The GrapheneOS developers are giving me concerns about the future of GrapheneOS
from 12plus1plus12@midwest.social to privacy@lemmy.ml on 25 Nov 00:40
https://midwest.social/post/39320422
from 12plus1plus12@midwest.social to privacy@lemmy.ml on 25 Nov 00:40
https://midwest.social/post/39320422
The drama and accusations the GrapheneOS developers are spewing and engaging in are giving me a bad taste in the mouth and make me doubt the OS’s reliability am I the only one?
threaded - newest
Unless there’s drama in my updates I don’t particularly care too much about drama.
The drama can be so minor too
“How can he run our department when his favorite color is INDIGO!? I can’t BELIEVE that guy!”
Such drama has been going on for years. I wouldn’t read too much into it.
I would prefer my privacy software to be developed by people like this, rather than people who are calm and flexible
Its all fine until their approach of privacy or security differs with what’s best for the project, then there’s no reasoning with them to fix it because they’re not calm and flexible. Then ya gotta fork it and get everyone to transition to the new fork, and get developers back onboard, etc.
A crazy, but pointed example of something like this could be: the dude could just claim grapheneos going forward will not have networking anymore because thats an attack vector, and at that point the project doesn’t even suite anyone’s needs to be used as a smartphone anymore. How are you gonna reason with someone like this that, while keeping networking in the project is an attack vector, its necessary to be able to use the project for it’s intended use case? You probably aren’t
Not sure why this completly made up hypothetical scenario has so many upvotes. There is litteraly no evidence of this happening.
Even the opposite is the case, just recently with the preview releases which are opt-in.
The guy being paranoid asshole is passable, what I thought a really shit move is calling the community to create alt accs to harass people from other projects and saying he will ban anyone that complains. The Rossmann video is quite shocking, you see the dev’s complete disassociation with reality… yeah the code is open, but how many people outside the project are really auditing it? Even people inside the project, are they auditing each others’ work? If the guy doesn’t get treatment, how long until he decides his own userbase is after him?
admittedly i’m not up to date on all the drama, but i thought that graphene saw themselves as victims of alt attacks?
So yeah, it seems like he accuses everyone of persecuting and harassing him, but in those videos there are several examples of what he considers persecuting and harassing. Both channels were highly supportive of the project and actively promoted it, but because they would also promote other projects and do benchmark tests, they were “spreading misinformation”, “being biased”, “campaigning against him” and so on. And in the second video he accused the guy of campaigning against him just for saying “This is informative, and unfortunate” about the first video lol. So him being a “victim” is just his lack of proper medication, because anyone who asked him about such attacks, if he had prints or so, was also accused of attacking him lol
youtu.be/Dx7CZ-2Bajg
youtu.be/4To-F6W1NT0
Undoubtly GrapheneOS is the best project out there, so yeah, this is unfortunate.
OR, France is an evil, genocidal, ethnostate full of pedophiles, so we should maybe apply our Israel-tinted glasses and presume France to be the villain until we have concrete proof otherwise rather than blaming the victim.
None of the content above has anything to do with France - but he did take the opportunity to claim two other projects based on France are persecuting him as well, so he kinda has a pattern. As I commented to some other user in the other post, it’s The Boy Who Cried Wolf problem - those two videos are full of documentation of his modus operandi.
He is literally claiming that the French police and state are behind this campaign against Graphene, and I believe him knowing how the French are, but believe what you want…
Again, those videos aren’t about this French stuff, but about him claiming every other Android project is after him and that everyone who asks too much about his project is after him. The first video is from 2021 and the other from 2023. No relation to him claiming the French government is after him now.
Then why present this as recent concern about the project if it’s a personality trait going back years and unrelated to the French smear campaign I suspect you are financed by?
What’s the “French smear campaign”? Where do I get paid to participate?
So far all I’ve seen is a single newspaper making an article about how criminals like GrapheneOS, a clickbait even Linus used on his channel - you know what, I suspect Linus is being financed by the French as well!
As for why: Those videos show how the “drama and accusations” work. The Boy Who Called Wolf.
If France is becoming hostile to privacy though, great that he is moving out, GrapheneOS is still by far the best mobile project for privacy. It would probably benefit greatly if its main dev didn’t spend so much time on social media.
Sure, it would also benefit it if the French state weren’t going after a civilian project… I will grant it’s a lot, but how would YOU react to a G7 member state going after you with a smear campaign?
I don’t think that one cop that one journalist interviewed is a representative of a G7 country, I actually believe he is representing the whole NATO! Run Daniel! Run!
Sure sure first it was the CalyxOS guys, then youtubers and now the French Government. Lets say it is true I don’t believe him cause he’s a crazy asshole.
Guys an asshole and has always been one.
.
Strange, I put the same link in one of my comments and a mod removed it.
Not sure why you write all that without mentioning that he stepped down as the project head after this.
if it’s not the same guy running the acc then my bad.
Sry I dont know, i think it is the same guy? i just mean they stepped down as the project lead in 2023, and are now a director discuss.privacyguides.net/t/…/12677
Yes, the minority is harassing the majority. Hmm, very logical.
Very documented.
edit: removing the rest of the message because it was a misunderstanding.
@PiraHxCx @JamesBoeing737MAX
Pls link the x post you mentioned before wrongly referencing me as a Gos fake account
Sorry, as the acc had no previous interaction with anything but that post I assumed it was a disposable acc. The screenshot of that comment is in the very same article, but you can also check it here nitter.net/GrapheneOS/status/1991610031478042948#… (nitter frontend link)
@PiraHxCx
I didn't know they made such claim. I don't think there's any evidence indicating eOS has French government backdoors.
Sorry again about referencing you as a fake acc, there is a screenshot I’m hunting now about a call to users to create disposable accs to respond to social media posts that will give a better context for my assumption, but I removed the whole content of that previous post anyway.
The source code’s just as transparent, and the fundamental concepts and implementations aren’t going to vanish at all. If we get a future CarbonOS, so be it, but I doubt that will be in any near future scenario.
Why is it transparent? Cause its open source. Yes there has never been anything a bug or backdoor in open source code before ever.
Bing transparent is not the same thing as being secure. The difference is that closed source code can be audited by no one except its’ developers, and open source code can be audited by anyone.
I’ve accepted for a while that the lead developer is extremely paranoid and could probably genuinely do with healthcare intervention. Like in much open source development I think it isn’t helped by overwork and burnout, so I hope that at some point Graphene gets a better governance structure which spreads responsibility and which hopefully will limit the incessant drama that only harms the project. I don’t see him being willing to give up his grip, but I can always hope.
I’ll continue to use Graphene unless things go entirely off the rails though, as it is a great OS and I don’t really think there are many great alternatives.
but he isnt the lead developer he stepped down 2023 and is a director
discuss.privacyguides.net/t/…/12677
Thanks for pointing that out, looks like I’m a bit behind the times when it comes to the inner goings on at GOS!
It mainly makes me pine for linux phones. I think Graphene is the best we have at the moment in the mobile space, but that’s far more of a testament to our lack of options than how valuable Graphene is. I have no doubts that we’ll eventually kick Graphene to the curb when it stops being useful, so I’m not overly concerned with its future. Worst-case, I think many of us would be just fine on any other AOSP rom for a few extra years until linux phones can come save us all.
I could be wrong, but I think Linux would be horrible for the kind of security you’d want in a smartphone. At least that’s what I read from the GrapheneOS folks…
As far as I’m aware this is true (same with a lot of desktop linux distros), but I’m more interested in freeing myself from Android at the moment. I’m sure we can get there eventually w/r/t security, but it takes time, and we’ll never get there if we don’t start moving.
Depends on what your threat model is. Sure a fully locked down mobile OS is more secure, but I also care about freedom and privacy. It’s not all black and white.
I see what you did there.
some of it is kind of inevitable when you see how far ahead from everyone else they are technically and when people shitting on their work just aren’t at their (technical) level it seems to be very draining. and eventually lead to dramas.
Not as bad a taste as the French government is giving me.
If its do I trust GOS or a confirmed pro chat control governments side of the story, its an easy choice.
There are many more sides than those 2. GOS is screaming about a new “harrassment” campaign every week.
Knowing nothing of the situations details, when you’re a thorn in the side of the most powerful interests on the planet,it seems reasonable that a small group would face deliberate, concentrated pressure from business to legal and the state and any other mechanism. That’s generally what power does, assuming the little guy isn’t subsumed.
What is the evidence of foul play by GOS, or why would they not have a pretty extreme bias of support?
I think everyone would love some evidence here, but so far it was one journalist from one newspaper talking to one cop that said criminals are using GrapheneOS because it destroys evidence. Afaik Daniel didn’t post any notification, inquiry or general communication he received from any government official or agency…
I’m not referring to any of those “mechanisms”, I’m referring to basically the entirety of the privacy/security/sovereign communities. They disparage other Android “privacy” platforms and communities on a regular basis, then claim to be victims of “targeted attacks” from those communities. Louis Rossman and Techlore are also 2 people who have also been accused of “harassment” without evidence. Just for starters.
I am visiting the forum daily for like a year now, and this is just a made up lie.
Who said anything about a forum?
where is the screaming happening then, if you dont even see it in the offical forum
Look at their social accounts. Half their posts are complaining about some sort of “harrassment”. They claim their branding was being used to sell these devices without any evidence. They claim this is a “state-sponsored attack” without any evidence.
Their past dramas are irrelevant to this issue.
Giving into a straw man argument such as their other dramas somehow devalue what’s going on now, only plays into the French propaganda campaign.
They’re not irrelevant, they’re both symptoms of the same problem. The Developer Who Cried Wolf.
Who benefits?
Who benefits from sowing a narrative around “drama”, “accusation”, and/or “paranoia”. Seriously.
I think given the following circumspect; GrapheneOS’s reaction, to move project pieces out of potential hostile environments/jurisdiction, is perfectly reasonable.
1) France’s Support for EU “Chat Control”, scanning proposals. France has been one of the governments most supportive of EU‑level proposals that would require scanning of communications and devices for illegal content.
2) The general French framing and approach to cybercrime. As in other EU countries, French authorities are pushing for: Expanded powers to compel cooperation from service providers, and developers. Strong rhetoric against tools that are seen as systematically obstructing investigations.
.
The main GrapheneOS dev creates beef with a bunch of other projects. It’s not some shadowy organisation, it’s him having stupid takes in GitHub issues and spreading false claims about other projects.
While I do find GOS drama a bit annoying, they aren’t wrong about the lacking security of many AOSP forks. iode and /e/OS have a history late patches for security vulnerabilities in both the OS (web.archive.org/web/…/patch_history) and for the forked apps they bundle with it. Each Android monthly and Chromium patches usually contains dozens High Risk CVEs, so taking a month or 2 is unacceptable. Neither are good for privacy or security.
See a comparison between some Android ROMs here, especially noting the update speed section: eylenburg.github.io/android_comparison.htm
I understand security implications but I’ll be getting Fairphone 6 with /e/OS over Pixel with GrapheneOS. For me FOSS ranks higher than HW security features, and buying Google device goes against FOSS principles.
Buying a used Pixel lets you use the hardware without funding Google.
*Directly funding Google. You are certainly participating in a secondary market for their product you purchase used.
Has fairphone 6 foss firmware? and foss drivers?
No, there is no modern smartphone like that, yet AFAIK.
sry but which parts are then FOSS about it, compared to pixel?
or do you just mean google itself? (which i would understand i guess)
Google itself. GrapheneOS bridgea the gap but still…
Not being familiar with the controveries referenced in this thread…
All of this reminds me very much of OpenBSD and Theo de Radt (?) back in the 98-02 era.
OpenBSD is certainly not the most popular *nix today, but it’s probably the most secure.
i might just fork grapheneos and rewrite everything.
GrapheneOS has always had a massive PR problem and crazy leadership unfortunately.
Unlike say Google? Why is there an expectation that a group working completely against some of the most powerful actors on the planet, openly, against the grain of mainstream society often and having to bear that responsibility would be charming, at ease?
I cannot even begin to imagine the mental stress from constantly having to think ahead, in a global David and Goliath, in a maze designed to get you to give up. I probably have half the issues the GOS team does and I can’t claim it’s for doing anything on the scale of what they are.
You are mistaking what I am saying. I have nothing against the project as whole and the mission is fantastic.
They just have zero PR skills, don't know when to keep their mouth shut or how to communicate properly when they need to. A little bit of consultation would go a long way for them. Obviously I am not expecting Google levels of PR/marketing, but it's not great to see just ranting Discord/matrix messages. If it wasn't an issue, these posts wouldn't exist at all.
You’re not the only one. It’s one of my biggest reasons for staying away from it
What do you use instead?
LineageOS with microg
I don’t care about the community, I just care about the experience of using it.
In my opinion both the evident ego of of the project lead as well as his naivety (tethering the project to Google) are huge red flags despite any assumed technical superiority.
They’re literally working with a manufacturer to make non-google phones. Tethered to google is a wild mischaracterization.
No it’s not. This is a recent development that has not yet actually come to fruition. It may exist in 2026.
Before that GrapheneOS dismissed any idea of targeting other phones than the ones build by one of the most anti-privacy companies on earth, that seeks to consolidate control of Android.
This isn’t true, they’ve supported other devices in the past. They’ve been Pixel-focused for the security features that other manufacturers haven’t offered
Yes, before Google made phone on it’s own they supported some Nexus devices (google-partnered) and the Samsung Galaxy S4.
Litteraly saya on the website the requirements that a phone has to meet. Go make the phone that meets them instead of only complaining.
I don’t need a phone, GrapheneOS needs one now that Google is trying to force them out. I wonder if their new phone will actually meet all the requirements, if it comes out.
As for complaining, GrapheneOS is the one bitching about other Android versions existing since forever. Now, they 've started making unsubstantiated claims of them attacking them somehow.
I think if it does not meet the requierments then they wont support new phones at all, but who knows
GrapheneOs is calling them out for their lack of security. Like this one: …grapheneos.org/…/24134-devices-lacking-standard-…
i think this is a good thing, users should be aware of it. And they should fix it.
I wish someone would find flaws in grapheneOs, and complain so thex can fix it too. Instead of complaining about the personality of one of the directors.
No GrapheneOS is not just calling them out on lack of security.
<img alt="" src="https://sh.itjust.works/pictrs/image/7f83b0d5-5019-49db-9fa2-4bd5057c03c6.png">
It’s apparently from their discord, so it took me a while to find it again.
It’s not about the personality of it’s directors, it’s about it’s effect on the (alternative) Android ecosystem as a whole, which is not just about security but also privacy and user control.
Even with regards to security, their choice of limiting devices apparently makes their users targets for extra scrutiny and harassment. That does have actual implications for people whose threat model includes authorities unless they already are guaranteed to be targets.
thank you, i think i saw that somwhere before. is it really true that the haressment is made up? like i honestly dont know
and does it really has an impact on the eco system? i never really thought abou it…
but i think it is also for privacy top. user control not tho
And i guess fair point that this is a security flaw considering the phone users beeing targeted… But like i still kinda think hardware backed security is important and also very crucial is, that the more devices they supporty the less recourses they have… I think considering how long it is since pixel 10 released and it is still not supported, would make me guess that they dont have like any free time really to do it at all ^^
and like there are also no relevant projects i think that fork it to other devices, so i dont know, i mean somebody could start doing that but i guess that shows how hard it is to do
The one making the claims should provide the evidence.
Yes, it pushes for a Google monopoly in hardware, it creates a false narrative that there is no difference in privacy and/or security between alternative Android versions and ones by vendors. This further entrenches Google’s control of Android as it limits the options for Android users.
I do believe Google has taken decisions that forced them to look for a new OEM, I am not sure if does affect the Pixel 10.
They chose Google because they are the only major OEM to allow you to relock the bootloader after installing a custom ROM. Samsung, Motarola, Huawei, Xiaomi etc all don’t.
In addition to this, they are working with an OEM to produce their own Graphene phones. It sounds like they’ve made significant progress on that front so I’m hopeful.
Pretty sure calyx relocks the bootloader on moto phones.
.
Two things can simultaneously be true, Daniel can be an individual who engages in very problematic behaviours and GrapheneOS can still be the most-secure and reliable OS out there.
Basically this. The project head might be a bit too paranoid, bellicose and problematic, but at this time a phone with GrapheneOS seems to be by far the safest way to have a smartphone, and the project head’s personality might be a part on this as their stated objective is to be able to resist state-level actors, you likely need someone who’s more than a bit “out there” to have the right mind for this
Can we get a tldr of the “problematic behaviours”?
As a casual who bought a pixel 9 specifically for Graphene, I not too embedded in the culture/dramas, and surely many others reading here are similarly unfamiliar
His «problematic behaviour» is simply callingäoutäthings for what they are, with no soft wording.
.
The main reason why I decided not to use it, despite it being an obvious choice. But I’m also that kind of old dude that is not very receptive to drama… this may explain ;)
They’re being threatened by the entire French government. Its not drama. This is a very real situation.
All secured OSes and messaging systems are threatened by European governments / EU institutions at the moment, and the French government has been doing so for a few years.
This is not a grapheneOS only issue and it is not new.
I don’t think it’s in any way limited to the EU lol
Being French, I am not knowledgeable enough beyond Europe 😁.
For context, Germany recently did a last minute blockage of a European move towards mass surveillance of messaging (called chat control), and a v2 is already being prepared for another attack on privacy at European level.
We are living in interesting times.
Too be fair (not French but aware of their culture and government) the French are pretty smart, for people and don’t fuck around with serious issues. I bet you if they got access, it wouldn’t be long till issue a long warning before a ban if it were to cause harm to others.
Its nutjobs like them that are pushing progress further. State security apparatus doesn’t want to work by law. That can be observed worldwide.
French went after Telegram even though it doesn’t market itself primarily for security. It was just that some public channels went against their strategic objectives and they felt the need to bruteforce their way.
So GrapheneOS is very right to be nervous and pack their bags before they come knocking at the door.
They literally said that French police are being told to treat Pixel phones as suspicious, which if true, shows why they’re concerned.
Having a secure phone / secure messaging has been seen as suspicious by the police in france for several years now.
This has already been used against eco activists to detain them preemptively and a few times to increase charges towards terrorism / organized crime when possible.
Could you like, post what you are talking about to give some context?
-> make most secure os in the world
-> call others out for not keeping up with the security updates like e/os
-> french goverment decides to make security illegal and specifically targets graphene
-> e/os fanboys keep shitting on graphene
“This guy is way too dramatic”
yall the reason we cant have anything good.
Exactly. The lead dev can come across as frustrated or confrontational on his social media posts but really the amount of noobs criticising Graphene for nonsense reasons or repeatedly bringing up other ‘secure’ OSes to him that he’s already thoroughly debunked again and again like e/OS would drive me insane
Honesty, I think graphene is a honeypot. Glowies usually dont moan that much when they can’t break into things Edit:typo
I wouldn’t trust a sane person to do a ultra private phone OS.
You need the paranoia, you need to see the shadows move to do it right.
I also feel concerned about GrapheneOS. Here’s why.
I got banned from the GrapheneOS Matrix chat simply for asking a question, it was worded similar to this:
“Hey there! GrapheneOS is cool. I noticed CalyxOS added support for eSIM, are you planning to add that as well?”
The post got deleted, I thought I had not sent it and posted it again. It was deleted again. I asked something along the lines of “Wait, where has my question regading eSIM support and doing the same as CalyxOS gone? Seems to have disappeared, lol”.
THAT was also deleted.
Then I posted something along the lines of “Huh, my questions seem to be disappearing”.
That was NOT deleted.
Then I asked something like “Anyway, are there plans to add eSIM support just like CalyxOS? :)”.
That was ALSO deleted.
I got a private message from a mod saying I was banned.
That was alle the interaction I ever had with the GrapheneOS project. I might have started contributing, but I could not even ask a simple question. It seems that they don’t like it if you mention any other custom ROM, I guess.
(This has been a while ago, so I don’t remember my precise wording)
Which channel on Matrix ? They seems to have many ones so mods in general if questions get asked in wrong channels ban which is weird I would expect them to reply that go to #relevant room and ask there
I’m pretty sure it was a general GrapheneOS room, but as said it’s been a while, so idk.
At least asking the question did not seem wrong.
It seems you were rightfully banned.
GOS is a great project. This is a FUD campaign.