In 2013, the foundations of the digital world shook. Edward Snowden’s disclosures revealed that governments—particularly the United States through the NSA—had been conducting mass surveillance on a scale far beyond what the public had imagined. Trust in traditional communications platforms faltered overnight. People began to ask whether any digital conversation could truly remain private.

From this crucible of paranoia and disillusionment emerged one of the most important cryptographic innovations of the modern age: the Signal Protocol. Conceived by an unusual partnership of two cryptographers—Moxie Marlinspike and Trevor Perrin—it would go on to form the invisible cryptographic backbone of platforms used daily by billions, including WhatsApp, Facebook Messenger, Google Messages, and Skype.

This is not just a story of technical brilliance. It is a story about stubborn commitment to privacy, persistence through corporate acquisitions, and a refusal to bow to the relentless commercial pressures of Silicon Valley

The Anarchist and the Academic

The Signal Protocol’s origins lie in an unlikely duo.

Moxie Marlinspike, a pseudonym deliberately concealing his real identity, was already something of a digital anarchist. He had made his name as a cryptographer and activist, challenging assumptions about security and building tools designed to protect users from surveillance. In 2010, together with roboticist Stuart Anderson, he founded Whisper Systems, releasing two tools that would later become foundational to the secure messaging landscape: TextSecure and RedPhone.

Trevor Perrin, by contrast, brought a more academic sensibility. Where Marlinspike thrived on disruption, Perrin contributed rigour and formal structure. The two combined their talents to design a protocol strong enough to withstand not just the threats of the day but also those yet to emerge.

Originally known as the TextSecure Protocol, their creation was renamed the Signal Protocol in March 2016 to capture its broader potential. Its timing could not have been more apt. The Snowden revelations had made clear that governments were willing and able to pierce the veil of digital privacy at scale. A new system was urgently required—one that could resist.

The protocol they developed blended several innovations:

• The Double Ratchet Algorithm (initially named the Axolotl Ratchet), which ensured encryption keys advanced securely with each message.

• Prekeys, which enabled asynchronous communication—so messages could be sent even if the recipient was offline.

• A triple elliptic-curve Diffie–Hellman handshake, a cryptographic method of securing communications across uncertain channels.

The Double Ratchet’s regenerative qualities gave the system its salamander-inspired name. Like an axolotl regrowing a lost limb, the protocol could “self-heal.” Even if one set of keys was compromised, future conversations remained safe.

“The user is the customer, and they can prioritise their needs and desires over corporate profits or other motives.”*

— Brian Acton, Signal Foundation

The Twitter Interlude

The road to success was never smooth. In November 2011, Twitter acquired Whisper Systems. For the social media giant, the move was pragmatic: the company wanted Marlinspike’s expertise to shore up its own security vulnerabilities. For activists and users, however, the acquisition seemed disastrous.

RedPhone was promptly taken offline. Observers feared the tools designed to support people under repressive regimes—especially relevant during the Arab Spring—were being shelved just when they were most needed.

Then came a surprise twist. Instead of burying the technology, Twitter released TextSecure as open source under the GPLv3 licence in December 2011, followed by RedPhone in July 2012.

When Marlinspike eventually left Twitter, he founded Open Whisper Systems. With a small, dedicated team, he revived the projects as open-source efforts and continued development outside the constraints of corporate oversight.

The Protocol That Changed Everything

A decisive breakthrough arrived in February 2014. The release of TextSecure v2 integrated the Axolotl Ratchet and added asynchronous messaging. Suddenly, encrypted messaging was no longer just the preserve of technologists or activists—it became practical for everyday use.

By October 2014, the protocol had been examined by researchers at Ruhr University Bochum. They discovered theoretical vulnerabilities, but crucially concluded that the protocol was fundamentally secure. This validation gave the technology the academic seal of approval it needed to move from niche to mainstream.

The Billion-User Moment

The leap from underground tool to global infrastructure began in November 2014. WhatsApp announced it would integrate the Signal Protocol into its platform.

The rollout was gradual: first Android-to-Android texts, then group chats, voice calls, and finally every form of communication across Android, iPhone, Windows Phone, Nokia, and BlackBerry.

By April 2016, the integration was complete. More than one billion WhatsApp users were suddenly protected by Signal’s encryption—often without realising it. The shift was radical: even with a court order, WhatsApp itself could not decrypt user messages.

Other major players followed:

• Facebook Messenger added Signal Protocol in October 2016 with its “Secret Conversations” feature.

• Google integrated the protocol into Allo in 2016, and later into Google Messages for RCS.

• Microsoft adopted it in 2018 for Skype’s “Private Conversations”.

A once-niche privacy protocol had become the silent guardian of billions of conversations worldwide.

The Nonprofit Revolution

The technology alone would not have been enough. Its sustainability came from an unusual organisational model.

In February 2018, Moxie Marlinspike and WhatsApp co-founder Brian Acton announced the creation of the Signal Foundation, a nonprofit funded by Acton’s $50 million donation.

The move was revolutionary in Silicon Valley. Rather than chase venture capital and monetise user data, Signal would be accountable to no shareholders and beholden to no advertisers. As Acton argued, “The user is the customer”.

In 2022, Marlinspike stepped down as CEO. Brian Acton briefly took the reins before handing over to Meredith Whittaker later that year. A former Google executive known for leading the 2018 Google Walkouts, Whittaker brought both credibility and a hard-edged critique of surveillance capitalism.

The $50 Million Question

Signal’s nonprofit model has never been without challenges. By 2023, its costs had risen to around $40 million annually, with forecasts of $50 million by 2025.

The biggest expenses came from infrastructure: $14 million a year for servers and storage, and $6 million simply for SMS verification codes. Unlike commercial competitors, Signal could not offset these costs by monetising data or displaying ads.

Instead, it relied on a hybrid funding model: large donors like Jack Dorsey (who pledged $1 million per year), small individual contributions, and even cryptocurrency donations. By 2023, small donations had grown to cover 25% of total operating costs, up from 18% the previous year.

Every new feature—from contact lists to GIF searches—required additional layers of encryption. Privacy, in Signal’s case, literally came at a price

Quantum-Proofing the Future

Signal’s ambitions extend beyond today’s threats. By 2024, the app had an estimated 70–100 million active users. With quantum computing on the horizon, the foundation recognised that messages encrypted today could be harvested and decrypted years later.

In September 2023, Signal announced an upgrade from X3DH (Extended Triple Diffie–Hellman) to PQXDH (Post-Quantum Extended Diffie–Hellman). By incorporating the CRYSTALS-Kyber algorithm alongside elliptic-curve cryptography, Signal created a hybrid model resilient even against future quantum computers.

This wasn’t cryptographic showmanship. It was a practical defence against the strategy of “harvest now, decrypt later”

The Hacker’s Gambit

Perhaps the boldest illustration of Signal’s ethos came in 2021. Moxie Marlinspike somehow acquired equipment from Cellebrite, an Israeli company whose tools law enforcement used to crack phones.

Analysing the devices, Marlinspike discovered significant vulnerabilities. In a blog post equal parts technical breakdown and political statement, he hinted Signal could even insert files into its app designed to compromise Cellebrite’s systems during attempted extractions.

The message was unambiguous: Signal would not just encrypt. It would actively resist.

“The default mode is surveillance. That’s the environment we operate in.”

— Meredith Whittaker, Signal President

Signal Today: A Digital David

By 2024, Signal remained lean: roughly 50 employees, compared to thousands at its rivals. Yet the app had been downloaded more than 220 million times.

Usage spiked during moments of political tension. The 2025 “SignalGate” controversy—when Trump administration officials mistakenly included journalists in sensitive group chats—triggered the app’s biggest U.S. growth surge.

Under Meredith Whittaker’s leadership, Signal has doubled down on its mission. The foundation publishes unusual transparency about its finances—not just to raise donations, but to expose how other platforms offset their true costs through surveillance-driven business models. As Whittaker put it: “The default mode is surveillance. That’s the environment we operate in”

The Protocol’s Lasting Legacy

The impact of the Signal Protocol extends far beyond the Signal app. It is now the de facto standard for end-to-end encrypted communication. From WhatsApp’s billions of users to Google’s RCS adoption, the cryptographic methods pioneered by Marlinspike and Perrin are woven into the daily lives of people who may never have heard of them.

More profoundly, Signal has shown that mainstream digital tools can be built outside the logic of surveillance capitalism. It has carved out a viable, nonprofit alternative—albeit one constantly wrestling with sustainability.

Signal continues to innovate: refining post-quantum encryption and exploring cross-platform interoperability. The GSMA’s move to adopt MLS (Messaging Layer Security) for RCS Universal Profile 3.0 reflects lessons hard-won from Signal’s decade of evolution.

The Fight Continues

Yet the battle is far from over. Governments still debate backdoors and lawful access. Each moment of political unrest, each scandal of surveillance, triggers fresh waves of downloads. The correlation is stark: privacy is not an abstract value but a lived necessity.

For Signal, the great question is whether its $50 million-a-year model can hold. The foundation’s refusal to compromise remains a beacon, but one surrounded by hostile currents.

A decade after its birth, the encrypted messaging landscape is unrecognisable from 2013. The work of an anarchist cryptographer and an academic partner has scaled into an infrastructure protecting billions. Their refusal to monetise privacy has become something rare in the technology world: a working alternative to the default surveillance model.

In an age defined by corporate data harvesting and government monitoring, Signal stands as living proof that another digital path exists. Whether that path can remain sustainable in the face of mounting costs and intensifying political pressure is the defining challenge not just for Signal, but for the future of private communication itself.