GrapheneOSGrapheneOS is an open source project. Open source means it can be modified and used for any purpose including commercial ones. People making forks of GrapheneOS are supposed to rebrand it and make it clear that it's not the official GrapheneOS but rather a derivative of it.
A bunch of companies and individuals have sold devices with GrapheneOS or a fork of it. Many companies making forks of GrapheneOS haven't complied with our open source licenses and our separate rules for usage of our trademarks which we've been actively addressing for years.
From 2018 through around 2021, Abdoul Rasnab sold devices with his own proprietary fork of GrapheneOS. That's 4 years after the project was started. He had no involvement in creating or founding GrapheneOS. He also didn't write absolutely any of the GrapheneOS project's code.
Abdoul Rasnab said he wanted to support us and committed to providing a portion of the sales of devices. We had no formal business deal. He didn't need a commercial license to use GrapheneOS. We thought it was someone being generous, although he didn't end up sending most of it.
Abdoul Rasnab repeatedly misrepresented himself as a creator or founder of GrapheneOS on LinkedIn and elsewhere. He repeatedly agreed to stop but never followed through. Later, we found out he built his whole business around misrepresenting himself as having created GrapheneOS.
He used GrapheneOS as the name for his proprietary fork of GrapheneOS and also named his company founded in the Netherlands GrapheneOS. He didn't have authorization to do this and was misleading us about what he was doing and how he was presenting his involvement in GrapheneOS.
He took advantage of the fact that we were incredibly busy and under huge pressure from attacks by Copperhead. He acted as if he was supporting us while actually taking advantage of us and pretending he had created the open source project he didn't write 1 line of code in.
He did multiple interviews in Dutch with media in the Netherlands where he misrepresented himself as being the founder and creator of GrapheneOS. He told his customers he was the creator of GrapheneOS and that devices running a fork from him were using the official GrapheneOS.
To this day, Abdoul Rasnab misrepresents himself as a founder of GrapheneOS. He even portrays himself as being actively involved in the project. He makes many extraordinarily claims about himself unrelated to GrapheneOS which help to contextualize the claims about GrapheneOS.
His proprietary fork of GrapheneOS and his company both wrongly reusing the name of the project he forked only existed from around 2018 through 2021. The part that's still ongoing is that he keeps reverting back to promoting himself by claiming to have founded GrapheneOS.
Back in 2018, we renamed CopperheadOS to the Android Hardening Project as a placeholder and told people we were deciding on a new name. Abdoul Rasnab was one of multiple people who suggested GrapheneOS as a name. He seems to think that somehow made into his project post-rename.
We ended up having to purchase the grapheneos.com domain including the rights to the name. Run a WHOIS or RDAP check on grapheneos.com and you'll see it was registered in 2014. There was also a name collision with an academic project which renamed themselves.
The person who sold us the grapheneos.com domain with the original rights to the name only charged us around $500 to cover their costs along with wanting a phone running GrapheneOS and accepted an old used one. It's possible they're now a GrapheneOS and supporter.
Abdoul Rasnab misrepresented himself as creating and founding the project in order to gain an advantage over other companies selling devices with GrapheneOS. He had conflicts with those companies and he did things such as filing DMCA takedowns in our name without authorization.
He created a proprietary fork of GrapheneOS and founded a company selling phones with it in Europe. He was allowed to fork GrapheneOS and sell it but absolutely shouldn't have used the same name as the upstream project. He's passing this off as having created/founded GrapheneOS.
Abdoul Rasnab previously tried to extort us by coming up with fabricated stories about us and claiming he would ruin our reputation pushing those in the media. He backed down and he once again stopped wrongly calling himself a founder of the project but now he's back to doing it.
Abdoul Rasnab has created a website filled with AI slop where he claims to have discovered a bunch of severe vulnerabilities and claims credit for hacking multiple companies. He's once again falsely claiming to have founded GrapheneOS on this website:
Cybernews is a content farm presenting their coverage of information security as being investigative journalism and security research. We've previously debunked a story from them involving the Pixel 9 which was heavily spread by other news publications:
Cybernews has taken AI slop content from Abdoul Rasnab's site claiming credit for hacking a company and published it on their site, which is now being spread by other news sites:
https://cybernews.com/security/ajax-silenced-hacker-2017-data-breach/
This is the state of journalism in 2026. It's why we've posted this thread.
Abdoul Rasnab spent a year in prison in Spain which brought an end to his proprietary fork of GrapheneOS pretending to be the original project and his company selling it. We don't know the details. He claims he didn't commit a crime and was found to be innocent. It's possible.
We heard from several people who knew Abdoul Rasnab that the reason for his arrest and imprisonment while awaiting trial was him pretending to have committed crimes to impress a woman who turned out to be a police informant. That sounds a lot like what he's doing right now.
Abdoul's site claims he's responsible for major data breaches even including the 2014 celebrity nude photo leaks tied to iCloud. Abdoul has previously duped Dutch podcasts and news sites including Tweakers.net into publishing content claiming he founded GrapheneOS.
Take a look at Abdoul's site and expand the section on data breaches where he claims credit for a bunch of them. We have direct experience with 2 years of him pretending to be supportive while building a business around pretending to be our project. This is simply how he rolls.
Joris (dwz)@GrapheneOS
Interesting. He was indeed in national news last week as the ethical hacker who apparently twice hacked Amsterdam football club Ajax. And had an NDA as proof to show a TV station. https://www.bnr.nl/nieuws/tech-innovatie/10597115/ajaxstopteomvangrijkdatalekuit-2017-in-de-doofpot
Interesting. He was indeed in national news last week as the ethical hacker who apparently twice hacked Amsterdam football club Ajax. And had an NDA as proof to show a TV station. https://www.bnr.nl/nieuws/tech-innovatie/10597115/ajaxstopteomvangrijkdatalekuit-2017-in-de-doofpot
Ajax stopte omvangrijk datalek uit 2017 in de doofpot
Ajax had in 2017 al te maken met een datalek, dat destijds werd ontdekt door een ethisch hacker. Dit lek wist de voetbalclub onder de pet te houden via een geheimhoudingsovereenkomst met de hacker, die BNR heeft ingezien. Naast de handtekening van de hacker staat ook de handtekening van toenmalig Ajax-directeur Edwin van der Sar onder de overeenkomst.
@Joris He's a serial fabricator and many of his claims about it are likely untrue. He's experienced at getting the Dutch media to believe his inaccurate stories including previously duping them into believing he created GrapheneOS. The content on his site claims he was responsible for the 2014 celebrity nude leaks and much more. It's clearly not true and there's nothing ethical about the kind of stuff he's claiming credit for doing. He likely didn't do much or even any of what he claims.
@GrapheneOS
I'll see if I can nudge a journalist to dive a bit deeper.
I'll see if I can nudge a journalist to dive a bit deeper.
@Joris He literally spent time in prison which was seemingly because he makes up stories about his crimes. He's a serial fabricator. He did not create GrapheneOS and was not a founder. He made a company selling a proprietary fork of it which he wrongly called GrapheneOS. He now claims he founded it since he made a fork of it wrongly reusing the name. He has never worked for us and yet his LinkedIn claims he's working for GrapheneOS to this day as a business director. It's utter nonsense.
Cambionn@Joris
1/2
In a topic on Tweakers Abdoul replied:
https://gathering.tweakers.net/forum/list_messages/2331668
Imho it makes him look worse. He replies with inconsistencies, simply denies without any follow-up, stays vague, tries to redirect the topic away from the actual questions, and best: his screenshots seem to line up with @GrapheneOS their story
He also uses some similar tricks to "cyber security expert" Rian van Rijbroek, from overly referring to secret services to using previous publications to proof how trustable he is
@Joris
2/2
Tweakers also confirmed Abdoul personally asked to be named this way. His own screenshot even shows him sending Tweakers "sort of co-founder. Please change".
And they confirmed that @GrapheneOS already said this back then (in 2020):
"Co-founder isn't an accurate description of his role. Where are you getting that from? Did he say that to you?"
Tweakers also mentioned that they're not sure why it wasn't removed back then, implying it should've and didn't get redacted as an oversight
@Cambion oh, the topic is closed, I'll put back the popcorn. :#
h3artbl33d 
I can confirm all of this 
I contributed to the article - my Tweakers handle being jurroen, was interviewed by @arnoudwokke in a (pleasant, I might add) phone call of 45-ish minutes. I even had Abdoul over in my home (back then).
What the GrapheneOS project account mentions here is completely truthful. I am glad that Arnoud responder the way he did (he is a very kind person) and made the corrections.
@Cambion @Joris @GrapheneOS @arnoudwokke
Normally, I wouldn't share these details publicly - but with so much misinformation and adversarial campaigns against #GrapheneOS going on, I will breach my own OpSec as it benefits the greater good (IMHO).
Should there be any follow up questions, either publicly or privately, happy to answer all of them. I have a Signal account listed on the about page of my blog - DMs are open.
Granted, a reply might take one or two days - IRL is somewhat busy and demanding at the moment.
@Cambion Excellent! I already saw @arnoudwokke 's reply, but missed the GoT thread :) https://mastodon.xyz/@arnoudwokke/116323507569263695
@Cambion @arnoudwokke
PPS:
I notice RTL Nieuws brought the Ajax hack as their own discovery and did not mention Abdoul.
I see Abdoul responded to Tweakers and presumably that's why the post on Tweakers was modified to mention him?
BNR has the most extensive report on Abdoul and his claimed hack of Ajax in 2017. Maybe @MarkBeekhuis can nudge his colleagues :)
https://www.bnr.nl/nieuws/tech-innovatie/10597115/ajaxstopteomvangrijkdatalekuit-2017-in-de-doofpot
PPS:
I notice RTL Nieuws brought the Ajax hack as their own discovery and did not mention Abdoul.
I see Abdoul responded to Tweakers and presumably that's why the post on Tweakers was modified to mention him?
BNR has the most extensive report on Abdoul and his claimed hack of Ajax in 2017. Maybe @MarkBeekhuis can nudge his colleagues :)
https://www.bnr.nl/nieuws/tech-innovatie/10597115/ajaxstopteomvangrijkdatalekuit-2017-in-de-doofpot
Ajax stopte omvangrijk datalek uit 2017 in de doofpot
Ajax had in 2017 al te maken met een datalek, dat destijds werd ontdekt door een ethisch hacker. Dit lek wist de voetbalclub onder de pet te houden via een geheimhoudingsovereenkomst met de hacker, die BNR heeft ingezien. Naast de handtekening van de hacker staat ook de handtekening van toenmalig Ajax-directeur Edwin van der Sar onder de overeenkomst.
@Joris @arnoudwokke @MarkBeekhuis that one dóés mention it's found by "an ethical hacker". I think that refers to Abdoul.
From what I understand the Ajax thing is correct, but he seems to use that to look more creditable everywhere else regardless of truth.
Mark Beekhuis@Joris
Nudging I don't know. But I have shared this thread with Bart, who I guess may not be on Mastodon
@Cambion @arnoudwokke
Nudging I don't know. But I have shared this thread with Bart, who I guess may not be on Mastodon
@Cambion @arnoudwokke
@MarkBeekhuis
All I hoped for, thanks! Could not find him here, but search is not Mastodon's forté 🙃
@Cambion @arnoudwokke
All I hoped for, thanks! Could not find him here, but search is not Mastodon's forté 🙃
@Cambion @arnoudwokke