GrapheneOSWe strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
Google's Play Integrity API is a horrible system enforcing using devices officially licensing Google Mobile Services. It permits those regardless of how many years behind they are on security patches. The solution to this isn't another anti-competitive system based in Europe.
Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.
Hardware-based attestation has valid use cases including the Auditor app on GrapheneOS for protecting users. The way these companies are using it serves no truly useful purpose beyond giving themselves as unfair advantage while pretending it has something to do with security.
If banks and governments insist on checking devices for security they should define actual standards. It should be possible for any tiny project to be certified at no cost and the standards should be fairly enforced so a mainstream device without current patches is disallowed.
Volla, Murena and iodé sell products with atrocious security. They fail to provide important patches and protections while misleading users with inaccurate claims about privacy and security. That includes setting an inaccurate Android security patch level despite missing patches.
These companies should not have any say over which devices can be used for European banking and government apps. It will reduce competition and reduce security exactly as the Play Integrity API is already doing. The EU should ban using attestation to determine OS compatibility.
Murena and iodé are extremely hostile towards GrapheneOS. They've spent years misleading people about it with inaccurate claims to promote their insecure products. We'll never work with them. Volla, Murena and iodé should have no say in which OS people can use on their devices.
There's no legitimate purpose for either Play Integrity or Unified Attestation to exist. Both will inherently fail to uphold even basic security standards since otherwise their own products wouldn't be allowed. Root-based attestation is also inherently not a secure approach.
Having a European version of the Play Integrity which permits people to use insecure products from specific European companies participating in it while disallowing using arbitrary hardware or software is the opposite of a solution. It's more of the same anti-competitive garbage.
ṫẎℭỚ◎ᾔ ṫ◎ℳ@GrapheneOS Totally, 🤦🏼 I don't wanna be locked-in📵 😠
Daniel@TycoonTom @GrapheneOS you will not be, the standard is open for everyone
@DanielDNK @TycoonTom The standard is not open to everyone. It's run by a group of companies hostile to GrapheneOS which will be permitting their own products but not GrapheneOS.
Unified Attestation is a centralized system built on top of the Android hardware attestation API for the sole purpose of a power grab where these companies can control which devices and operating systems are allowed. They haven't made their own attestation system. They've made a system to control use of a standard API.
@TycoonTom @GrapheneOS and if you install it in another profile, alone without Bitwarden in the same profile?
@DanielDNK With play installed cuz you gotta get it via google only nowadays 🤦🏼
HybridStaticAnimate@DanielDNK @TycoonTom @GrapheneOS Attestation as a process is open. The approved OSs would be controlled by the owners of unified attestation. The approach of just making more play integrity clones makes no sense when the service can just pick the OSs themselves.
Nicholas B.@GrapheneOS I would like to say Thank You! GrapheneOS devs for giving us the best Privacy and Security on a phone and also a LOT of Peace of Mind for the privacy concious people. 😉👍 Also been using it for a month now and I pretty much like it even if I had to get a Pixel for it, it was worth it!
@GrapheneOS Also I really hope that Android won't have the same fate as iOS, otherwise our only open-source option remaining is Linux.
@privacyfriendly Android Open Source Project and GrapheneOS are Linux. AOSP is open source and has a massive ecosystem built on the open source code. There are many stakeholders interested in continuing it. It would be a very messy situation if the original upstream stopped existing but it's entirely possible for development on it as an open source project to continue. It hopefully won't come to that. Ideally Android will be forcibly split from Google into a company friendlier to open source.
@GrapheneOS OK, I understand it a bit better now. Thanks for the explanation! Let's HOPE For The BEST!
Dr0id@GrapheneOS @privacyfriendly I have a question in a hypothetical framework. If that was like this in the end and Android closed completely... What would you do in that case??? Is it possible for you to participate in the development of an alternative Linux operating system like those already underway???
ftm@GrapheneOS and what exactly is your conflict with volla. I get the iodé and Murena part, but what's wrong with Volla?
KernackIf I had to guess than locked bootloader or something similar.
@ftm Murena and iodé relentlessly spread false claims about GrapheneOS and our team. That includes personall targeting our team with absolutely vile bullying and harassment.
Here's the founder and CEO of /e/ and Murena linking to content from a neo-nazi conspiracy site targeting our founder with blatant fabrications including links to harassment content from Kiwi Farms users:
https://archive.is/SWXPJ
https://archive.is/n4yTO
Volla is fully aware of all this but works closely with these groups.
@ftm Their Unified Attestation system is a proposal to ban people from using GrapheneOS while permitting using insecure operating systems from the companies working with them. Why wouldn't we have an issue with that? Even if they did give in and permit using GrapheneOS, we don't want these systems to exist. Hardware attestation should be used to protect users rather than determining OS compatibility in a way that has nothing to do with security. Banning using an OS based on this is wrong.
DekOfTheYautja@GrapheneOS @ftm Ah geeze, here we go again 🤣
Daniël de Kok@ftm @GrapheneOS it is worth checking Volla's source trees. They use ancient kernels firmware blobs, etc. It's pretty much the same issue as GMS Android, the whole attestation thing becomes security theater if phones with years of known holes get attested.
@danieldk @ftm It's inherently security theatre because neither companies and governments are willing to ban using the majority of Android phones which is what would happen if even basic security standards such as keeping up with High and Critical severity patches from AOSP and the SoC / radio vendors was enforced. Instead, they're disallowing people having the freedom to use their hardware or OS of choice while not enforcing even basic security standards. They're disallowing better security.
@ftm @GrapheneOS Another thing I don't really like about Volla is that they seem to do Eurowashing.
Maybe (some part of) the Volla Phone Quintus is assembled in Europe, but the phone seems to be a rebranding of the Daria Bond 5G (stated by multiple sources, including the PostmarketOS wiki) with a markup of ~550 Euro (~160 -> 719 Euro): https://www.amazon.ae/Android-Smartphone-Storage-Octa-Core-Monetization/dp/B0DDYDZC4V?th=1
The Daria Bond 5G is sold by an UAE company that also maintains the Volla Phone Quintus source trees (well, 'maintain' is a big word).
Daria BOND 5G Android 14 Smartphone, 8GB RAM, 256GB Storage, 50MP AI Triple Camera, 120Hz Curved AMOLED, Octa-Core 2.6 GHz, Web3 Monetization, Built-In Wallet with Free Super Fast Charge Power Adaptor: Buy Online at Best Price in UAE - Amazon.ae
Buy Daria BOND 5G Android 14 Smartphone, 8GB RAM, 256GB Storage, 50MP AI Triple Camera, 120Hz Curved AMOLED, Octa-Core 2.6 GHz, Web3 Monetization, Built-In Wallet with Free Super Fast Charge Power Adaptor online on Amazon.ae at best prices. ✓ Fast and free shipping ✓ free returns ✓ cash on delivery available on eligible purchase.
Rik ShawSorry a bit unrelated, @ftm but I *don't* get the iodé part?
Locked bootloaders, v7.3 just released is A16 QPR2. Yes it is LineageOS based, but with tracking etc. blocked. Personally I would rather run open-source microG than *full fat proprietary Google Play Services* even if they are unprivileged or sandboxed, etc.
iodé and /e/ are both LineageOS based and use microG but otherwise aren't related. Too bad they always get lumped together.
tuxpingu@GrapheneOS Well, I don't know what's going on in your heads, but whether people want to use Murena, Volla, etc., or GrapheneOS, that's up to the users themselves to decide... It's okay if you don't like each other, but making a statement like that is below the belt... As a GrapheneOS user, I feel embarrassed on your behalf... Just because you've teamed up with Motorola doesn't mean you have to be so arrogant... My two cents.
@Pingitux Their products aren't at all what they claim but rather have poor privacy and atrocious security. They feel very threatened by GrapheneOS. Murena and iodé have engaged in many years of attacks on GrapheneOS including personal attacks on our team. They've engaged in absolutely vile fabrications and bullying aimed at directing harassment towards our team. Their communities have relentlessly targeted our team with harassment. You're pushing a false narrative about what's happening.
@Pingitux Here's the founder and CEO of /e/ and Murena linking to harassment content from a neo-nazi conspiracy site targeting our founder with fabrications:
https://archive.is/SWXPJ
https://archive.is/n4yTO
Their founder and CEO has regularly engaged in vile personal attacks on our including spreading harassment content directly from Kiwi Farms.
Debunking lies about GrapheneOS and our team along with providing accurate information countering their false marketing isn't what you claim it is.
@GrapheneOS Okay, they attacked you, told lies, whatever... Honestly, show some class and don't give a damn about their opinion. After all, you have a community behind you that stands by you... You know, let me put it this way: I tell the world that if it annoys me, I don't give a fuck.. You should try that too when someone gets on your nerves. It works wonders ;)
@Pingitux Our community should help us much more than they do with the attacks being perpetrated against GrapheneOS and our team. If that was happening then it wouldn't be causing nearly as much harm and we wouldn't talk about it as much as we wouldn't feel nearly as much pressing need to provide an alternative to their inaccurate and misleading claims.
@GrapheneOS Have you brought it up in the community? That it's getting on your nerves and that you would like more support from the users?
eske@eskealler Sorry, I don't know the answer; I wasn't given one, and a few posts later I got blocked 😂 ....
@Pingitux I really wonder what is up with their communication. Very strange. Rather quarrelsome.
@eskealler True... well, whatever... it's up to them (the developers of GrapehneOS)... I've got popcorn and time to spare 😂
@GrapheneOS Also ich weiß ja nicht, was in euren Köpfen vorgeht aber: Ob die Menschen Murena, Volla und Co nutzen wollen oder GrapheneOS nutzen, dass sollen die user selbst entscheiden ..... Das ihr euch untereinander nicht leiden könnt okay, sei es drum, aber so ne Aussage abzuliefern ist unterhalb der Gürtellinie..... Da muss man sich als GrapheneOS User ja für eure Aussage regelrecht fremd schämen .... Nur weil ihr nun mit Motorola euch zusammengetan habt, heißt es noch lange nicht das ihr euch so überheblich ablästern müsst ..... Meine Meinung
@Pingitux Their products aren't at all what they claim but rather have poor privacy and atrocious security. They feel very threatened by GrapheneOS. Murena and iodé have engaged in many years of attacks on GrapheneOS including personal attacks on our team. They've engaged in absolutely vile fabrications and bullying aimed at directing harassment towards our team. Their communities have relentlessly targeted our team with harassment. You're pushing a false narrative about what's happening.
@Pingitux Here's the founder and CEO of /e/ and Murena linking to harassment content from a neo-nazi conspiracy site targeting our founder with fabrications:
https://archive.is/SWXPJ
https://archive.is/n4yTO
Their founder and CEO has regularly engaged in vile personal attacks on our including spreading harassment content directly from Kiwi Farms.
Debunking lies about GrapheneOS and our team along with providing accurate information countering their false marketing isn't what you claim it is.
@GrapheneOS Yes, it may be that their products lag behind in terms of security, data protection, and patch levels.... A few independent bloggers/journalists should critically test their software and deliver an honest article.... Okay, and because they are personally attacking the founder of GrapheneOS, we have to stoop to their level, right?
@Pingitux We've posted accurate information debunking their attacks and addressing their false marketing. We've continued posting it because of continued attacks on GrapheneOS and our team. That's absolutely not stooping to their level. There's no reason for us to tolerate someone engaging in such blatant misrepresentations and lies about our project and team. You're going to achieve the direct opposite of silencing us. There's no reason for you to continue contacting us beyond trolling.
Cosmic Excursionist@GrapheneOS seeing frequent hostility and drama come out of this account makes me want to switch off of GOS, despite really liking it. It makes me feel uncertain about the sustainability of the project and the character of people behind it. Hopefully the constant drama I am seeing doesn't represent the overall culture of the project. If not, please get someone else to manage the socials!
Bonsai861@cosmicexcursionist @GrapheneOS This is one of the reasons I'll be moving away from GOS with my next phone.
@bonsai861 @cosmicexcursionist @GrapheneOS You're going to abandon the most secure and private ROM because you saw internet drama you didn't like instead of just muting it...?
@frutiger @cosmicexcursionist @GrapheneOS I have muted them (they then blocked me anyway). It is only one of the reasons.
They might have the most secure AOSP ROM but they are also very insular and are actively discouraging collaboration that would remove dependencies on US-based big tech. I get the feeling they promote security at the expense of anything else.
My main reason to get GOS in the first place was to begin the process of removing my dependency on Google. That isn't the aim of GOS.
@frutiger @bonsai861 @GrapheneOS I don't have the time to personally vet every line of code I run. To an extent, my security depends on being able to trust the people and organizations building my systems. Security also isn't the only thing I value, I also value sustainability. I am also saying something because what I'm observing in my feed is a pattern rather than an isolated incident.
Johan Pelck Olsen@cosmicexcursionist @GrapheneOS Same. I'm in the market for a non-big-tech phone, and even though it seems like the arguments being made might be technically sound, the animosity against *everyone else* is a pretty big red flag