If you’ve been anywhere near tech Twitter this past week, you’ve seen the numbers: Signal went from a niche privacy tool to the number one app in app stores across multiple countries. The catalyst? WhatsApp’s updated privacy policy that requires users to share data with Facebook, or lose access to the platform. What seemed like a routine terms-of-service update has turned into a full-blown exodus — and it’s worth examining why this time feels different.
The Privacy Policy That Broke the Camel’s Back#
Let’s be clear about what changed. WhatsApp’s new terms, announced on January 6th, require users to accept expanded data sharing with Facebook by February 8th. This includes phone numbers, transaction data, IP addresses, and various usage metrics. For users outside the EU (who are protected by GDPR), it’s essentially a take-it-or-leave-it proposition.
Now, WhatsApp has been sharing some data with Facebook since 2016. But this update removes the opt-out that previously existed, making it mandatory. The timing is particularly tone-deaf — coming off a year where privacy concerns about big tech reached a fever pitch, and just weeks after Facebook faced antitrust lawsuits from the FTC and 48 state attorneys general.
The response has been staggering. Signal reportedly saw millions of new installs in the days following the announcement. Telegram also benefited, claiming 25 million new users in just 72 hours. WhatsApp has since delayed the policy change to May 15th, but the damage to trust may already be done.
Why Signal Matters for the Open-Source Community#
What makes Signal interesting from a technical perspective isn’t just that it’s private — it’s how it achieves that privacy. The Signal Protocol, which provides end-to-end encryption, is open source and has been independently audited. Ironically, WhatsApp itself uses the Signal Protocol for message encryption. The difference lies in metadata: while the message content may be encrypted, WhatsApp collects extensive metadata about who you talk to, when, how often, and from where.
Signal, by contrast, is designed to minimize metadata collection. The organization has been transparent about this, even publishing the minimal data they were able to provide in response to a grand jury subpoena — essentially just the date an account was created and the last connection time.
As someone who’s spent decades working with open-source tools, I find Signal’s architecture refreshingly principled. The Signal Protocol is available on GitHub. The server code is open source. The cryptographic design has been peer-reviewed by researchers at institutions like Oxford and MIT. This is how security software should be built — in the open, subject to scrutiny, with no proprietary black boxes hiding data collection.
The Infrastructure Challenge#
Of course, explosive growth brings engineering challenges. Signal experienced outages on January 15th as their infrastructure struggled to keep up with demand. For a small nonprofit going up against a platform with billions of users and Facebook’s engineering might, this is the real test.
I’ve seen this pattern before in open-source projects that suddenly find mainstream adoption. The technology is often solid, but the operational side — scaling databases, provisioning servers, handling registration flows at 100x the normal rate — that’s where things get difficult. Signal uses a relatively straightforward server architecture, but no system is designed to handle this kind of growth overnight.
The good news is that Signal has some notable backers, including a $50 million loan from Brian Acton (WhatsApp’s co-founder, who left Facebook over — you guessed it — privacy disagreements). They’ve also been steadily improving their feature set, adding group calling, desktop support, and the kind of quality-of-life features that everyday users expect.
The Bigger Picture for Privacy-First Software#
What’s happening with Signal represents something I’ve been hoping to see for years: mainstream users making active choices about privacy, not because of abstract principles, but because a specific company action crossed a line they could understand. “Share your data with Facebook or lose your messaging app” is a proposition clear enough to motivate action.
This matters for the broader software ecosystem. For too long, the assumption has been that users will tolerate any privacy trade-off in exchange for free services. The WhatsApp backlash suggests there’s a limit — and it creates space for privacy-respecting alternatives to gain traction in other categories too.
My Take#
I switched to Signal years ago for sensitive conversations, and I’ve been gradually moving more of my communication there. What gives me optimism about this moment isn’t just the download numbers — it’s that people are actually having conversations about metadata, data sharing, and the real cost of “free” services. That’s a level of privacy literacy we badly need.
The real question is whether this translates into lasting change or whether it’s a momentary panic that fades once WhatsApp tweaks its messaging. History suggests most users eventually shrug and accept the new terms. But even if Signal retains only a fraction of its new users, it will have grown its base enormously — and proven that there’s genuine market demand for privacy-first communication tools.
If you haven’t tried Signal yet, now’s a good time. And if you’re building software, take note: users are paying attention to your privacy practices. That’s a trend I hope sticks around.