The drama and accusations the GrapheneOS developers are spewing and engaging in are giving me a bad taste in the mouth and make me doubt the OS’s reliability am I the only one?
Could you post what you are talking about to give some context?
GOS is a great project. This is a FUD campaign.
I don’t care about the community, I just care about the experience of using it.
GrapheneOS has always had a massive PR problem and crazy leadership unfortunately.
Unlike say Google? Why is there an expectation that a group working completely against some of the most powerful actors on the planet, openly, against the grain of mainstream society often and having to bear that responsibility would be charming, at ease?
I cannot even begin to imagine the mental stress from constantly having to think ahead, in a global David and Goliath, in a maze designed to get you to give up. I probably have half the issues the GOS team does and I can’t claim it’s for doing anything on the scale of what they are.
You are mistaking what I am saying. I have nothing against the project as whole and the mission is fantastic.
They just have zero PR skills, don’t know when to keep their mouth shut or how to communicate properly when they need to. A little bit of consultation would go a long way for them. Obviously I am not expecting Google levels of PR/marketing, but it’s not great to see just ranting Discord messages. If it wasn’t an issue, these posts wouldn’t exist at all, the main dev is psycho.
The source code’s just as transparent, and the fundamental concepts and implementations aren’t going to vanish at all. If we get a future CarbonOS, so be it, but I doubt that will be in any near future scenario.
Why is it transparent? Cause its open source. Yes there has never been anything a bug or backdoor in open source code before ever.
Bing transparent is not the same thing as being secure. The difference is that closed source code can be audited by no one except its’ developers, and open source code can be audited by anyone.
It mainly makes me pine for linux phones. I think Graphene is the best we have at the moment in the mobile space, but that’s far more of a testament to our lack of options than how valuable Graphene is. I have no doubts that we’ll eventually kick Graphene to the curb when it stops being useful, so I’m not overly concerned with its future. Worst-case, I think many of us would be just fine on any other AOSP rom for a few extra years until linux phones can come save us all.
pine for linux phones
I see what you did there.
I could be wrong, but I think Linux would be horrible for the kind of security you’d want in a smartphone. At least that’s what I read from the GrapheneOS folks…
Depends on what your threat model is. Sure a fully locked down mobile OS is more secure, but I also care about freedom and privacy. It’s not all black and white.
As far as I’m aware this is true (same with a lot of desktop linux distros), but I’m more interested in freeing myself from Android at the moment. I’m sure we can get there eventually w/r/t security, but it takes time, and we’ll never get there if we don’t start moving.
In my opinion both the evident ego of of the project lead as well as his naivety (tethering the project to Google) are huge red flags despite any assumed technical superiority.
They chose Google because they are the only major OEM to allow you to relock the bootloader after installing a custom ROM. Samsung, Motarola, Huawei, Xiaomi etc all don’t.
In addition to this, they are working with an OEM to produce their own Graphene phones. It sounds like they’ve made significant progress on that front so I’m hopeful.
They’re literally working with a manufacturer to make non-google phones. Tethered to google is a wild mischaracterization.
No it’s not. This is a recent development that has not yet actually come to fruition. It may exist in 2026.
Before that GrapheneOS dismissed any idea of targeting other phones than the ones build by one of the most anti-privacy companies on earth, that seeks to consolidate control of Android.
This isn’t true, they’ve supported other devices in the past. They’ve been Pixel-focused for the security features that other manufacturers haven’t offered
Yes, before Google made phone on it’s own they supported some Nexus devices (google-partnered) and the Samsung Galaxy S4.
Before that GrapheneOS dismissed any idea of targeting other phones than the ones build by one of the most anti-privacy companies on earth, that seeks to consolidate control of Android.
Litteraly saya on the website the requirements that a phone has to meet. Go make the phone that meets them instead of only complaining.
I don’t need a phone, GrapheneOS needs one now that Google is trying to force them out. I wonder if their new phone will actually meet all the requirements, if it comes out.
As for complaining, GrapheneOS is the one bitching about other Android versions existing since forever. Now, they 've started making unsubstantiated claims of them attacking them somehow.
I think if it does not meet the requierments then they wont support new phones at all, but who knows
GrapheneOs is calling them out for their lack of security. Like this one: https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private
i think this is a good thing, users should be aware of it. And they should fix it.
I wish someone would find flaws in grapheneOs, and complain so thex can fix it too. Instead of complaining about the personality of one of the directors.
No GrapheneOS is not just calling them out on lack of security.
It’s apparently from their discord, so it took me a while to find it again.
It’s not about the personality of it’s directors, it’s about it’s effect on the (alternative) Android ecosystem as a whole, which is not just about security but also privacy and user control.
Even with regards to security, their choice of limiting devices apparently makes their users targets for extra scrutiny and harassment. That does have actual implications for people whose threat model includes authorities unless they already are guaranteed to be targets.
thank you, i think i saw that somwhere before. is it really true that the haressment is made up? like i honestly dont know
and does it really has an impact on the eco system? i never really thought abou it…
but i think it is also for privacy top. user control not tho
And i guess fair point that this is a security flaw considering the phone users beeing targeted… But like i still kinda think hardware backed security is important and also very crucial is, that the more devices they supporty the less recourses they have… I think considering how long it is since pixel 10 released and it is still not supported, would make me guess that they dont have like any free time really to do it at all ^^
and like there are also no relevant projects i think that fork it to other devices, so i dont know, i mean somebody could start doing that but i guess that shows how hard it is to do
it is not their fault that google makes the only smartphone with secure hardware that can be used nor that you are incapable of understanding that.
I would prefer my privacy software to be developed by people like this, rather than people who are calm and flexible
The guy being paranoid asshole is passable, what I thought a really shit move is calling the community to create alt accs to harass people from other projects and saying he will ban anyone that complains. The Rossmann video is quite shocking, you see the dev’s complete disassociation with reality… yeah the code is open, but how many people outside the project are really auditing it? Even people inside the project, are they auditing each others’ work? If the guy doesn’t get treatment, how long until he decides his own userbase is after him?
admittedly i’m not up to date on all the drama, but i thought that graphene saw themselves as victims of alt attacks?
tbh i doubt this level of toxicity between projects which should be in harmony is entirely organic ifyknowwatimean
So yeah, it seems like he accuses everyone of persecuting and harassing him, but in those videos there are several examples of what he considers persecuting and harassing. Both channels were highly supportive of the project and actively promoted it, but because they would also promote other projects and do benchmark tests, they were “spreading misinformation”, “being biased”, “campaigning against him” and so on. And in the second video he accused the guy of campaigning against him just for saying “This is informative, and unfortunate” about the first video lol. So him being a “victim” is just his lack of proper medication, because anyone who asked him about such attacks, if he had prints or so, was also accused of attacking him lol
https://youtu.be/Dx7CZ-2Bajg
https://youtu.be/4To-F6W1NT0Undoubtly GrapheneOS is the best project out there, so yeah, this is unfortunate.
Not sure why you write all that without mentioning that he stepped down as the project head after this.
if it’s not the same guy running the acc then my bad.
Sry I dont know, i think it is the same guy? i just mean they stepped down as the project lead in 2023, and are now a director https://discuss.privacyguides.net/t/daniel-micay-publicly-steps-down-as-project-leader-of-grapheneos/12677
OR, France is an evil, genocidal, ethnostate full of pedophiles, so we should maybe apply our Israel-tinted glasses and presume France to be the villain until we have concrete proof otherwise rather than blaming the victim.
Guys an asshole and has always been one.
None of the content above has anything to do with France - but he did take the opportunity to claim two other projects based on France are persecuting him as well, so he kinda has a pattern. As I commented to some other user in the other post, it’s The Boy Who Cried Wolf problem - those two videos are full of documentation of his modus operandi.
He is literally claiming that the French police and state are behind this campaign against Graphene, and I believe him knowing how the French are, but believe what you want…
Sure sure first it was the CalyxOS guys, then youtubers and now the French Government. Lets say it is true I don’t believe him cause he’s a crazy asshole.
Again, those videos aren’t about this French stuff, but about him claiming every other Android project is after him and that everyone who asks too much about his project is after him. The first video is from 2021 and the other from 2023. No relation to him claiming the French government is after him now.
Yes, the minority is harassing the majority. Hmm, very logical.
Very documented.
Just the other day when GOS publicly said on X “It’s very possible Murena and/or iodé are involved” in the supposed French police/government harassment (so far this whole “government sponsored campaign” was one journalist from one private newspaper that contact them after talking to one cop and made one article saying criminals like GOS and police don’t), the guy from Murena posted on Mastodon “I’d like to state very clearly that Murena and e Foundation are not related in case to this ridiculous and pseudo-drama. What we seek is to totally ignore these guys, and have nothing to do with them. And again, and again, despite what they are repeating, we are NOT competitors, as we are not in the hardened-security market spaces.”, then a GOS fake account showed up saying “very funny to quote from a report filled with misinformation without checking and use it as an excuse to attack GrapheneOs. GrapheneOS never said Murena and iode are associated with French government” BUT they LITERALLY said “It’s very possible Murena and/or iodé are involved” and now are pretending the accusation is misinformation lol https://mastodon.social/@deacon3484@infosec.exchange/115609244656660344
Also it seem that whenever you directly quote or take a screenshot of what they are saying, you are lying and spreading misinformation, they can’t take responsibility for anything, it’s quite sad and childish.@PiraHxCx @JamesBoeing737MAX
Pls link the x post you mentioned before wrongly referencing me as a Gos fake accountSorry, as the acc had no previous interaction with anything but that post I assumed it was a disposable acc. The screenshot of that comment is in the very same article, but you can also check it here https://nitter.net/GrapheneOS/status/1991610031478042948#m (nitter frontend link)
@PiraHxCx
I didn’t know they made such claim. I don’t think there’s any evidence indicating eOS has French government backdoors.
Its all fine until their approach of privacy or security differs with what’s best for the project, then there’s no reasoning with them to fix it because they’re not calm and flexible. Then ya gotta fork it and get everyone to transition to the new fork, and get developers back onboard, etc.
A crazy, but pointed example of something like this could be: the dude could just claim grapheneos going forward will not have networking anymore because thats an attack vector, and at that point the project doesn’t even suite anyone’s needs to be used as a smartphone anymore. How are you gonna reason with someone like this that, while keeping networking in the project is an attack vector, its necessary to be able to use the project for it’s intended use case? You probably aren’t
Not sure why this completly made up hypothetical scenario has so many upvotes. There is litteraly no evidence of this happening.
Even the opposite is the case, just recently with the preview releases which are opt-in.
I’ve accepted for a while that the lead developer is extremely paranoid and could probably genuinely do with healthcare intervention. Like in much open source development I think it isn’t helped by overwork and burnout, so I hope that at some point Graphene gets a better governance structure which spreads responsibility and which hopefully will limit the incessant drama that only harms the project. I don’t see him being willing to give up his grip, but I can always hope.
I’ll continue to use Graphene unless things go entirely off the rails though, as it is a great OS and I don’t really think there are many great alternatives.
but he isnt the lead developer he stepped down 2023 and is a director
Thanks for pointing that out, looks like I’m a bit behind the times when it comes to the inner goings on at GOS!
Who benefits?
Who benefits from sowing a narrative around “drama”, “accusation”, and/or “paranoia”. Seriously.
I think given the following circumspect; GrapheneOS’s reaction, to move project pieces out of potential hostile environments/jurisdiction, is perfectly reasonable.
-
France’s Support for EU “Chat Control”, scanning proposals. France has been one of the governments most supportive of EU‑level proposals that would require scanning of communications and devices for illegal content.
-
The general French framing and approach to cybercrime. As in other EU countries, French authorities are pushing for: Expanded powers to compel cooperation from service providers, and developers. Strong rhetoric against tools that are seen as systematically obstructing investigations.
Man, I am so totally with you, but the problem - and it’s ridiculous to say it’s not a problem - is the guy running GrapheneOS is apparently a socially backward drama whore. Louis Rossman is an amazing advocate, I don’t even pay that much attention to shit and I know him as one of my favorite people on YouTube because of his advocacy for right to repair. And this guy just pisses all over his face for the most minor perceived infraction. I have no problem imagining that something like GrapheneOS would face intense harassment from the state, but when you act like this dude does you completely lose all credibility. Everybody is just left wondering if maybe, just maybe, this is just your weird ass making shit up.
The main GrapheneOS dev creates beef with a bunch of other projects. It’s not some shadowy organisation, it’s him having stupid takes in GitHub issues and spreading false claims about other projects.
-
Two things can simultaneously be true, Daniel can be an individual who engages in very problematic behaviours and GrapheneOS can still be the most-secure and reliable OS out there.
Can we get a tldr of the “problematic behaviours”?
As a casual who bought a pixel 9 specifically for Graphene, I not too embedded in the culture/dramas, and surely many others reading here are similarly unfamiliar
His «problematic behaviour» is simply callingäoutäthings for what they are, with no soft wording.
Basically this. The project head might be a bit too paranoid, bellicose and problematic, but at this time a phone with GrapheneOS seems to be by far the safest way to have a smartphone, and the project head’s personality might be a part on this as their stated objective is to be able to resist state-level actors, you likely need someone who’s more than a bit “out there” to have the right mind for this
Not as bad a taste as the French government is giving me.
If its do I trust GOS or a confirmed pro chat control governments side of the story, its an easy choice.
There are many more sides than those 2. GOS is screaming about a new “harrassment” campaign every week.
I am visiting the forum daily for like a year now, and this is just a made up lie.
Who said anything about a forum?
where is the screaming happening then, if you dont even see it in the offical forum
Look at their social accounts. Half their posts are complaining about some sort of “harrassment”. They claim their branding was being used to sell these devices without any evidence. They claim this is a “state-sponsored attack” without any evidence.
Knowing nothing of the situations details, when you’re a thorn in the side of the most powerful interests on the planet,it seems reasonable that a small group would face deliberate, concentrated pressure from business to legal and the state and any other mechanism. That’s generally what power does, assuming the little guy isn’t subsumed.
What is the evidence of foul play by GOS, or why would they not have a pretty extreme bias of support?
from business to legal and the state and any other mechanism.
I’m not referring to any of those “mechanisms”, I’m referring to basically the entirety of the privacy/security/sovereign communities. They disparage other Android “privacy” platforms and communities on a regular basis, then claim to be victims of “targeted attacks” from those communities. Louis Rossman and Techlore are also 2 people who have also been accused of “harassment” without evidence. Just for starters.
I think everyone would love some evidence here, but so far it was one journalist from one newspaper talking to one cop that said criminals are using GrapheneOS because it destroys evidence. Afaik Daniel didn’t post any notification, inquiry or general communication he received from any government official or agency…
Their past dramas are irrelevant to this issue.
Giving into a straw man argument such as their other dramas somehow devalue what’s going on now, only plays into the French propaganda campaign.
They’re not irrelevant, they’re both symptoms of the same problem. The Developer Who Cried Wolf.
While I do find GOS drama a boy annoying, they aren’t wrong about the lacking security of many AOSP forks. iode and /e/OS have a history late patches for security vulnerabilities in both the OS (https://web.archive.org/web/20241231003546/https://divestos.org/pages/patch_history) and for the forked apps they bundle with it. Each Android monthly and Chromium patches usually contains dozens High Risk CVEs, so taking a month or 2 is unacceptable. Neither are good for privacy or security.
See a comparison between some Android ROMs here, especially noting the update speed section: https://eylenburg.github.io/android_comparison.htm
I understand security implications but I’ll be getting Fairphone 6 with /e/OS over Pixel with GrapheneOS. For me FOSS ranks higher than HW security features, and buying Google device goes against FOSS principles.
Has fairphone 6 foss firmware? and foss drivers?
No, there is no modern smartphone like that, yet AFAIK.
sry but which parts are then FOSS about it, compared to pixel?
or do you just mean google itself? (which i would understand i guess)
Buying a used Pixel lets you use the hardware without funding Google.
*Directly funding Google. You are certainly participating in a secondary market for their product you purchase used.
Unless there’s drama in my updates I don’t particularly care too much about drama.
The drama can be so minor too
“How can he run our department when his favorite color is INDIGO!? I can’t BELIEVE that guy!”
some of it is kind of inevitable when you see how far ahead from everyone else they are technically and when people shitting on their work just aren’t at their (technical) level it seems to be very draining. and eventually lead to dramas.
