Mastodawn

Vishnu2jd Nov 24

Watchful Citizen

@GrapheneOS is being threatened by French authorities for refusing to add backdoors and they're dealing with coordinated attacks in French media right now. They're pulling out of France entirely, moving all their servers, and fighting off a wave of bullshit one-sided reporting that makes them look like they're helping criminals.

They need us to fight back. Support them however you can, whether that's a dollar, sharing their story, pushing back on the garbage news coverage when you see it, or just telling someone you know about what's happening. All of it matters because they're drowning in attacks from governments and media and bad actors who want them gone.

This is the only Android OS that actually makes me feel like privacy isn't just marketing. They fight for us now they need us to fight for them.

The EU is pushing Chat Control and creating an environment where governments feel empowered to threaten developers into compliance, and if we stay quiet we're letting it happen. Show up for them in whatever way you're able to.

#grapheneos #Privacy #NoBackdoors #encryption #security #chatControl

snowyfox Nov 24

.

@watchfulcitizen @GrapheneOS Don(at)e(d)!

Ejner Borgbjerg Nov 24

@watchfulcitizen @GrapheneOS What about stock Android - does Google provide backdoor for french authorities there?!

@watchfulcitizen @GrapheneOS France is hypocritical. They deal with Russia via radioactive waste and they fuck with freedom but they also want to be the hero.

Edited to remove an unintended slur.

Torf und Schnee Nov 24

@dbat @watchfulcitizen @GrapheneOS "They deal with Russia via radioactive waste" could you please specify what do you mean?

@torf @watchfulcitizen @GrapheneOS they still trade with Russia by sending nuclear waste. Recent story via Greenpeace.

@torf @watchfulcitizen @GrapheneOS If I am wrong, want to know and will edit op.

Torf und Schnee Nov 24

@dbat @watchfulcitizen @GrapheneOS thanks!

Billiglarper Nov 25

@dbat @torf @watchfulcitizen @GrapheneOS

Framatome also has a cooperation with Rosatom to produce nuclear fuel for European nuclear power plants. ANF in Lingen, Germany.

https://dont-nuke-the-climate.org/blog/cooperation-between-russia-s-rosatom-and-anf-must-be-halted

Cooperation between Russia’s Rosatom and ANF must be halted

Germany needs to keep Rosatom out of Lingen.

Tichodrome Colvert Nov 25

@dbat @watchfulcitizen @GrapheneOS Please don't use the word schizophrenic as anything other than a way to name the actual schizophrenia condition. Using mental condition terms as general pejoratives is never okay.

Edit: the message I replied to was rightfully edited.

@tichodrome_colvert I mean no insult. How should one describe by metaphor a country doing two opposing things?

Tichodrome Colvert Nov 25

@dbat Using mental conditions as metaphor for something negative is detrimental to people who actually have this condition, even if you dont mean insult. There's always a better word to use over them no matter the context. In your context the words hypocritical and self-righteous could have done the job perfectly.

@tichodrome_colvert thanks. I will edit the op. Go well.

foodeliminator Nov 24

@watchfulcitizen @GrapheneOS

No surprises here

Ondřej Profant Nov 24

@watchfulcitizen @GrapheneOS shame on France

Quincy ⁂Nov 24

@watchfulcitizen @GrapheneOS

OMG, this is appalling.

shadow_absorber Nov 24

@watchfulcitizen here is hoping that our fight against this kinda bad actors actually makes the bad actors change course

A Catalyst Nov 24

@watchfulcitizen @GrapheneOS me and the boys on our way to help Graphene in France.

Watchful Citizen Nov 24

@Catalyst_A @GrapheneOS the plain clothes lady looks extremely uncomfortable in that escalator😂

A Catalyst Nov 24

On another note, didn't the French government just get caught trying to assassinate an African leader?

@watchfulcitizen @GrapheneOS what about #iodeos @iode and #murena @gael @e_mydata? Both are projects based in France, right?

@watchfulcitizen @GrapheneOS Can you share the source for the alleged threats and the refusal to add backdoors?

GrapheneOS Nov 24

@corsac @watchfulcitizen They've made the threats in multiple places publicly including https://archive.is/UrlvK and other interviews. They sent out a memo to all French police telling them to suspect people with Google Pixel phones and to treat it as a special case. They're conflating closed source products marketed as being based on GrapheneOS with GrapheneOS and attributing what those sketchy companies do to us which they're using to justify taking actions they did against SkyECC/Encrochat.

Tichodrome Colvert Nov 25

@GrapheneOS @corsac @watchfulcitizen "They sent out a memo to all French police telling them to suspect people with Google Pixel phones and to treat it as a special case."

How close is GrapheneOS from being released on other devices? So that other phone brands can have it in order to make Pixel phones feel less exceptionally suspicious to authorities.

GrapheneOS Nov 25

@tichodrome_colvert @corsac @watchfulcitizen No other devices provide the required hardware-based security features and updates to provide a reasonable level of security. It would not be possible to successfully defend against commercial exploit tools to nearly the extent that we do on any other existing devices.

They can identify another OS is running on any device quite easily unless it's the official stock OS and therefore there isn't a verified boot notice.

GrapheneOS Nov 25

@tichodrome_colvert @corsac @watchfulcitizen It's also important to note that French law enforcement is clearly conflating many things which are not GrapheneOS with GrapheneOS. They're calling any closed source product using portions of our code GrapheneOS if it's marketed as being GrapheneOS. They're attributing what various apps do to GrapheneOS itself including device admin apps for providing wipe triggers which are in no way specific to GrapheneOS. Their claims are highly inaccurate.

Tichodrome Colvert Nov 25

@GrapheneOS @corsac @watchfulcitizen What do you mean by verified boot device? For reference, when I boot my Pixel 7 device on which I installed GrapheneOS, the first thing that appears is a message about an alternative OS to the stock OS being installed, before the Google then GrapheneOS logos. Maybe I don't understand it correctly, but from your message it sounds like the first message about a non-stock OS being used shouldn't appear.

[Edit: after doing some research the "Your device ils loading a different operating system" message seems normal.]

GrapheneOS Nov 25

@tichodrome_colvert @corsac @watchfulcitizen What we're saying is that it's easy for them to tell if a device runs another OS through the notice shown at boot for verified boot. If it's locked, it even shows a fingerprint usable to identify the OS. They could have used this to figure out many of the devices they think are running GrapheneOS are clearly actually running something else which explains all the weird features they describe not present in it and even incompatible with our features.

@GrapheneOS @watchfulcitizen Thanks for the link. I don't really see the `threats` there or mentions of backdoors to be included by the project. And Johanna Brousse seemed to be pretty reasonable when she closed the SSTIC conference last year (https://www.sstic.org/2025/presentation/cloture_2025/)

SSTIC2025 » Présentation » Cloture 2025 - Johanna Brousse

GrapheneOS Nov 25

@corsac @watchfulcitizen The context is important especially the references to SkyECC and Encrochat. They've made it clear they think we should providing them access and are demanding cooperation. They're also inaccurately conflating GrapheneOS with other things and talking about features, distribution and marketing it doesn't have. It's quite clear to us that it's not safe to operate in France or with French services. There are a huge amount of quotes attacking us from her across news sites.

GrapheneOS Nov 25

@corsac @watchfulcitizen Giving a talk at an infosec conference doesn't indicate anything positive. They're waging a media war against GrapheneOS, against encryption without backdoors and against secure devices. There was no contact to us about anything beforehand. If the projects being developed in France were legitimate and truly protecting people's privacy and security, then they would face similar government attacks rather than receiving substantial government funding. Not a smart move.

@GrapheneOS @corsac @watchfulcitizen I dont really get that "other projects" (namely eOS and iodé) stance. These are in no way marketing security features but minimizing of big corps tracking. Those are two really different threat models. You can achieve less big corps tracking with GOS, and gain added security as a bonus, but it is not the out of the box experience...

GrapheneOS Nov 28

@alci @corsac @watchfulcitizen /e/ and iodéOS are both scams with extraordinarily poor privacy and security. Both fail to provide high importance privacy and security patches along with standard privacy and security protections. Both have invasive services built into the OS. Both companies are misleading people about what's provided and have spent years spreading misinformation about GrapheneOS due to seeing it as a threat. We began making people aware of their false marketing because of it.

GrapheneOS Nov 28

@alci @corsac @watchfulcitizen GrapheneOS is a privacy project and provides far better privacy than either of those. You're demonstrating the impact of their false marketing harming GrapheneOS. They've successfully propagated the myth that it's a security project rather than a privacy project. They've mislead people into believing an extraordinarily non-private OS without basic privacy patches which sends user data to OpenAI without consent is a privacy project. Privacy also depends on security.

GrapheneOS Nov 28

@alci @corsac @watchfulcitizen Both companies have a business model heavily based around misleading people about what they provide including through misinformation about GrapheneOS. The claims you're making are directly based on their false marketing. The claim that GrapheneOS somehow provides less privacy than than those in general or out-of-the-box is ludicrous. Neither of those provides the standard Android privacy patches and privacy features let alone Storage Scopes, Contact Scopes, etc.

GrapheneOS Nov 28

@alci @corsac @watchfulcitizen Both companies have continued misinformation about GrapheneOS during the current attacks on it from French law enforcement. It should also be noted the attacks from French law enforcement build on the foundation built by companies including Murena and iodé of wrongly portraying it as something niche, the ridiculous claim of it not being a privacy project but rather a security project, only being useful to people targeted by states, etc. They're directly complicit.

GrapheneOS Nov 28

@alci @corsac @watchfulcitizen Both companies are involved in attacks on our team based on fabricated stories and other libel clearly aimed at directing harassment towards us. Murena has done it very directly and continues doing it. iodé is partnered with Robert Braxman, a blatant charlatan who posts fake privacy content to sell fake privacy products. He makes daily attacks on GrapheneOS with outrageously false claims to promote his products including ones in partnering with iodé.

GrapheneOS Nov 28

@alci @corsac @watchfulcitizen Multiple of Braxman's products and services are proven by security researchers to contain backdoors including fake end-to-end encryption providing keys to the server.

/e/ and iodéOS both claim to provide privacy/security patches they do not and set an inaccurate Android security patch level. The mislead users about how little their DNS filtering does for privacy from apps and bogus labels on apps.

See https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private and the linked third party content.

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum

GrapheneOS Discussion Forum

@GrapheneOS @corsac @watchfulcitizen scopesnare a great feature indeed !

HermitCyclop Nov 24

#France-having-a-normal-one

flossifatal598 Nov 24

@watchfulcitizen @GrapheneOS

It is very important GrapheneOS ships pre-installed for its public perception.

There is a massive difference in public perception between:

- I typed obscure command lines to unlock my phone and install an unofficial custom OS

vs.

- I went to Fnac and bought this phone

Once GrapheneOS has OEM contracts and can be bought like any other brand, this will help a lot countering the smearing propaganda

Watchful Citizen Nov 24

@flossifatal598 @GrapheneOS very good point of view. People that aren't technical sees that as you have something to hide. Having it pre installed gains more trust.

@watchfulcitizen @GrapheneOS
Probably something for @codegouvfr

Synapsenkitzler Nov 24

Hilfe @kuketzblog

@watchfulcitizen

Graphene is pointing the finger at several other named and unnamed custom O.S. projects or competitors for coordinating a smear campaign against them tho it seems their just speculating atm. What do y'all think is going on here, is there a sketchy competitor to blame?

@adamsaidsomething @watchfulcitizen don't think so. I like graphenos and use it, but their communication it weird and aggressive... Well, I guess it is what it takes to work on security and privacy 😄

hallunke23 🇺🇦

This is not good. But it also isn't exactly new. I recall that there was a time when France banned any and all crypto which caused Microsoft to issue a French version of Internet EXplorer that redirected all HTTPS to HTTP. It doesn't surprise me that the French are now reviving this nonsense.

@watchfulcitizen @GrapheneOS

@hallunke23 @watchfulcitizen when did that happen?! I never heard that story and can't find anything about it

hallunke23 🇺🇦

It was a long time ago, in the 1990s or so IIRC.
I'm having difficulties finding sources as well.
I found one article that reports on the underlying legislative restrictions but fails to spell out what happened in practise.

https://gilc.org/crypto/crypto-results.html#France

@maxlath @watchfulcitizen

GILC - 1997 Crypto Survey Results

hallunke23 🇺🇦

Oh, and IIRC they also put a crypto backdoor into older versions of Windows that would activate when you set your keyboard layout to French.

@maxlath @watchfulcitizen

@watchfulcitizen @GrapheneOS Certified baguette here; I just checked, because I was really surprised that this was happening, and it looks like it's right-wing leaning journals that are doing this... So I'd chalk this up to the usual fearmongering, and not something widespread (e.g. Le Monde hasn't written anything about it, and they're IMO far more grounded and diligent).

Here's an article on a (small) French tech site, noting the altercation before pointing out that @GrapheneOS went on conspiratory-like afterwards... I side with the final paragraph, stating more or less that we're all trying our best, and bashing each other's gonna lead somewhere.
https://linuxfr.org/users/hellpe/journaux/le-parisien-qualifie-grapheneos-de-botte-secrete-des-narcotrafiquants-les-devs-n-apprecient-pas
"*Le Parisien* calls GrapheneOS a secret trump card for drug dealers, devs are miffed"

PS: I happen to type this from a iodéOS phone, because I decided to buy a Fairphone out of ethical reasons, and thus GrapheneOS was a non-starter. Consider that this kind of reasoning might be at play for why they're receiving government funding and not you, not just conspiracies?

Le Parisien qualifie GrapheneOS de "botte secrète des narcotrafiquants", les devs n'apprécient pas - LinuxFr.org

Le Parisien qualifie GrapheneOS de "botte secrète des narcotrafiquants", les devs n'apprécient pas

GrapheneOS Nov 25

@issotm @watchfulcitizen

> and it looks like it's right-wing leaning journals that are doing this

That's not true. They're doing it because state agencies contacted them. Most of the articles are quotes. Do you consider state-funded news in France to be right wing? There's a massive amount of coverage based on inaccurate claims from state agencies, not the journalists. The journalists are not doing their job by taking that as fact and not giving a chance for us to respond to specifics, sure.

GrapheneOS Nov 25

@issotm @watchfulcitizen You linked to another highly inaccurate and extremely biased article. Rather than doing your own research, you're basing your claims on another inaccurate article which is wrongly blaming a right wing newspaper for it. It's easily proven wrong by a review of French state-funded news and other papers which similarly published stories heavily quoting inaccurate and unsubstantiated claims from law enforcement. Le Parisien gave little input of their own into it anyway.

GrapheneOS Nov 25

@issotm @watchfulcitizen iodéOS and /e/ are extraordinarily insecure and non-private. iodéOS is openly partnered with scammers including Robert Braxman. Both companies (iodé and Murena) have misled people about GrapheneOS for years including misrepresenting it as not for regular people. In doing so, they helped build the narratives now being used by law enforcement to mislead people about GrapheneOS.

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private has more info and third party sources on Fairphone, iodéOS and /e/.

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum

GrapheneOS Discussion Forum

@GrapheneOS @watchfulcitizen
Alright, so... I took the time to do some more searches, read your messages, and read some of that giant thread you've linked to.

> [The journals a]re doing it because state agencies contacted them. Most of the articles are quotes.
I can't speak for the contents of the Parisien or Figaro article, because they're paywalled. I would however like to point out that the Figaro's headline specifically uses the word “misused” (« détourné »), implying that this is *not* the use case y'all have intended for it.

> Do you consider state-funded news in France to be right wing?
Arguably, given our political direction these last few years, I'd say yes lol. But neither of the above two is state-funded, and since I don't have access to the contents I can't say they got the info from state agencies. How'd you know?

> There's a massive amount of coverage
Is there? I could only find three articles: [Le Parisien](https://www.leparisien.fr/faits-divers/google-pixel-et-grapheneos-la-botte-secrete-des-narcotrafiquants-pour-proteger-leurs-donnees-de-la-police-19-11-2025-NTGPQE4JCNGEHLF7XGIQ3CCA2I.php), [Le Figaro](https://www.lefigaro.fr/secteur/high-tech/qu-est-ce-que-grapheneos-ce-logiciel-detourne-par-certains-trafiquants-pour-supprimer-les-informations-de-leur-telephone-20251119), and [francetvinfo](https://www.franceinfo.fr/faits-divers/narcotrafic-les-autorites-alertent-sur-l-utilisation-d-un-systeme-d-exploitation-de-telephone-pour-echapper-aux-forces-de-l-ordre_7631510.html) (more on that one below).

> The journalists are not doing their job by taking that as fact and not giving a chance for us to respond to specifics, sure.
Actually, the francetvinfo article contains two lengthy paragraphs of your response. And... claiming that you're a non-profit is kind of missing the point? Like, yeah, sure, but what happened still happened. I agree with the rest of your stance, but I'm afraid this kind of thing does paint you in a bad light. But what do I know, I'm just a single guy :P

Google Pixel et GrapheneOS : la botte secrète des narcotrafiquants pour protéger leurs données de la police

Les analystes de la police judiciaire, spécialisés dans la cybersécurité (OFAC), viennent d’alerter sur le nouvel outil des trafiquants pour dissimuler leurs échanges via leurs téléphones portables : GraphèneOS, un système d’exploitation qui fonctionne sur les Google Pixel et qui détruit leurs données en cas d’intrusion.

Le Parisien

@GrapheneOS @watchfulcitizen

> You linked to another highly inaccurate and extremely biased article.
You mean... biased in your favour, you know that, right? Here's the last paragraph, translated for any reader's convenience:

(full disclosure: I agree with GrapheneOS that they've been unfairly portrayed by Le Parisien and on the political predicament in France, however I don't think their project is any less security theater than other extant Android forks. Regardless, one can see that for the pigs, not wanting Google in your pocket, that's suspect. "Don't stand out", I guess.)

> Rather than doing your own research, you're basing your claims on another inaccurate article which is wrongly blaming a right wing newspaper for it.

No, I went to google.fr's News tab, typed "GrapheneOS", and sifted through the first three pages, finding only Le Parisien and Le Figaro as reputable news source, and then linuxfr as an opinion piece. You'll find attached a screenshot of the first page of results. The second page only contains technical articles about trying out GOS or explaining what it is. (Again, if there's “massive” coverage, I'm missing it. And the secondary sources I see only quote these two papers, not any TV source either.)

Again, since the two articles are paywalled, I cannot offer further comment on the rest of your (second) post.

@GrapheneOS @watchfulcitizen

> discuss.grapheneos.org/d/27068-grapheneos-security-preview-releases has more info and third party sources on Fairphone, iodéOS and /e/.

The only instances of the letters "fair" are three copies of "fairly" on page 2 (yes, I have JS disabled :P), I can't find any mentions of iodé or /e/ either. Did you link to the wrong thread?

> iodéOS and /e/ are extraordinarily insecure and non-private.
*shrug* Not much worse than a stock ROM tbh. Not super diligent with security updates? I know plenty of people who procrastinate installing updates anyway, and we're all going alright with our lives. Maybe I'm gonna get hacked, but living in paranoia is not worth it, so I've chosen a balance of slightly increased privacy + not Play Services + runs on a phone I have (I avoid e-waste and things made in China when I can). And yeah, I *do* have things to hide :P

> iodéOS is openly partnered with scammers including Robert Braxman.
Are they? I could only find info listing that the latter uses the former, but no official endorsement of the former towards the latter. (Again, DDG search on "iodéOS robert braxman".)

@GrapheneOS @watchfulcitizen

Idk, I'm not looking for anything. Maybe you're right and our government is pulling strings, but it seems to me more like they're not.

Can't fault you for wanting to pull out of here, Chat Control is... [string of expletives]. I read that you're moving infra to the USA, though, which... er, aren't they worse? The NSA has a track record of spying on USA people, requiring backdoors, and are currently [being sus with TLS encryption](https://blog.cr.yp.to/20251004-weakened.html)... so I'm confused?

Also, mea culpa, I just learned about [the Europe 1](https://www.europe1.fr/Police-Justice/info-europe-1-graphene-os-la-nouvelle-arme-des-narcotrafiquants-pour-effacer-les-donnees-de-leurs-telephones-871834) article. (Though I'd point out it's *still* another private right-wing media. I should check if they're all owned by [Bolloré](https://en.wikipedia.org/wiki/Vincent_Bollor%C3%A9) or one of those mfs... *Those* guys I could totally see pulling strings.)

cr.yp.to: 2025.10.04: NSA and IETF

GrapheneOS Nov 25

@issotm @watchfulcitizen

> Idk, I'm not looking for anything. Maybe you're right and our government is pulling strings, but it seems to me more like they're not.

The articles are based on claims from French law enforcement. They're nearly entirely quotes and paraphrasing of what they've been told by law enforcement. There are many articles, not only the few you're talking about. Use Startpage instead of DDG.

> I read that you're moving infra to the USA

No, that's not accurate.

GrapheneOS Nov 25

@issotm @watchfulcitizen The link is supposed to be https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private. We're responding to multiple people and had the wrong thing in the clipboard.

> Not much worse than a stock ROM tbh.

They're dramatically less secure than a stock OS Pixel or an iPhone.

> Not super diligent with security updates?

They regularly lag years behind on important privacy/security patches and improvements.

This story is about law enforcement enraged by reasonably secure devices they can't easily exploit.

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum

GrapheneOS Discussion Forum