Mastodawn

Watchful Citizen Nov 24

@GrapheneOS is being threatened by French authorities for refusing to add backdoors and they're dealing with coordinated attacks in French media right now. They're pulling out of France entirely, moving all their servers, and fighting off a wave of bullshit one-sided reporting that makes them look like they're helping criminals.

They need us to fight back. Support them however you can, whether that's a dollar, sharing their story, pushing back on the garbage news coverage when you see it, or just telling someone you know about what's happening. All of it matters because they're drowning in attacks from governments and media and bad actors who want them gone.

This is the only Android OS that actually makes me feel like privacy isn't just marketing. They fight for us now they need us to fight for them.

The EU is pushing Chat Control and creating an environment where governments feel empowered to threaten developers into compliance, and if we stay quiet we're letting it happen. Show up for them in whatever way you're able to.

#grapheneos #Privacy #NoBackdoors #encryption #security #chatControl

@watchfulcitizen @GrapheneOS Certified baguette here; I just checked, because I was really surprised that this was happening, and it looks like it's right-wing leaning journals that are doing this... So I'd chalk this up to the usual fearmongering, and not something widespread (e.g. Le Monde hasn't written anything about it, and they're IMO far more grounded and diligent).

Here's an article on a (small) French tech site, noting the altercation before pointing out that @GrapheneOS went on conspiratory-like afterwards... I side with the final paragraph, stating more or less that we're all trying our best, and bashing each other's gonna lead somewhere.
https://linuxfr.org/users/hellpe/journaux/le-parisien-qualifie-grapheneos-de-botte-secrete-des-narcotrafiquants-les-devs-n-apprecient-pas
"*Le Parisien* calls GrapheneOS a secret trump card for drug dealers, devs are miffed"

PS: I happen to type this from a iodéOS phone, because I decided to buy a Fairphone out of ethical reasons, and thus GrapheneOS was a non-starter. Consider that this kind of reasoning might be at play for why they're receiving government funding and not you, not just conspiracies?

Le Parisien qualifie GrapheneOS de "botte secrète des narcotrafiquants", les devs n'apprécient pas - LinuxFr.org

Le Parisien qualifie GrapheneOS de "botte secrète des narcotrafiquants", les devs n'apprécient pas

GrapheneOS Nov 25

@issotm @watchfulcitizen

> and it looks like it's right-wing leaning journals that are doing this

That's not true. They're doing it because state agencies contacted them. Most of the articles are quotes. Do you consider state-funded news in France to be right wing? There's a massive amount of coverage based on inaccurate claims from state agencies, not the journalists. The journalists are not doing their job by taking that as fact and not giving a chance for us to respond to specifics, sure.

GrapheneOS Nov 25

@issotm @watchfulcitizen You linked to another highly inaccurate and extremely biased article. Rather than doing your own research, you're basing your claims on another inaccurate article which is wrongly blaming a right wing newspaper for it. It's easily proven wrong by a review of French state-funded news and other papers which similarly published stories heavily quoting inaccurate and unsubstantiated claims from law enforcement. Le Parisien gave little input of their own into it anyway.

GrapheneOS Nov 25

@issotm @watchfulcitizen iodéOS and /e/ are extraordinarily insecure and non-private. iodéOS is openly partnered with scammers including Robert Braxman. Both companies (iodé and Murena) have misled people about GrapheneOS for years including misrepresenting it as not for regular people. In doing so, they helped build the narratives now being used by law enforcement to mislead people about GrapheneOS.

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private has more info and third party sources on Fairphone, iodéOS and /e/.

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum

GrapheneOS Discussion Forum

@GrapheneOS @watchfulcitizen
Alright, so... I took the time to do some more searches, read your messages, and read some of that giant thread you've linked to.

> [The journals a]re doing it because state agencies contacted them. Most of the articles are quotes.
I can't speak for the contents of the Parisien or Figaro article, because they're paywalled. I would however like to point out that the Figaro's headline specifically uses the word “misused” (« détourné »), implying that this is *not* the use case y'all have intended for it.

> Do you consider state-funded news in France to be right wing?
Arguably, given our political direction these last few years, I'd say yes lol. But neither of the above two is state-funded, and since I don't have access to the contents I can't say they got the info from state agencies. How'd you know?

> There's a massive amount of coverage
Is there? I could only find three articles: [Le Parisien](https://www.leparisien.fr/faits-divers/google-pixel-et-grapheneos-la-botte-secrete-des-narcotrafiquants-pour-proteger-leurs-donnees-de-la-police-19-11-2025-NTGPQE4JCNGEHLF7XGIQ3CCA2I.php), [Le Figaro](https://www.lefigaro.fr/secteur/high-tech/qu-est-ce-que-grapheneos-ce-logiciel-detourne-par-certains-trafiquants-pour-supprimer-les-informations-de-leur-telephone-20251119), and [francetvinfo](https://www.franceinfo.fr/faits-divers/narcotrafic-les-autorites-alertent-sur-l-utilisation-d-un-systeme-d-exploitation-de-telephone-pour-echapper-aux-forces-de-l-ordre_7631510.html) (more on that one below).

> The journalists are not doing their job by taking that as fact and not giving a chance for us to respond to specifics, sure.
Actually, the francetvinfo article contains two lengthy paragraphs of your response. And... claiming that you're a non-profit is kind of missing the point? Like, yeah, sure, but what happened still happened. I agree with the rest of your stance, but I'm afraid this kind of thing does paint you in a bad light. But what do I know, I'm just a single guy :P

Google Pixel et GrapheneOS : la botte secrète des narcotrafiquants pour protéger leurs données de la police

Les analystes de la police judiciaire, spécialisés dans la cybersécurité (OFAC), viennent d’alerter sur le nouvel outil des trafiquants pour dissimuler leurs échanges via leurs téléphones portables : GraphèneOS, un système d’exploitation qui fonctionne sur les Google Pixel et qui détruit leurs données en cas d’intrusion.

Le Parisien

@GrapheneOS @watchfulcitizen

> You linked to another highly inaccurate and extremely biased article.
You mean... biased in your favour, you know that, right? Here's the last paragraph, translated for any reader's convenience:

(full disclosure: I agree with GrapheneOS that they've been unfairly portrayed by Le Parisien and on the political predicament in France, however I don't think their project is any less security theater than other extant Android forks. Regardless, one can see that for the pigs, not wanting Google in your pocket, that's suspect. "Don't stand out", I guess.)

> Rather than doing your own research, you're basing your claims on another inaccurate article which is wrongly blaming a right wing newspaper for it.

No, I went to google.fr's News tab, typed "GrapheneOS", and sifted through the first three pages, finding only Le Parisien and Le Figaro as reputable news source, and then linuxfr as an opinion piece. You'll find attached a screenshot of the first page of results. The second page only contains technical articles about trying out GOS or explaining what it is. (Again, if there's “massive” coverage, I'm missing it. And the secondary sources I see only quote these two papers, not any TV source either.)

Again, since the two articles are paywalled, I cannot offer further comment on the rest of your (second) post.

@GrapheneOS @watchfulcitizen

> discuss.grapheneos.org/d/27068-grapheneos-security-preview-releases has more info and third party sources on Fairphone, iodéOS and /e/.

The only instances of the letters "fair" are three copies of "fairly" on page 2 (yes, I have JS disabled :P), I can't find any mentions of iodé or /e/ either. Did you link to the wrong thread?

> iodéOS and /e/ are extraordinarily insecure and non-private.
*shrug* Not much worse than a stock ROM tbh. Not super diligent with security updates? I know plenty of people who procrastinate installing updates anyway, and we're all going alright with our lives. Maybe I'm gonna get hacked, but living in paranoia is not worth it, so I've chosen a balance of slightly increased privacy + not Play Services + runs on a phone I have (I avoid e-waste and things made in China when I can). And yeah, I *do* have things to hide :P

> iodéOS is openly partnered with scammers including Robert Braxman.
Are they? I could only find info listing that the latter uses the former, but no official endorsement of the former towards the latter. (Again, DDG search on "iodéOS robert braxman".)

@GrapheneOS @watchfulcitizen

Idk, I'm not looking for anything. Maybe you're right and our government is pulling strings, but it seems to me more like they're not.

Can't fault you for wanting to pull out of here, Chat Control is... [string of expletives]. I read that you're moving infra to the USA, though, which... er, aren't they worse? The NSA has a track record of spying on USA people, requiring backdoors, and are currently [being sus with TLS encryption](https://blog.cr.yp.to/20251004-weakened.html)... so I'm confused?

Also, mea culpa, I just learned about [the Europe 1](https://www.europe1.fr/Police-Justice/info-europe-1-graphene-os-la-nouvelle-arme-des-narcotrafiquants-pour-effacer-les-donnees-de-leurs-telephones-871834) article. (Though I'd point out it's *still* another private right-wing media. I should check if they're all owned by [Bolloré](https://en.wikipedia.org/wiki/Vincent_Bollor%C3%A9) or one of those mfs... *Those* guys I could totally see pulling strings.)

cr.yp.to: 2025.10.04: NSA and IETF

GrapheneOS Nov 25

@issotm @watchfulcitizen

> Idk, I'm not looking for anything. Maybe you're right and our government is pulling strings, but it seems to me more like they're not.

The articles are based on claims from French law enforcement. They're nearly entirely quotes and paraphrasing of what they've been told by law enforcement. There are many articles, not only the few you're talking about. Use Startpage instead of DDG.

> I read that you're moving infra to the USA

No, that's not accurate.

GrapheneOS Nov 25

@issotm @watchfulcitizen The link is supposed to be https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private. We're responding to multiple people and had the wrong thing in the clipboard.

> Not much worse than a stock ROM tbh.

They're dramatically less secure than a stock OS Pixel or an iPhone.

> Not super diligent with security updates?

They regularly lag years behind on important privacy/security patches and improvements.

This story is about law enforcement enraged by reasonably secure devices they can't easily exploit.

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum

GrapheneOS Discussion Forum

GrapheneOS Nov 25

@issotm @watchfulcitizen

> Are they? I could only find info listing that the latter uses the former, but no official endorsement of the former towards the latter. (Again, DDG search on "iodéOS robert braxman".)

Yes, they're officially partnered with him on the BraX3 device and have announced it from their account on x.com among other places. There are articles about the partnership. It's official, not an unofficial thing.

DDG is very stripped down Bing search and not great at funding stuff.

GrapheneOS Nov 25

@issotm @watchfulcitizen If you want to make a serious effort to find this stuff then at least use Startpage if you're trying to avoid using Google directly.

GrapheneOS Nov 25

@issotm @watchfulcitizen

> I agree with GrapheneOS that they've been unfairly portrayed by Le Parisien

This is missing the point of what we've been saying. GrapheneOS has been misrepresented by French law enforcement including false claims.

> I don't think their project is any less security theater than other extant Android forks

That's an extraordinarily inaccurate belief. GrapheneOS preserves all the standard privacy/security model/features and greatly enhances it vs. the direct opposite.

GrapheneOS Nov 25

@issotm @watchfulcitizen GrapheneOS is based on Android 16 QPR1 with a massive set of substantial privacy and security improvements beyond the standard ones. All of the standard privacy and security protections of current Android are intact. GrapheneOS not only keeps up with the standard patch schedule but has the December 2025, January 2026, February 2026 and March 2026 patches shipped in our security preview releases with the still embargoed patches which are allowed to be shipped early.

GrapheneOS Nov 25

@issotm @watchfulcitizen You're conflating GrapheneOS with operating systems which are still based on Android 13, 14 and 15 with only a subset of patches assigned High/Critical severity backported to those by Google. Those OSes typically provide the subset of backported patches 1-2 months after the official date, but yet they can actually be shipped 3-4 months before their official date such as us having the current March 2026 patches already. Those OSes heavily roll back security features too.

GrapheneOS Nov 25

@issotm @watchfulcitizen Those operating systems also typically go many months and even many years without providing kernel, driver and firmware patches. For example, on Pixels, they haven't provided those patches since Android 16 was released in June 2025. We backported those patches to Android 15 QPR2 and then shipped Android 16 in June 2025.

GrapheneOS successfully protects from sophisticated exploit tools such as Cellebrite Premium despite significant efforts from them to compromise it.

GrapheneOS Nov 25

@issotm @watchfulcitizen The reason France is going after GrapheneOS is because of the much stronger level of security against exploits than other devices. The reason they want to force inclusion of a backdoor is because multiple advanced commercial exploit tool products which work fine against other Android devices don't work again it. Here's a thread with a previous example, although note we have ongoing access to current documentation for these tools:

https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation

Cellebrite Premium July 2024 documentation - GrapheneOS Discussion Forum

GrapheneOS discussion forum

GrapheneOS Discussion Forum

@GrapheneOS @watchfulcitizen

Ah... that thread doesn't load for me, for some reason.

GrapheneOS Nov 25

@issotm @watchfulcitizen Here's a previous archive of the thread, which you can refresh if you want to see the newest posts:

https://archive.ph/cH3vA

The archive site is being very slow for us and some of their domains aren't working so maybe it's getting DDoS attacked.

Are you able to see this one?

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private

We can provide an archive link for that too if you can't.

@GrapheneOS @watchfulcitizen
Ah... it loads partially this time. Wonder if it's anything to do with having JS disabled. Anyway, I managed to read it.

I would like to offer some nuance to your take there; let me know if you're interested in hearing another point of view.

GrapheneOS Nov 25

@issotm @watchfulcitizen We linked 2 different threads. The one we posted an archive link for is the leaked Cellebrite Premium documentation. The other thread is the one about Murena devices which we screwed up the link for the first time. In the one about Murena devices, we linked to third party coverage of their devices. Recommend looking at the Divested Computing coverage which is more detailed than ours in many ways. We focused on security patches in particular while they covered more.

@GrapheneOS @watchfulcitizen
Haha, it's been a lot of links and transitive links (and it's late), so I've gotten mixed up.

The archive link doesn't show images, but that's fine, the text covers the gist of the info anyway. The other thread is the one that took me three tries to load—lulz @ computers :P

Looked at the dOS coverage, and, yeah, it's more of what I was thinking about—the “other point of view” I mentioned in my last toot.

GrapheneOS Nov 25

@issotm @watchfulcitizen Our forum works without JavaScript for viewing but it looks different since Flarum is implement as a single page web app with fancy quick navigation, a timeline scroll bar, dynamic loading of posts, etc. If you have JS off then it should all be shown but in a very primitive layout. Archive site is losing images because we don't allow directly embedding third party images but rather have a media proxy permitting media on specific sites being proxied, only for our site.

@GrapheneOS @watchfulcitizen
Yeah, the primitive layout is actually pretty easy on the eyes, I like it.

Either way, it's getting really late, so I'll be calling it a night for now. I'd be interested in drilling this discussion further at a later point, but I assume you're gonna have more important things on your hands :P

Anyway, while I'm gonna stick with my Fairphone and iodé for now (I was already aware of their update lag, I guess I now understand more of its extent) because I prioritise different aspects than GrapheneOS' balance, I very much respect your commitment and efforts.

I think there's been some amount of miscommunication in all of this, but hey, at least you can't be blamed for not sticking to your guns, I guess 😁

Good luck, and maybe see you another day! And good luck especially handling those other threads you mentioned o7