“MobileCoin has made over 50% of the coins available for purchase. We are currently figuring out how to give away coins while remaining regulatory compliant,” he said.
A centralized payment system
If Signal is trying to create a private payments system, is MobileCoin even the best choice? There are serious questions about how secure and decentralized it is.
Mobile is based on the Stellar code, originally derived from Ripple. Stellar is centralized, and has some major security issues. The platform is unproven, even if it’s still resilient.
MobileCoin took the Stellar codebase and added some stuff, including using Intel SGX—a chip that acts as a digital vault for securing users’ sensitive information. That means that users have to put 100% of their trust in Intel chips rather than software-based cryptography.
Also, MobileCoin is running on centralized powerhouse Azure, a cloud computing service created by Microsoft.
Further, if you look at MobileCoin’s “Trusted Nodes,” you’ll see that three entities are handling all of the consensus—and “MobileCoin Worldwide” is one of them. It’s hardly decentralized.
Signal’s non-profit status?
Signal Foundation was founded in April 2018 by Marlinspike and Brian Acton. It is registered as an independent 501(c)(3) nonprofit, meaning it has been approved by the IRS as a tax-exempt, charitable organization.
The firm’s non-profit status is now being called into question, after it became clear it will be getting handouts from MobileCoin.
Goldbard flat-out admitted on Hacker News: “I started MobileCoin to fund Signal. That’s it.”
Many Signal users are concerned that this represents a conflict of interest. Here you have a non-profit (in this case Signal Foundation) directly integrating MobileCoin in their app as a quid pro quo.
Just to add another slice of weirdness: MobileCoin has a MobileCoin Radio because “creation” needs privacy. I have no idea how this fits in with anything Signal or MobileCoin is doing. I’m not sure MobileCoin does either.
Here is how they explain it:
“MobileCoin Radio is a place for artists to share their creations with the world, in hopes that our shared struggle with the human condition inspires a heightened exploration of our cultural landscape and of ourselves.”
Anyway, Signal is probably going to lose some fans as a result of its foray into crypto. Why use MobileCoin in the first place when there are a host of battle-tested privacy coins to choose from? It makes no sense.
Security expert Bruce Schneier thinks it’s an incredibly bad idea that “muddies the morality of the product, and invites all sorts of government investigative and regulatory meddling: by the IRS, the SEC, FinCEN, and probably the FBI.” He thinks the two apps—crypto and secure communications—should remain separate. In his mind, this is going to ruin Signal for everyone.
And let’s not forget the disaster that ensued when Facebook tried to create Libra (now Diem). Regulators shot that idea down pretty quickly. Why does Signal think it will fare any better?
(Update April 7: An earlier version of this story incorrectly stated that the Wired article failed to mention that Marlinspike was a paid advisor to MobileCoin. Actually, it does mention that he is.)
If you enjoy my work, please support my writing by becoming a patron.