set:// 𓁣 🏴 probably's avatar
set:// 𓁣 🏴 probably setto@basspistol.org 1 month ago
I have good faith in the #grapheneOS devs, and I truly hope the grapheneOS team is considering the possibility of a zeroday: When the mass media goes all the way and beyond to make sure every gangster in the world knows that police is "powerless to this thing freely available to anyone with the right consumer device", something isn't right. The fact that the article is almost verbatim the same as the ones they published for #encrochat, which turned out to be a honeypot, is disconcerting.
Final's avatar Final
We at #GrapheneOS were contacted by a journalist at Le Parisien newspaper with this prompt: > I am preparing an article on the use of your secure personal data phone solution by drug traffickers and other criminals. Have you ever been contacted by the police? Are you aware that some of your clients might be criminals? And how does the company manage this issue? Absolutely no further details were provided about what was being claimed, who was making it or the basis for those being made about it. We could only provide a very generic response to this. Our response was heavily cut down and the references to human rights organizations, large tech companies and others using GrapheneOS weren't included. Our response was in English was translated by them: "we have no clients or customers" was turned into "nous n’avons ni clients ni usagers", etc... GrapheneOS is a freely available open source privacy project. It's obtained from our website, not shady dealers in dark alleys and the "dark web". It doesn't have a marketing budget and we certainly aren't promoting it through unlisted YouTube channels and the other nonsense that's being claimed. GrapheneOS has no such thing as the fake Snapchat feature that's described. What they're describing appears to be forks of GrapheneOS by shady companies infringing on our trademark. Those products may not even be truly based on GrapheneOS, similar to how ANOM used parts of it to pass it off as such. France is an increasingly authoritarian country on the brink of it getting far worse. They're already very strong supporters of EU Chat Control. Their fascist law enforcement is clearly ahead of the game pushing outrageous false claims about open source privacy projects. None of it is substantiated. iodéOS and /e/OS are based in France. iodéOS and /e/OS make devices dramatically more vulnerable while misleading users about privacy and security. These fake privacy products serve the interest of authoritarians rather than protecting people. /e/OS receives millions of euros in government funding. Those lag many months to years behind on providing standard Android privacy and security patches. They heavily encourage users to use devices without working disk encryption and important security protections. Their users have their data up for grabs by apps, services and governments who want it. There's a reason they're going after a legitimate privacy and security project developed outside of their jurisdiction rather than 2 companies based in France within their reach profiting from selling 'privacy' products. https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private Here's that article: https://archive.is/AhMsj
View quoted note →

Replies (3)

Final's avatar
Final final@stacker.news 1 month ago
Encrochat and their ilk explicitly marketed towards criminals and sold products to them. That's why they fell the way they did. We do neither. They operated a messaging service knowing what users were up to and continued to provide them service. We don't provide a messaging service and any person who makes themselves known to be involved in universally illegal activities is banned on our public support platforms without any form of appeal. ANOM was a genuine honey pot from the beginning but the key indicators were there from the start. It had no public facing team, a non profit, no open source code. GrapheneOS has all of these. You'll also find this is the exact same for SkyECC, Matrix (not the open source chat project) and more. They often also steal the work of other projects and people or bundle the software of others unauthorized. ANOM took parts of GrapheneOS open source code, which, given the nature of open source, is something impossible to control. The people behind EncroChat were not at all experts in security. They designed their service to be entirely dependent on their servers / infrastructure. Their goal was to make money off of paranoid crooks who knew even less about technology, NOT to protect at risk individuals. We have been attacked by people previously affiliated with EncroChat and other devices before and called them out on social media. They hate us because they can't scam innocent people believing they are protected with exorbitant price tags that they then use the money to fund illicit activities with. Major example of GrapheneOS actually preventing a crime. GrapheneOS only uses the minimum amount of data required to download an update (the device model and update stream) and updates must be verified as being signed by the GrapheneOS team from the device, which is signed by keys not available to the servers. Any malicious update would be rejected and any fresh first install that was malicious would be obvious.
2 replies ↓
set:// 𓁣 🏴 probably's avatar
set:// 𓁣 🏴 probably setto@basspistol.org 1 month ago
Yes, I am not comparing you to encrochat by any means or measures. It's just the way the mass media is promoting you as a silver bullet to the criminals that makes me wonder what is off. Typically, they would rather never mention you at all. Hence my suspicion they might have a zero day at hand.
lifeisjustreplication's avatar
lifeisjustreplication 1 month ago
GrapheneOS looks like a very valuable project. But this text makes it sound as if you can trust a phone with GrapheneOS installed if only the keys/signatures were verified on boot. Seems naive to me to trust a hardware device with probably hundreds of opaque blobs even when it has the best open-source OS installed.