GrapheneOS1d ago

Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is only useful for pedophiles and spies.

Translation to English:

> There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything

Show threadGrapheneOS1d ago
> we do reduces attack surface. However, we don't have a "hardened security" approach, we aren't developing a phone for pedo(censored) so they can evade justice. So there aren't difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That's not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn't be legal in real life
Show threadGrapheneOS1d ago
> with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone.
Show threadGrapheneOS1d ago

Transcription in French:

> Il y a la surface d'attaque, là pour le coup on est pas des spécialistes de la sécurité, donc je ne pourrais pas te répondre avec précision, mais des discussions que j'ai eu, il semblerait que tout ce qu'on fait, ça réduit la surface d'attaque. Donc oui, probablement ça aide. Par contre, on a pas une approche "sécurité durcie", on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice. Donc il y a pas des trucs pas possibles pour voir

Show threadGrapheneOS1d ago
> si la mémoire est pas corrompue, des trucs de sécu vraiment durcis qui pourraient être utiles clairement pour des dirigeants, dans les services secrets ou que sais-je. C'est pas notre but, notre but c'est de partir d'un constat, aujourd'hui nos données personnelles sont pillées en permanence et ça serait pas légal dans la vraie vie avec le courrier ou le téléphone, on veut changer ça. Donc on vous fait un produit qui change ça par défaut pour n'importe quelle personne.
Show threadGrapheneOS1d ago
GrapheneOS exists to protect users from having their privacy invaded by arbitrary individuals, corporations and states. Privacy depends on security. GrapheneOS heavily improves both privacy and security while providing a high level of usability and near perfect app compatibility.
Show threadGrapheneOS1d ago
/e/ has far worse privacy and security than the Android Open Source Project. They fail to keep up with important standard privacy and security patches for Android, Linux, firmware, drivers and HALs. They fail to provide current generation Android privacy and security protections.
Show threadGrapheneOS1d ago
For years, Gaël Duval has spearheaded a campaign to misrepresent GrapheneOS as not being usable, not compatible with apps and only useful to a tiny minority of people. He has repeatedly claimed GrapheneOS is for pedophiles, criminals and spies while claiming /e/ is for everyone.
Show threadGrapheneOS1d ago
It's hardly only GrapheneOS focusing on protecting users against exploits. Apple and Google have put a ton of work into it. Apple heavily focuses on privacy and security. That includes protecting against remote exploits, local exploits from compromised apps and data extraction.
Show threadGrapheneOS1d ago
GrapheneOS and iOS are both heavily focused on privacy and security. Both are gradually adding much stronger protections against apps/sites scraping data, coercion users into giving data via alternatives with case-by-case consent and increasingly strong exploit protections.
Show threadSean1d ago

@GrapheneOS to be fair they don't promise security, only privacy. at least in their foreword on their website here.

I don't think it's by accident that they don't even use the word secure, or security, on the whole page.

https://e.foundation/e-os/

I've seen claims before where they claim it's better than GrapheneOS. But in what regard? Maybe degoogling and having alternatives pre-installed? GrapheneOS is probably more involved to get the same apps. That's the only way /e/ is better in my opinion

/e/OS - e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data

ECOSYSTEMKEY FEATURESGET /E/OSNEED HELP /e/OS is a complete, fully “deGoogled”, mobile ecosystem /e/OS is an open-source mobile operating system paired with carefully selected applications. They form a privacy-enabled internal system for your smartphone. And it’s not just claims: open-source means auditable privacy. /e/OS has received academic recognition from researchers at…

Show threadMartin1d ago
@codebam @GrapheneOS
They don't "promote" security, at least not like Graphene does, that part is true, but can you really claim privacy without security? (Not in the literal sense, of course you can, what I mean is, is it ethical to do so?)
How can a phone be private while being easily penetrable?
In the theoretical sense, these are two different things, in the practical sense, you can have security without privacy, but you can't have privacy without security.
Show threadGrapheneOS15h ago
@mttn /e/ doesn't have similar privacy protections as GrapheneOS. Unlike GrapheneOS, /e/ connects to a bunch of Google services by default and also unlike GrapheneOS gives extensions privileged access to Google apps and services. We don't use the term degoogled and it's not the purpose of GrapheneOS but GrapheneOS does only connect to our own servers by default and does not give any privileged access to installed Google apps without the user explicitly enabling narrow forms via a few toggles.
Show threadGrapheneOS
@mttn /e/ fails to keep up with standard privacy patches and fails to provide standard privacy protections. /e/ has privacy invasive apps and services included. They have user tracking via a unique random identifier in their update client and multiple invasive services which are marketed as private when they aren't. They've had issues including leaking files stored in their cloud server to other users which turned out to clearly not actually be E2EE. Privacy also heavily depends on security.
1:10pmWeb