Mastodawn

CryptoLek 🍉🌻14h ago

Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies.

Translation to English:

> There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything

GrapheneOS 16h ago

> we do reduces attack surface. However, we don't have a "hardened security" approach, we aren't developing a phone for pedo(censored) so they can evade justice. So there aren't difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That's not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn't be legal in real life

GrapheneOS 16h ago

> with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone.

GrapheneOS 16h ago

Transcription in French:

> Il y a la surface d'attaque, là pour le coup on est pas des spécialistes de la sécurité, donc je ne pourrais pas te répondre avec précision, mais des discussions que j'ai eu, il semblerait que tout ce qu'on fait, ça réduit la surface d'attaque. Donc oui, probablement ça aide. Par contre, on a pas une approche "sécurité durcie", on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice. Donc il y a pas des trucs pas possibles pour voir

GrapheneOS 16h ago

> si la mémoire est pas corrompue, des trucs de sécu vraiment durcis qui pourraient être utiles clairement pour des dirigeants, dans les services secrets ou que sais-je. C'est pas notre but, notre but c'est de partir d'un constat, aujourd'hui nos données personnelles sont pillées en permanence et ça serait pas légal dans la vraie vie avec le courrier ou le téléphone, on veut changer ça. Donc on vous fait un produit qui change ça par défaut pour n'importe quelle personne.

GrapheneOS 16h ago

GrapheneOS exists to protect users from having their privacy invaded by arbitrary individuals, corporations and states. Privacy depends on security. GrapheneOS heavily improves both privacy and security while providing a high level of usability and near perfect app compatibility.

GrapheneOS 16h ago

/e/ has far worse privacy and security than the Android Open Source Project. They fail to keep up with important standard privacy and security patches for Android, Linux, firmware, drivers and HALs. They fail to provide current generation Android privacy and security protections.

GrapheneOS 16h ago

For years, Gaël Duval has spearheaded a campaign to misrepresent GrapheneOS as not being usable, not compatible with apps and only useful to a tiny minority of people. He has repeatedly claimed GrapheneOS is for pedophiles, criminals and spies while claiming /e/ is for everyone.

GrapheneOS 15h ago

It's hardly only GrapheneOS focusing on protecting users against exploits. Apple and Google have put a ton of work into it. Apple heavily focuses on privacy and security. That includes protecting against remote exploits, local exploits from compromised apps and data extraction.

GrapheneOS 15h ago

GrapheneOS and iOS are both heavily focused on privacy and security. Both are gradually adding much stronger protections against apps/sites scraping data, coercion users into giving data via alternatives with case-by-case consent and increasingly strong exploit protections.

GrapheneOS 15h ago

/e/ is far weaker in all of these areas compared to the standard Android Open Source Project on secure hardware. It doesn't keep up with standards updates and protections. It adds tons of low security attack surface and privacy invasive services. It's not in the same space as us.

GrapheneOS 15h ago

/e/ and Murena devices are far worse for privacy and security than an iPhone. It's trivial to break into their devices remotely or extract data from them compared to an iPhone. They have weaker privacy protections from apps too. Their main approach to privacy is a DNS blocklist.

GrapheneOS 15h ago

Their DNS blocklist can only block domains not used for useful functionality to avoid ruining usability. Meanwhile, the most privacy invasive behavior by apps is rarely ever split out into separate domains. Even for those, apps and websites can trivially evade DNS blocklists.

GrapheneOS 15h ago

It's common for apps and websites to do everything through their own servers. That's best practice to avoid leaking API keys. It's increasingly common for invasive libraries to use hard-wired IPs and/or DNS-over-HTTPS to evade blocking. DNS filtering is increasingly less useful.

GrapheneOS 15h ago

Murena is a for-profit company owned by shareholders including Gaël Duval. /e/ has a non-profit organization which is also led by Gaël Duval. /e/ includes paid services from Murena. /e/ very clearly exists to build products for Murena to sell in order to enrich the shareholders.

GrapheneOS 15h ago

Despite being done for profit, /e/ receives millions of euros in funding from the EU on an ongoing basis. /e/ and Murena use extraordinarily inaccurate marketing to not only promote their products/services but also to mislead people about GrapheneOS and scare them away from it.

GrapheneOS 15h ago

Recently, France's national law enforcement began fearmongering about GrapheneOS and smearing it with inaccurate claims. France's corporate and state media heavily participated. Many articles and also radio/television coverage misrepresented GrapheneOS as being for criminals.

GrapheneOS 15h ago

Across French corporate and state media covering it, inaccurate claims by the state about features, distribution and marketing of GrapheneOS were wrongly presented as fact. Most of them didn't contact us and we weren't shown what was being claimed so we could properly respond.

GrapheneOS 15h ago

Here are several particularly egregious examples:

https://www.leparisien.fr/faits-divers/telephones-proteges-utilises-par-les-narcotrafiquants-rien-nest-inviolable-19-11-2025-3PP34GIBAJGH3EZOVEJVT7OMU4.php

https://www.leparisien.fr/faits-divers/google-pixel-et-grapheneos-la-botte-secrete-des-narcotrafiquants-pour-proteger-leurs-donnees-de-la-police-19-11-2025-NTGPQE4JCNGEHLF7XGIQ3CCA2I.php

https://www.franceinfo.fr/faits-divers/narcotrafic-les-autorites-alertent-sur-l-utilisation-d-un-systeme-d-exploitation-de-telephone-pour-echapper-aux-forces-de-l-ordre_7631510.html

Gaël Duval and Murena participated in these attacks. They even spread harassment content towards our team and shared it with sites attacking us.

Téléphones protégés utilisés par les narcotrafiquants : « Rien n’est inviolable ! »

Les téléphones Google Pixel équipés du système d’exploitation GrapheneOS permettent à des criminels de dissimuler leurs échanges. Johanna Brousse, magistrate spécialisée dans la lutte contre la cybercriminalité, explique quels sont les moyens de la justice pour contourner ce type d’outils.

Le Parisien

GrapheneOS 15h ago

/e/ and Murena are based in France. They've been pushing false narratives about GrapheneOS falsely claiming it isn't usable by regular people and doesn't benefit them for years. Duval has been making the ludicrous claim GrapheneOS is only useful to criminals and spies for years.

GrapheneOS 15h ago

/e/ and Murena aren't on the same side as GrapheneOS. They're charlatans selling devices with poor privacy and atrocious security to earn money. They've spent years trying to undermine a legitimate privacy project and heavily use the same talking points as police state advocates.

@GrapheneOS Le Parisien :

"Ces engins jusqu’à présent inviolés, qui protègent les communications et qui ne partagent pas les données sur les serveurs, sont un nouveau défi que le parquet cyber entend bientôt relever."

C'est exactement pareil avec Signal sur Android si on n'utilise pas le cloud, ils nous prennent pour des imbéciles.

@davep @GrapheneOS Hahaha, furthermore, this false claim makes no sense: GrapheneOS does not route user communications through these servers; GrapheneOS is not a company and does not offer services such as messaging or email etc.

Claude Champagne 14h ago

The article is behind a paywall...

GrapheneOS 14h ago

@claude_champagne Here's a paywall bypass for the 2 paywalled articles above:

https://archive.is/UrlvK

https://archive.is/AhMsj

The third one doesn't have a paywall and there are many more similar articles across other sites. We didn't want to link the ones where our team was personally targeted by a tech news site heavily misrepresenting our statements and adding up the total amount of tweets we posted over a week mainly as replies to questions to misrepresent as being on our main timeline.

Lilith 🏴🇵🇸15h ago

@GrapheneOS This is clearly a smear campaign against the project.

Is there any chance this could seriously harm the project to the point of affecting the partnership with Motorola?

Sailor Anarres 14h ago

@GrapheneOS thats how you know you are doing something right

Joe Vinegar 15h ago

@GrapheneOS I boosted this out of sympathy, but are there public sources for these statements?

@joe_vinegar Nope, GOS social account has been attacking other projects without providing any sources for years. And if you try to ask, they'll tell you to do your own research, or that you are part of a conspiracy… This is sad really.

@bohwaz @joe_vinegar Ehm, the thread literally starts with a video? It's pretty clear who they are attacking.

Why are you defending a company that says "security is only for pedophiles and spies"?

@danieldk
I am not defending what they said. The video doesn't mention gos at all.
@joe_vinegar

@bohwaz @joe_vinegar Ok, I think we can at least agree that Gael Duval's statement implies that phones that do security hardening are for criminals and spies?

Now, next, which serious projects (not snake-oil security phone companies) focus on phone hardening?

So, in what way is he not attacking @GrapheneOS ?

(Perhaps ironically, he is also attacking iOS and Pixel OS, but that will whoosh past his audience, since most people do not know about Apple/Google's hardening efforts).

@GrapheneOS
they dont like free competiting with their paid services/products?

"And, my friends, in this story you have a history of this entire movement. First they ignore you. Then they ridicule you. And then they attack you and want to burn you. And then they build monuments to you." - Nicholas Klein, trade union attorney (1918) [Often attributed to Schopenhauer 1819, or Gandhi 1920]

Ted's Tech Tips 15h ago

@GrapheneOS What's a more solid solution for blocking ads/trackers than DNS filtering?

Andrey [0xdc, 0x09];15h ago

@tedstechtips @GrapheneOS
Probably a local MitM (e.g. AdGuard), but that increases attack surface a lot

@tedstechtips @GrapheneOS I think DNS or an adblock browser plugin is your best best. However, the point of the post is about tracking and privacy more broadly which includes not allowing apps to have certain information in the first place. That's why GOS put effort into sandboxing Google Play, file scope, contacts scope, etc.

@tedstechtips @GrapheneOS Allowlisting requests & assets by default (yes this also breaks everything by default until one allows strictly what they need).

Unfortunately umatrix died a while ago and I'm not aware of anyone else doing it to anywhere near the same degree as it did.

An additional problem is that if the "legitimate" destination is also malicious, umatrix cannot help.

@leX 🤘🏻4h ago

@lispi314
Have a look at uBlockOrigin's "Hard mode":
https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode
Here scripts, frames, CSS and images are blocked by default.
@GrapheneOS @tedstechtips

@GrapheneOS So just the basic stuff you can already get from a pi-hole, DDG app tracking protection etc.

Ted's Tech Tips 15h ago

G̸u̸a̸l̸t̸i̸e̸r̸o̸15h ago

When Asked about age verification on their support forum, @murena buried and merged my question onto another topic which:
- had nothing to do with it;
- would have been closed after a couple of days not allowing more replies;
- and been vague about it, infact not stating their position.

Not really what you would expect from a company praising Privacy as their flagship.

Shame on me for being so naïve to trust them, and those who bought their devices

https://community.e.foundation/t/uk-government-voting-on-age-verification-for-vpn-users/78533/44

UK Government Voting On Age Verification for VPN Users

A form of age verification is likely to happen, also within the EU, and I don’t disagree with this in principle, because I see how young people are vulnerable. What I do disagree with is if this is left to the market and this becomes just another source of information for companies to better micro target advertisements. Reading the weathervane, it’s the most achievable to try to convince lawmakers of the dangers of that and to develop a tool that will just reveal the bare minimum (adult or no) a...

/e/OS community

@GrapheneOS to be fair they don't promise security, only privacy. at least in their foreword on their website here.

I don't think it's by accident that they don't even use the word secure, or security, on the whole page.

https://e.foundation/e-os/

I've seen claims before where they claim it's better than GrapheneOS. But in what regard? Maybe degoogling and having alternatives pre-installed? GrapheneOS is probably more involved to get the same apps. That's the only way /e/ is better in my opinion

/e/OS - e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data

ECOSYSTEMKEY FEATURESGET /E/OSNEED HELP /e/OS is a complete, fully “deGoogled”, mobile ecosystem /e/OS is an open-source mobile operating system paired with carefully selected applications. They form a privacy-enabled internal system for your smartphone. And it’s not just claims: open-source means auditable privacy. /e/OS has received academic recognition from researchers at…

@GrapheneOS but I'm fine with not even comparing them. grapheneos is an OS and /e/ is a ROM

HybridStaticAnimate 15h ago

@codebam @GrapheneOS They are both operating systems. ROM is an inaccurate term.

@HybridStaticAnimate @GrapheneOS well it is a ROM in the sense that you flash it with TWRP, or you can

@HybridStaticAnimate @GrapheneOS GrapheneOS is a factory image and is used with a locked bootloader

HybridStaticAnimate 15h ago

@codebam @GrapheneOS Yes, that doesnt mean anything in this context though.

HybridStaticAnimate 15h ago

@codebam @GrapheneOS This does not make something a ROM. ROM is an inaccurate term.

@HybridStaticAnimate @GrapheneOS fair enough, I was just calling it a ROM in the sense that it's just as insecure, if not more, than the ROMs (or operating systems) people were flashing directly to their /system and /data partitions back in like 2014

HybridStaticAnimate 15h ago

@codebam @GrapheneOS

They dont provide privacy. So a promise is already broken. But beyond that, privacy cannot exist without security. They arent mutually exclusive, they are intertwined. To ignore security means you are not a privacy project.

E/ is not better at degoogling. GrapheneOS does not connect to any google servers, run any google play code, have any privilege google services, etc. Sandboxed google play is sandboxed and must be installed by the user. All default connections are to first party servers hosted by GOS. It is not more involved to get the same apps, google or otherwise.

Claudius Link 8h ago

@HybridStaticAnimate @codebam @GrapheneOS

That it must be installed by the user doesn't make it different.

IMHO the two app stores included in GrapheneOS are not sufficient for the vast majority of users.

If "every" user needs to install it to have a usable phone, it really is part of the attack surface.
(And yes, I'm aware the Play services are sandboxed on GrapheneOS which improves privacy and security)

It's a bit like delivering a computer without network functionality because it reduces the attack surface, and then blaming the user if they install network drivers.

@codebam @GrapheneOS
They don't "promote" security, at least not like Graphene does, that part is true, but can you really claim privacy without security? (Not in the literal sense, of course you can, what I mean is, is it ethical to do so?)
How can a phone be private while being easily penetrable?
In the theoretical sense, these are two different things, in the practical sense, you can have security without privacy, but you can't have privacy without security.

"heard that you were popping /e/"
"stop resorting to the vowel"

-Logic

idk I'm bored

@GrapheneOS woo interesting I didn't know those declaration from Gael 😵‍💫 about you as project

as a non-expert my first conclusion is that someone like Duval is working for state agencies if he's working to diminish security for us mere mortals

Blue Luma 15h ago

@GrapheneOS I don't think you should attack frontally others like that whenever 😶

Reminding security is privacy is good.
Responding to attacks is good (which is not the case *here*)

I understand its CEO and the Murena company might have attack the GrapheneOS project in the past, and responding to that was normal too.

But I don't see attacking /e/OS like that often as a positive feedback in general. A simple reminder could have been enough.

❤️ on the GrapheneOS project btw

Blue Luma 15h ago

@GrapheneOS I prefer seeing post about GrapheneOS or Android security from your account than continous attacks on other projects (even if they are legitimatel), but that's my personal opinion

@blueluma @GrapheneOS

"I don't think you should attack frontally others like that whenever"

Gael Duval attack GrapheneOS, GrapheneOS responds to these attacks.

"I understand its CEO and the Murena company might have attack the GrapheneOS project in the past"

It's not in the past, these attacks are recuring, and he does it again in this recent video. Duval has been waging a disinformation campaign against GOS for years.

Blue Luma 12h ago

@Xtreix @GrapheneOS this post does not respond to a direct attack as far as I know