Read the whole thread
However, we don’t have a “hardened security” approach, we aren’t developing a phone for pedo(censored) so they can evade justice.
Anyone telling you the list isn’t graphene -> ios -> good custom android -> aosp-> google stock -> samsung stock is lying to you.
How is iOS - a proprietary OS owned by a big tech company - second in your list?
It can be made very good from a security and privacy perspective.
If you know you know I guess.
There’s good reason to suspect that it’s very terrible from its privacy and security perspective.
Do you think it’s possible for companies or individuals to not comply with court ordered surveillance and search warrants? That’s what prism is, nsa driven data collection ordered by the court system.
Further, on its own and absent any other evidence, the timeline of prism entry corroborates my statement that ios is second to graphene.
Apple is not a good company, there are no good companies. Apple is a company selling security and privacy amongst other things. You have to buy security and privacy because you can’t go out into the backyard, fell a phone tree, carefully choose the section with the strongest, straightest traces and shape it into an optimally private and secure device in the shed using your grandfathers antique phoneworking bench and strap driven phone lathe.
Do you think it’s possible for companies or individuals to not comply with court ordered surveillance and search warrants?
Companies can’t, no. That’s precisely my point. Hence your argument that iOS is more “secure” than any other bar Graphene is disingenuous. iOS is developed by a company which can be (and likely already has been) pressured into compromising its users on behalf of three-letter agencies. The NSA slides are strong evidence of that.
Large collectives of devs spread out all over the world, however, can withstand such pressures since they’re hard to get a hold of. The developers of OSs such as Graphene, Debian or Lineage could easily resist such attempts, simply because they’re not a legal entity incorporated inside a single jurisdiction.
You’re correct in saying that Apple is “selling” privacy and security (as in: marketing, pinky-promising). They may be selling that story, but I ain’t buying it.
Which flavor of Google surveillance would you consider a more private and secure phone platform than iOS?
It has some of the best exploit protection next to Graphene if you enable lockdown mode.
I thought Samsung stock was better because of Knox et all
better but than the rest of the unmentioned dogshit
Well, that’ll be another 100€ December donation to GrapheneOS.
Kind of shameful of /e/ to blatantly disregard user privacy like that. Is Graphene our last stand against Orwellian surveillance?
i honestly dont care much about privacy in the sense that i dont rlly need it to be provided by an OS, just give me max freedom and let me handle privacy myself. That being said I am on grapheneOS atm but still hoping for librephone to enable me to have an arch linux like phone experience that i can customize to hell
That would be really cool.
I can’t believes he’s intentionally anti-privacy. Occam’s razor suggests he’s instead a fucking idiot.
Yeah maybe. But whether it’s intentional or not, I would not want to use /e/os.
But also, from the linked thread:
Murena is a for-profit company owned by shareholders including Gaël Duval. /e/ has a non-profit organization which is also led by Gaël Duval. /e/ includes paid services from Murena. /e/ very clearly exists to build products for Murena to sell in order to enrich the shareholders.
Despite being done for profit, /e/ receives millions of euros in funding from the EU on an ongoing basis. /e/ and Murena use extraordinarily inaccurate marketing to not only promote their products/services but also to mislead people about GrapheneOS and scare them away from it.
From @grapheneos.org
Graphene made an OS only for Google phones. I can see what they mean here, but not sure they have room to talk regardless of the security circumstances.
It is shitty if there was a smear campaign against them though.
Oh agreed. I wouldn’t want to install an OS from a fucking idiot either.
(And I take your point that said idiot may also be a dishonest slime ball.)
To be fair I don’t know anyone that has ever used e/OS or considered it to be a serious project
Honestly, the fact that it is supported by default on the fairphone was quite appealing to me but this poor opinion from the CEO rubs me the wrong way
First they came for people I don’t like, I assume, and I said hell yeah, there’s no way that will ever be me. Over here, officer. Come for a few more kinds of people I don’t like. Nothing bad ever happened to the French!
Is he confusing privacy for security?
Who? Gaël Duval or GrapheneOS?
They’re two sides of the same coin. Can’t have privacy without security and can’t have security without privacy.
Looking at the post though he’s specifically talking about advanced security as a means of preserving privacy, security you’d need if (based on his model) targeted by a government (whether foreign or your local police forensics team). I don’t think his model is correct though because while extra hardened security is useful to protect privacy in such an instance, it’s also just best practice because it’s better to have too much security than not enough, just to keep your bank account secure at least.
They’re two sides of the same coin. Can’t have privacy without security and can’t have security without privacy.
Hmmm… I half agree with what you said. The corner stone of most security is an element of initial trust.
With SSL, we’re trusting that the certificate authority is valid.
With tools like GPG, I (as the sender) are trusting that the key I’m using to sign a message is really yours.
With Android we (the users) and the application developers are trusting Google (hence why “sideloading” is now “bad”, because Google says it is).
I absolutely agree that privacy cannot exist without security. But, your privacy is dependent on who your security model trusts.
I don’t trust Google with my privacy (hence, I degoogle) , but my bank app doesn’t trust my security (hence, the app can only be installed via Google Play).
So, privacy is dependent on security, but security is built on trust.
Another quote from the thread
Their marketing heavily focuses on avoiding Google and gives the impression they believe privacy means avoiding one company. Meanwhile, they add a bunch of Google services not present in the Android Open Source Project and give extensive privileged access to Google apps/services.
From @grapheneos.org
What priveledged access? I only found one call home from MicroG, and it was easily disabled.
Recently, France’s national law enforcement began fearmongering about GrapheneOS and smearing it with inaccurate claims. France’s corporate and state media heavily participated. Many articles and also radio/television coverage misrepresented GrapheneOS as being for criminals.
From @grapheneos.org
A fine endorsement.
It was already debunked. A single french tabloid (not true journal) featured why graphene was used by criminals. It’s not the government that was specifically targetting it by all means it had.
Lmao what a toxic piece of shit
Privacy is something everyone deserves, not something only criminals want
Please provide the video with the question included. This looks cut to fit the anti murena narrative that GrapheneOS has been screaming about for years. It’s the same tactic Republicans use against others: cutting only a bit that sounds bad when taken out of context.
Please provide the video with the question included. This looks cut to fit the anti murena narrative that GrapheneOS has been screaming about for years. It’s the same tactic Republicans use against others: cutting only a bit that sounds bad when taken out of context.
What about anarchyfucks
Yeah, no shit. Look at their OS and online services.
The full translation of the clip of Gaël Duval provided by GrapheneOS:
There’s the attack surface, on that front we’re not security specialists here, so I couldn’t answer you precisely, but from the discussions I’ve had, it seems that everything we do reduces attack surface.
However, we don’t have a “hardened security” approach, we aren’t developing a phone for pedo(censored) so they can evade justice. So there aren’t difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever.
That’s not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn’t be legal in real life with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone.
As a french speaker, I can attest that the translation is fairly accurate.
While I don’t agree with the characterisation Gaël Duval makes here, I believe the statement from GrapheneOS here:
Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies.
Is a bit disingenuous. It sounds like they do make some efforts to secure their device, but it’s not their main focus. Theirs is to improve privacy first and foremost.
I would take anything GrapheneOS devs says with a grain of salt, as we all know that they have quite an adversarial relationship with… well… everyone. But especially other OS makers.
It sounds like they do make some efforts to secure their device, but it’s not their main focus. Theirs is to improve privacy first and foremost.
I don’t have any issue with that: different OSes have different priorities and that’s okay. However, I feel like he’s basically saying that users of hardened secure devices are pedos, and I have a very big issue with that. I don’t know of maybe in French it doesn’t sound that way, but they English translation does for me.
That’s how it sounds. So, I’m a pedophile because I run GrapheneOS on my phone? I guess I better tell my wife, and my kids.
… and my kids
“Hey Kiddos! So I have some good news and some bad news…”
It fits into the whole philosophy. There are several posts ( Initial Kuketz, discussion on Kuketz critique, reminder/restart discussion, criticism on usage of OpenAI in /e/ and poor communication, same questions again with no or wrong answers) criticising /e/ for heavily ignoring privacy and security flaws and only one response post on this Duvals answer on OpenAI usage in which they clarify to see ‘emotional’ reactions and look for alternatives while still finding it acceptable and criticism is ‘FUD’ and ‘hurt of reputation’ instead of valid concern.
Additionaly the points postet by Kuketz are not addressed since today. Updates are a bit faster but still with weeks delay and still not including several parts of security updates (instead it’s the bare minimum).
I looked for several posts on social media and Duval always ignores the points and yells that all the people are only up to harass him. He also uses false arguments to convince (probably) himself of this ridiculous behaviour.
I started using /e/ in summer 2022 and was positive and hopeful because of the idea (long updates, privacy in mind, degoogled). But over the years learning that nearly all internal community and external expert criticism was ignored or marked as irrelevant or harassment when it’s not, my opinion changed and I’m no longer willing to talk or write about /e/ diplomatically as it is inappropriate.
