Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is only useful for pedophiles and spies.
Translation to English:
> There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything
> we do reduces attack surface. However, we don't have a "hardened security" approach, we aren't developing a phone for pedo(censored) so they can evade justice. So there aren't difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That's not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn't be legal in real life
> with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone.
Transcription in French:
> Il y a la surface d'attaque, là pour le coup on est pas des spécialistes de la sécurité, donc je ne pourrais pas te répondre avec précision, mais des discussions que j'ai eu, il semblerait que tout ce qu'on fait, ça réduit la surface d'attaque. Donc oui, probablement ça aide. Par contre, on a pas une approche "sécurité durcie", on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice. Donc il y a pas des trucs pas possibles pour voir
> si la mémoire est pas corrompue, des trucs de sécu vraiment durcis qui pourraient être utiles clairement pour des dirigeants, dans les services secrets ou que sais-je. C'est pas notre but, notre but c'est de partir d'un constat, aujourd'hui nos données personnelles sont pillées en permanence et ça serait pas légal dans la vraie vie avec le courrier ou le téléphone, on veut changer ça. Donc on vous fait un produit qui change ça par défaut pour n'importe quelle personne.
GrapheneOS exists to protect users from having their privacy invaded by arbitrary individuals, corporations and states. Privacy depends on security. GrapheneOS heavily improves both privacy and security while providing a high level of usability and near perfect app compatibility.
/e/ has far worse privacy and security than the Android Open Source Project. They fail to keep up with important standard privacy and security patches for Android, Linux, firmware, drivers and HALs. They fail to provide current generation Android privacy and security protections.
For years, Gaël Duval has spearheaded a campaign to misrepresent GrapheneOS as not being usable, not compatible with apps and only useful to a tiny minority of people. He has repeatedly claimed GrapheneOS is for pedophiles, criminals and spies while claiming /e/ is for everyone.
It's hardly only GrapheneOS focusing on protecting users against exploits. Apple and Google have put a ton of work into it. Apple heavily focuses on privacy and security. That includes protecting against remote exploits, local exploits from compromised apps and data extraction.
GrapheneOS and iOS are both heavily focused on privacy and security. Both are gradually adding much stronger protections against apps/sites scraping data, coercion users into giving data via alternatives with case-by-case consent and increasingly strong exploit protections.
/e/ is far weaker in all of these areas compared to the standard Android Open Source Project on secure hardware. It doesn't keep up with standards updates and protections. It adds tons of low security attack surface and privacy invasive services. It's not in the same space as us.
/e/ and Murena devices are far worse for privacy and security than an iPhone. It's trivial to break into their devices remotely or extract data from them compared to an iPhone. They have weaker privacy protections from apps too. Their main approach to privacy is a DNS blocklist.
Their DNS blocklist can only block domains not used for useful functionality to avoid ruining usability. Meanwhile, the most privacy invasive behavior by apps is rarely ever split out into separate domains. Even for those, apps and websites can trivially evade DNS blocklists.
It's common for apps and websites to do everything through their own servers. That's best practice to avoid leaking API keys. It's increasingly common for invasive libraries to use hard-wired IPs and/or DNS-over-HTTPS to evade blocking. DNS filtering is increasingly less useful.
Murena is a for-profit company owned by shareholders including Gaël Duval. /e/ has a non-profit organization which is also led by Gaël Duval. /e/ includes paid services from Murena. /e/ very clearly exists to build products for Murena to sell in order to enrich the shareholders.
Despite being done for profit, /e/ receives millions of euros in funding from the EU on an ongoing basis. /e/ and Murena use extraordinarily inaccurate marketing to not only promote their products/services but also to mislead people about GrapheneOS and scare them away from it.
Recently, France's national law enforcement began fearmongering about GrapheneOS and smearing it with inaccurate claims. France's corporate and state media heavily participated. Many articles and also radio/television coverage misrepresented GrapheneOS as being for criminals.
Across French corporate and state media covering it, inaccurate claims by the state about features, distribution and marketing of GrapheneOS were wrongly presented as fact. Most of them didn't contact us and we weren't shown what was being claimed so we could properly respond.
Téléphones protégés utilisés par les narcotrafiquants : « Rien n’est inviolable ! »
Les téléphones Google Pixel équipés du système d’exploitation GrapheneOS permettent à des criminels de dissimuler leurs échanges. Johanna Brousse, magistrate spécialisée dans la lutte contre la cybercriminalité, explique quels sont les moyens de la justice pour contourner ce type d’outils.
/e/ and Murena are based in France. They've been pushing false narratives about GrapheneOS falsely claiming it isn't usable by regular people and doesn't benefit them for years. Duval has been making the ludicrous claim GrapheneOS is only useful to criminals and spies for years.
/e/ and Murena aren't on the same side as GrapheneOS. They're charlatans selling devices with poor privacy and atrocious security to earn money. They've spent years trying to undermine a legitimate privacy project and heavily use the same talking points as police state advocates.
Their marketing heavily focuses on avoiding Google and gives the impression they believe privacy means avoiding one company. Meanwhile, they add a bunch of Google services not present in the Android Open Source Project and give extensive privileged access to Google apps/services.
/e/ and Murena have their own privacy invasive behavior in their apps and services. One particularly egregious example is their supposedly private speech-to-text service sending user data to OpenAI without consent instead of doing most locally like Apple:
https://community.e.foundation/t/voice-to-text-feature-using-open-ai/70509
Voice to Text feature using Open AI
Thank you a lot for your positive and supporting comments about our new /e/OS Voice-to-text! Regarding its implementation in /e/OS, I’d like to explain a few things to explain why we have chosen an OpenAI STT API to implement it and how it’s going to evolve in the future: What we have learned from our experimentations with STT models that run locally on the smartphone for speech recognition: they work quite poorly, they make a lot of mistakes in voice recognition they are not able to mix la...
/e/ and Murena have repeatedly claimed GrapheneOS is for drug dealers, pedophiles, terrorists and spies. /e/ and Murena are anti-privacy. They're heavily profiting from marketing products as private but don't believe in it. /e/ is an authoritarian-aligned fake privacy project.
France is the most anti-encryption, anti-privacy and anti-security country in the EU. They've been doing a gradual crackdown on open source privacy projects including GrapheneOS and Signal with escalating smears and threats. /e/ and Murena are on the side of the police state.
@GrapheneOS
To be fair, Signal lies about their actual security, particularly regarding metadata protection.
https://passthesalt.ubicast.tv/videos/metadata-protection-in-instant-messaging-applications-a-review/#share
Olvid, a French IM, arguably offers better privacy than Signal, by design. But they are French, so I don't trust them either for the reasons you listed in this thread.
@simplex is way ahead of Signal and Olvid, privacy/security-wise.
Metadata Protection in Instant Messaging Applications: a Review
@x_cli @simplex We listed Signal as an example of another serious privacy project which Duval has repeatedly attacked and misled people about. It wasn't a recommendation of Signal over other options, but we don't agree with your assessment about Olvid.
We've never seen Signal lying about privacy or security. What exactly are you referring to?
We've seen /e/ and Murena doing it relentlessly and we can show many examples of it as we've been doing including here:
https://grapheneos.social/@GrapheneOS/116358370057342525
@GrapheneOS
Olvid offers better privacy than Signal because:
* it supports multiple identities, none tied to a real world identity or PII. Signal supports only one identity tied to a phone number;
* it can be installed from F-droid without Google services ; Signal can only be installed from the Google Play Store on Android. Both supports APK, though.
* servers can be decentralized/federated/self-hosted. Signal is centralized and hosted.
* server (message relay) is actually open source. Signal server source code is incomplete, often outdated.
* Servers do not rely on numerous service providers; only the one for the message relay; you can select your own TURN server for calls. Signal on the other hand depends on AWS, Cloudfront and Cloudflare for messaging/attachments.
This was in the previously linked video. Here are the slides if you don't want to listen to it:
https://cfp.pass-the-salt.org/media/pts2025/submissions/7K9MEV/resources/PTS2025-TALK-25-metadata_prot_in_instant_msg_apps_LsHI6ZN.pdf
Signal lies about their security level in multiple ways:
* inducing a false sense of security by pretending they collect any metadata except the time of account creating and last message retrieval: their infrastructure depends on many subcontractors, none of which make any privacy claims about not collecting data;
* they can silently and selectively disable sealed senders;
* they have a history of ignoring security reports sent to them, sometimes for months or years;
* they obviously can have so much more data than what they pretend, like all metadata regarding group size and management, prekeys requests/refresh, last connection IP address, connection frequency, etc. We have to trust them for not collecting them. That's not security. That's blind trust.
Regarding /e/ and Murena, I don't know anything about them. I'm not gonna advocate for them or anything.
@simplex
@x_cli
> it supports multiple identities, none tied to a real world identity or PII
Multiple instances of Signal can be used on the same device at a time. Contact discovery and sharing of the phone number can and should generally be disabled. It's an anti-spam mechanism to still require it despite having usernames. There are non-KYC services for phone numbers available.
> Signal can only be installed from the Google Play Store
No, Signal is available outside the Play Store in multiple ways.
@GrapheneOS
> Multiple instances of Signal can be used on the same device at a time.
Using GrapheneOS profiles sure but I don't know how people using other OSes can. Maybe I am missing something?
> There are non-KYC services for phone numbers available.
Services with no KYC may exist in some countries. Even if there is no KYC, you still need to pay in cash or other kind of untraceable currencies, and get the SIM card without being filmed. That can be done, but to be honest, it is just easier to rely on a service not relying on a phone number 🤷
Olvid and SimpleX do not need a phone number to be protected against spam.
> No, Signal is available outside the Play Store in multiple ways.
I know about APK installation and I mentioned it. I don't know about other installation mechanism.
On signal.org/download, the only advertised installation options for phones are the official app stores.
@x_cli https://silent.link/ exists and takes payment in Monero. In fact, they don't accept fiat payments at all. Data SIMs are a $9 flat fee and it's $98/year for SIMs with inbound SMS support usable for validating phone numbers for use with WhatsApp, Signal and many other apps requiring it. It's a requirement for many apps and therefore it's useful to have a private phone number for activations in general. It's not an obscure service and many GrapheneOS users are actively using it already.
@x_cli Android secondary user profiles, work profiles and Private Space profiles are all standard features. Those aren't specific to GrapheneOS. There are major improvements to the privacy, security and usability of secondary users and profiles in general as part of GrapheneOS but they work fine in AOSP and the stock Pixel OS. Certain Android OEMs disable secondary user support but they mostly aren't disabling Private Space and we're not aware of any disabling support for work profiles.
@GrapheneOS
I stand corrected. Thanks!
I did not know this was a thing in AOSP! I believe these are recent features, because I do not recall having them on my phone before I switched to GrapheneOS.
GrapheneOS
Alyx ⏚