Mastodawn

GrapheneOS 4d ago

RE: https://mastodon.social/@vollaficationist/116250746129876535

Here's a post where the @vollaficationist clearly refers to themselves as being part of Volla and shares internal information which would only be known to someone working at Volla

This account doesn't belong to someone who uses and supports Volla's products but rather belongs to someone working at the company. Take note of how they claim to respect GrapheneOS at the end of that post. It's an extreme contrast with many of the other posts they've made trying to undermine the GrapheneOS project.

GrapheneOS 4d ago

We're opposing Volla's Unified Attestation API because it's fundamentally anti-competitive. They've failed to provide any justification for why there needs to be centralized verification through a new API built entirely on top of the Android hardware attestation API. Instead of engaging with our arguments against in good faith, they're repeatedly posting conspiracy theories about GrapheneOS claiming our project is a honey pot. Here's one of several examples.

https://mastodon.social/@vollaficationist/116251069556427406

GrapheneOS 4d ago

Here's another example visible right above that one in the same sub-thread:

https://mastodon.social/@vollaficationist/116250914503700131

GrapheneOS 4d ago

Here's Volla trying to push the idea that our opposition to Unified Attestation is being funded by shady forces tied to the US government or tech companies:

https://mastodon.social/@vollaficationist/116251250439901603

GrapheneOS 4d ago

Here they are doing the same thing while pushing the idea we aren't who we say we are and weren't actually founded by a Canadian in Canada in 2014:

https://mastodon.social/@vollaficationist/116251229357626550

GrapheneOS 4d ago

Disingenuously misrepresenting our points about the anti-competitive nature of Unified Attestation while pushing their narrative that we're shady forces involved in US intelligence or something similar:

https://mastodon.social/@vollaficationist/116251217622053206

GrapheneOS 4d ago

Here they're attacking us for supporting secure devices and working with a major Android OEM towards a serious alternative to Pixels. Volla's devices aren't designed or made by them but rather made for them by an ODM. Their devices are bottom of the barrel MediaTek hardware with atrocious security. Those don't meet our standards. That's why we don't do it.

https://mastodon.social/@vollaficationist/116251167689357464

As an example of what they're doing, Volla is partnered with the hide.me VPN company and bundles their software.

GrapheneOS 4d ago

Here are a series of posts from the Volla employee running @vollaficationist where they misrepresent their hardware as open source, inaccurately claim it's the most private/secure option with no basis and misrepresent white labelled devices from an ODM as being something far more:

https://mastodon.social/@vollaficationist/114828788734572857
https://mastodon.social/@vollaficationist/114828811907163145
https://mastodon.social/@vollaficationist/114829672784072518
https://mastodon.social/@vollaficationist/114840452085799582
https://mastodon.social/@vollaficationist/114845015249347866
https://mastodon.social/@vollaficationist/114851316858791155
https://mastodon.social/@vollaficationist/114851330429465362
https://mastodon.social/@vollaficationist/114851686998902978
https://mastodon.social/@vollaficationist/114851697197013603

GrapheneOS 4d ago

RE: https://mastodon.social/@vollaficationist/116250746129876535

In several of these threads, Volla is trying to mislead people about what they can obtain elsewhere including with GrapheneOS to promote their products. This account was originally pretending to be a Volla supporter but recently switched to speaking on behalf of Volla and posting information only known to Volla internally including https://grapheneos.social/@vollaficati[email protected]/116250746180349726. It very clearly belongs to Volla and is an example of how we've seen them doing marketing across platforms including jabs at GrapheneOS.

GrapheneOS 4d ago

This is how these companies market their products. They mislead people into buying their products rather than using much more private and secure options.

iodé and Murena have been doing this on a much larger scale than Volla with much more underhanded tactics. They've heavily pushed the false narrative that GrapheneOS isn't usable by regular people, isn't compatible with enough apps and many other inaccurate claims. In reality, it has far broader app compatibility and is much more usable.

GrapheneOS 4d ago

Volla, Murena and iodé have come together to form the Unified Attestation initiative which will permit using their products while disallowing using alternatives not participating in it. This is fundamentally an anti-competitive system. These companies are consistently not honest about what they provide with users and are playing the same game with Unified Attestation pretending that it's an open system bringing people freedom when in reality it's designed to crush competition and openness.

GrapheneOS 4d ago

Unified Attestation will only permit using the devices and operating systems participating in it. If GrapheneOS participated in it and was initially permitted, we would always be under the threat of the companies involved disallowing it. These companies and their governments could use this to exert pressure on GrapheneOS to do what they want. They can come up with arbitrary requirements for what's needed to obtain and preserve certification including requirements incompatible with our approach.

GrapheneOS 4d ago

For example, any system like this is likely to end up requiring approving each release before it would be compatible with apps checking for certified devices. This means releases would be arbitrarily delayed for certification prior to users being able to receive them without losing compatibility with any apps adopting it. The companies involved can put arbitrary requirements in place which are fine with them but not with us. Governments can also begin to exert control over this system.

GrapheneOS 4d ago

European governments would be able to block certifying GrapheneOS because we won't implement age verification, invasive client side AI scanning and other systems they're trying to impose on devices and operating systems. They can make it into a requirement to integrate these for certification. Volla, Murena and iodé are not privacy/security hardened operating systems. They do not try to protect users against authoritarian surveillance including via exploits. They do not share our goals/values.

GrapheneOS 4d ago

These companies MUST NOT be allowed to successfully seize control over the compatibility of European banking/government apps with mobile devices via Unified Attestation. These companies have a view of privacy based around protecting people from Google and the US government rather than privacy from corporations and governments as a whole. They even market themselves as providing so-called digital sovereignty by giving European governments access and control instead of the American government.

GrapheneOS 4d ago

GrapheneOS is based in Canada but we don't promote it based around it being based in Canada. We're willing to move our non-profit and operations elsewhere in the future if Canada ever passes laws incompatible with our goals. It's based in Canada because it was practical rather than as a core value or approach of GrapheneOS. If Canada goes down the same path as the EU and starts passing laws we cannot accept, then we'll leave Canada rather than ruining GrapheneOS. They won't do that with the EU.

GrapheneOS 4d ago

GrapheneOS exists for the purpose of creating highly private and secure devices which are highly usable and compatible with all of the apps people want to use. GrapheneOS doesn't exist to provide a Canadian smartphone OS and eventually hardware. It's based in Canada because it was a pragmatic decision and we believe it's currently a better location for privacy projects than the US or EU. If that significantly changes, we're open to creating a non-profit elsewhere and moving our operations there.

GrapheneOS 4d ago

GrapheneOS will fight against attempts by the Canadian government to take control over what people are allowed to use on their devices rather than building a system to enable it. Volla is building a system governments will be able to use to control which hardware and software people are allowed to use. The only usage of attestation should be to protect users as our Auditor app does, not to control what they can use as a growing subset of banking and government apps are doing. That should stop.

GrapheneOS 4d ago

We'll put our support behind a ban on root-based attestation as long as pinning-based attestation is still allowed. Pinning-based attestation doesn't have the same issues with being used to restrict competition and user choice. Our Auditor app is primarily based around pinning-based attestation with little faith put in the initial root-based attestation. A single leaked key from the least secure devices can be used to bypass root-based attestation. It's absolutely not a serious security feature.

GrapheneOS 4d ago

Here's an archive preserving all of the posts from this account clearly run Volla:

https://archive.ph/LhddH

It has the whole history of how it was used to promote it pretending to be a supporter with inaccurate marketing to the current outrageous conspiracy theory attacks.

GrapheneOS 4d ago

We're open to suggestions on a better archiving site since there are some complaints about the one we've been using. archive.org has repeatedly removed archives upon request by companies covering up what they've done to GrapheneOS so their service isn't acceptable.

@GrapheneOS
https://wiki.archiveteam.org/

?
They are on hackint IRC

Archiveteam