Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is only useful for pedophiles and spies.
Translation to English:
> There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything
Transcription in French:
> Il y a la surface d'attaque, là pour le coup on est pas des spécialistes de la sécurité, donc je ne pourrais pas te répondre avec précision, mais des discussions que j'ai eu, il semblerait que tout ce qu'on fait, ça réduit la surface d'attaque. Donc oui, probablement ça aide. Par contre, on a pas une approche "sécurité durcie", on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice. Donc il y a pas des trucs pas possibles pour voir
Here are several particularly egregious examples:
Gaël Duval and Murena participated in these attacks. They even spread harassment content towards our team and shared it with sites attacking us.
Les téléphones Google Pixel équipés du système d’exploitation GrapheneOS permettent à des criminels de dissimuler leurs échanges. Johanna Brousse, magistrate spécialisée dans la lutte contre la cybercriminalité, explique quels sont les moyens de la justice pour contourner ce type d’outils.
@GrapheneOS Le Parisien :
"Ces engins jusqu’à présent inviolés, qui protègent les communications et qui ne partagent pas les données sur les serveurs, sont un nouveau défi que le parquet cyber entend bientôt relever."
C'est exactement pareil avec Signal sur Android si on n'utilise pas le cloud, ils nous prennent pour des imbéciles.
@GrapheneOS This is clearly a smear campaign against the project.
Is there any chance this could seriously harm the project to the point of affecting the partnership with Motorola?
@bohwaz @joe_vinegar Ehm, the thread literally starts with a video? It's pretty clear who they are attacking.
Why are you defending a company that says "security is only for pedophiles and spies"?
@bohwaz @joe_vinegar Ok, I think we can at least agree that Gael Duval's statement implies that phones that do security hardening are for criminals and spies?
Now, next, which serious projects (not snake-oil security phone companies) focus on phone hardening?
So, in what way is he not attacking @GrapheneOS ?
(Perhaps ironically, he is also attacking iOS and Pixel OS, but that will whoosh past his audience, since most people do not know about Apple/Google's hardening efforts).
@fla Here's one of many cases you can hear it in his own words:
https://www.projets-libres.org/en/podcast/e-os-a-degoogled-android-gael-duval-e-foundation-murena/
> The European Union has subsidized us to the tune of several million for this project.
You can find the details of the millions of euros in funding being given to /e/ and how /e/ is heavily influencing where the money is going. They're steering government funding towards themselves and projects aligned with them. Many of these projects have a history of attacking the GrapheneOS project and our team.
@GrapheneOS to be fair they don't promise security, only privacy. at least in their foreword on their website here.
I don't think it's by accident that they don't even use the word secure, or security, on the whole page.
I've seen claims before where they claim it's better than GrapheneOS. But in what regard? Maybe degoogling and having alternatives pre-installed? GrapheneOS is probably more involved to get the same apps. That's the only way /e/ is better in my opinion
ECOSYSTEMKEY FEATURESGET /E/OSNEED HELP /e/OS is a complete, fully “deGoogled”, mobile ecosystem /e/OS is an open-source mobile operating system paired with carefully selected applications. They form a privacy-enabled internal system for your smartphone. And it’s not just claims: open-source means auditable privacy. /e/OS has received academic recognition from researchers at…
They dont provide privacy. So a promise is already broken. But beyond that, privacy cannot exist without security. They arent mutually exclusive, they are intertwined. To ignore security means you are not a privacy project.
E/ is not better at degoogling. GrapheneOS does not connect to any google servers, run any google play code, have any privilege google services, etc. Sandboxed google play is sandboxed and must be installed by the user. All default connections are to first party servers hosted by GOS. It is not more involved to get the same apps, google or otherwise.
@HybridStaticAnimate @codebam @GrapheneOS
That it must be installed by the user doesn't make it different.
IMHO the two app stores included in GrapheneOS are not sufficient for the vast majority of users.
If "every" user needs to install it to have a usable phone, it really is part of the attack surface.
(And yes, I'm aware the Play services are sandboxed on GrapheneOS which improves privacy and security)
It's a bit like delivering a computer without network functionality because it reduces the attack surface, and then blaming the user if they install network drivers.
@realn2s @HybridStaticAnimate @codebam
> IMHO the two app stores included in GrapheneOS are not sufficient for the vast majority of users.
Our own App Store is the only one included in GrapheneOS. We don't bundle third party apps and services into the OS. Using those is entirely a user choice and will remain that way.
Our App Store provides Accrescent and the Play Store. If you think other apps such as Obtainium should be easily available then get those to submit their apps into Accrescent.
@GrapheneOS I don't think you should attack frontally others like that whenever 😶
Reminding security is privacy is good.
Responding to attacks is good (which is not the case *here*)
I understand its CEO and the Murena company might have attack the GrapheneOS project in the past, and responding to that was normal too.
But I don't see attacking /e/OS like that often as a positive feedback in general. A simple reminder could have been enough.
❤️ on the GrapheneOS project btw
@blueluma /e/, Murena and Duval have been continuously attacking the GrapheneOS project for many years. They've misled a huge number of people about what GrapheneOS provides. Many people wrongly believe GrapheneOS isn't for them because of this.
GrapheneOS is a highly usable OS with far broader app compatibility than /e/. Unlike /e/, GrapheneOS has major privacy enhancements instead of rolling back privacy compared to the Android Open Source Project. /e/ adds a bunch of invasive apps/services.
@blueluma Gaël Duval has repeatedly claimed serious privacy and security projects are only for pedophiles, criminals and spies. They've specifically said this about GrapheneOS many times but have also attacked Signal before too.
Duval, /e/ and Murena aren't on the same side. They're doing what they think will make them money which is compromising between privacy and state access. They present protecting privacy from more than American corporations as nefarious. They're undermining privacy.
"I don't think you should attack frontally others like that whenever"
Gael Duval attack GrapheneOS, GrapheneOS responds to these attacks.
"I understand its CEO and the Murena company might have attack the GrapheneOS project in the past"
It's not in the past, these attacks are recuring, and he does it again in this recent video. Duval has been waging a disinformation campaign against GOS for years.
@SomeAnoTooter @blueluma @Xtreix The way we're handling it is working fine. /e/ and Murena are enemies of privacy as they've made clear by repeatedly claiming serious privacy protections are only for pedophiles, criminals and spies. This isn't the first time they're saying it.
They're promoting an approach where they avoid some Google apps/services while adding a bunch of Google services to the OS and use DNS filtering to block low hanging fruit but not the most privacy invasive behavior.
Jeff Codes
GrapheneOS
David Penfold 
Xtreix
Lilith 🏴🇵🇸
Sailor Anarres
Joe Vinegar
BohwaZ
Daniël
DonCC
Fla
Sean
HybridStaticAnimate
Claudius Link
Senioradmin
jose
Blue Luma
SomeAnoTooter