Mastodawn

Kuketz-Blog 🛡Apr 12

Ich bin dem offiziellen GrapheneOS-Konto gerade entfolgt – nicht, weil ich das Projekt nicht schätze. Im Gegenteil: GrapheneOS ist im Bereich mobiler Sicherheit/Privacy weiterhin die beste Option.

Was mich stört, sind die ständigen Seitenhiebe auf /e/OS, CalyxOS und andere Custom-ROMs - auch wenn die Kritik völlig legitim ist. Aber ich folge dem Account, um etwas über GrapheneOS zu lesen, nicht um regelmäßig zu erfahren, was andere in den Sand setzen. Wer ein starkes Projekt hat, sollte es für sich sprechen lassen.

#GrapheneOS #Android #Privacy

/kuk

@kuketzblog LineageOS is by far the most used alternative mobile OS and yet we don't have threads on our timeline about it. That's because LineageOS as an organization isn't misleading people about GrapheneOS and trying to harm us.

/e/ and their supporters are engaging in concerted efforts to mislead people about GrapheneOS and cause personal harm to our team. Each of our threads about it has been made to provide accurate information in response to their inaccurate claims about GrapheneOS.

GrapheneOS Apr 12

@kuketzblog /e/ has spent years widely propagating inaccurate claims that GrapheneOS isn't a privacy project, doesn't work on privacy, isn't aimed at regular people, isn't usable, isn't compativle with apps, is difficult to install and much more.

/e/ have repeatedly pushed the false claim that GrapheneOS is primarily useful to criminals and that the userbase largely consists of criminals. They've expanded this to claiming security hardening primarily benefits criminals.

https://grapheneos.social/@GrapheneOS/116353973732143171

GrapheneOS Apr 12

@kuketzblog Legitimate privacy projects and organizations would not push the narrative that privacy and security are primarily beneficial to criminals or that the userbase of projects like GrapheneOS and Signal primarily consists of criminals. This isn't a one time incident but rather a consistent narrative from /e/.

/e/ and Murena laid the groundwork for France's national law enforcement and corporate/state media using the same talking points to attack the GrapheneOS project alongside them.

GrapheneOS Apr 12

@kuketzblog France's national law enforcement has increasingly gone after apps and devices which are regarded as providing people with privacy and security regardless of the merit to that marketing. In their interviews with the media about GrapheneOS, they made direct reference to past arrests and server takeovers targeting multiple companies and said they would go after us similarly if they could justify it. This is a serious matter and efforts by /e/ and Murena to help them are a big deal.

KMJ 🇦🇹Apr 12

@GrapheneOS Also me, a huge fan of GrapheneOS, never touched these brands, feels irritated of this posting flood advertising other OS. As always, also bad news is news, mentioning others by name is the wrong way. Posting the hugh advantages of GrapheneOS maybe also with telling the people out there what it is and what others - without naming them - have not is fine an good to introduce #GrapheneOS as OS and brand.

For other things probably a lawyer filing things is better.

GrapheneOS Apr 12

@kuketzblog Our most important infrastructure for builds and signing has always been on local hardware.

We were concerned about our authoritative DNS, website and other services being hijacked based on direct threats and escalating false narratives of GrapheneOS being for criminals. OVH was previously our main hosting provider and is based in France. OVH directly facilitated those past server takeovers.

We no longer have servers in France or with hosting providers based in France due to this.

Linux Is Best Apr 12

@GrapheneOS @kuketzblog

OVH started falling under U.S. Jurisdiction when OVH US LLC became a thing.

A lot of corporations (many) will start in "X" (random value) country, but be owned or relocated "Y" (random value). A lot of times its for tax purposes, but that still places the corporation or non-profit within jurisdiction.

It took me a considerable amount of effort to develop a list of web hosting providers outside U.S. Jurisdiction.

https://codeberg.org/Linux-Is-Best/Outside_US_Jurisdiction/src/branch/main/Web_Hosting.md

Outside_US_Jurisdiction/Web_Hosting.md at main

Outside_US_Jurisdiction - Digital Service Providers outside the jurisdiction of the United States of America.

Codeberg.org

GrapheneOS Apr 12

@Linux @kuketzblog The issue is much less about surveillance and more about whether GrapheneOS, Signal and other projects will remain legal. European governments do plenty of their own surveillance regardless.

Have you seen https://notes.valdikss.org.ru/jabber.ru-mitm/ already?

France's government is leading a crackdown on end-to-end encryption and secure devices in Europe. They're very strong advocates for laws restricting privacy and security across the EU but are constrained by far more pro-privacy governments.

Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service —

GrapheneOS Apr 12

@Linux @kuketzblog France's government need to be successful in having EU laws passed in order to crack down on end-to-end encryption and secure devices in practice.

GrapheneOS is fully legal under EU and French laws. That's why they're trying to smear GrapheneOS with the false claims that it's primarily useful to criminals, primarily used by criminals and catering to criminals because they want to justify going after it under existing laws by creating a false basis for doing it.

GrapheneOS Apr 12

@Linux @kuketzblog France may end up electing a series of governments far friendlier to privacy which stop law enforcement from continuing to abuse their powers. On the other hand, they may elect a government which exits the EU and unties their hands when it comes to passing anti-privacy laws. Currently, they're constrained from implementing what they want by EU law. It wouldn't be the case anymore if France left the EU. Look at what has happened with privacy rights in the UK after they left.

@Linux @GrapheneOS @kuketzblog your claims about OVH US vs OVH and US juridiction show you don t know how both entities operate with each other.

Linux Is Best Apr 23

@_bapt_ @GrapheneOS @kuketzblog

Does a US division exist? YES, than that is a problem.

You cannot cherry pick, and if you think you can, you don't know how the applied world works.

GrapheneOS Apr 12

@kuketzblog Privacy and security weaknesses are widely abused. GrapheneOS has far more work to do improving both privacy and security to protect people from increasingly widespread violations of their human rights through their computing devices.

/e/ and Murena are heavily pushing the narrative that providing stronger privacy and security beyond avoiding certain apps and services only benefits a tiny group of people. It's divorced from reality and they've aligned themselves aith authoritarians.

The Cheekqualizer Apr 12

@GrapheneOS @kuketzblog I do use GrapheneOS and like it a lot. But by gosh, you spend a lot of time beefing with other OSes

GrapheneOS Apr 12

@cheekqualizer @kuketzblog They say stronger privacy and security than what they provide is only useful to pedophiles, criminals and spies. They've misled an enormous number of people about what GrapheneOS provides. Why shouldn't we be countering this and defending ourselves?

We had to migrate many servers from OVH because of these pervasive false narratives about GrapheneOS in France were beginning to put the safety of our users at risk with threats of action being taken against GrapheneOS.

The Cheekqualizer Apr 12

@GrapheneOS @kuketzblog it's a shame that its necessary. GrapheneOS has been a real pleasure to use. Very reliable and polished.

The Cheekqualizer Apr 12

I think I offended an operating system today

HybridStaticAnimate Apr 12

I wouldnt really call that offending an OS, they are just talking with you.

@GrapheneOS @cheekqualizer @kuketzblog i have to admit that I also thought about unfollowing you because of all the beef you are actively posting about. This feels like a large share of your overall communication and crowds out the interesting stuff.
For now I have resorted to just skipping that stuff, but would be happy if there is some less vocal communication.
Sometimes it just not worth feeding the trolls

HybridStaticAnimate Apr 12

@cheekqualizer @GrapheneOS @kuketzblog

They dont spend any time beefing with anyone.

Haystacks Tech Apr 13

@GrapheneOS @kuketzblog I wish I could find a desktop Linux distro taking as strong a stance as you guys against the age-verification BS! Finding good software backed by people with a bavkbone is getting increasingly difficult these days!!

@GrapheneOS, I love you guys and am thankful for what you are doing! And you are 100% right, but maybe try to communicate with more humor and less finger pointing.

f_ 🇵🇸Apr 12

@GrapheneOS @kuketzblog I think criticism, while valid, doesn't have its place in a project account. It should probably be in some developer's fedi account, or if that's not possible, in CW in your project account. People sometimes want to read your account to learn about GrapheneOS news, not to learn about other people saying inaccurate stuff about it. By talking a lot about them you're (unintentionally) basically advertising for their content, giving them attention, and I'm not sure that's what you want.

You just can't fix every single article talking about GrapheneOS. But you can recommend reading the official documentation to users confused about them, or even you can get in touch with people writing about it to gently suggest corrections. Inaccurate claims aren't necessarily intentional.

GrapheneOS Apr 12

@fun @kuketzblog Our threads about this contain a lot of accurate information about GrapheneOS to address the inaccurate information about it. Most organizations would have a feed filled with marketing fluff with very little substance. We've been focusing on this recently because the attacks on us massively escalated since early March. If we post it elsewhere then it's not going to achieve the goal of widely informing people about the truth to address the inaccurate claims which are being made.

GrapheneOS Apr 12

@fun @kuketzblog We posted our recent thread about the podcast closely connected to /e/ and Murena which heavily promotes them as a reply to their post. We wanted the highly inaccurate claim that GrapheneOS isn't a privacy project and doesn't do much work on privacy to be addressed in their content. They clearly aren't willing to make a correction or to refer to our response and blocked us for our response addressing it. In order to have people see our response, we have to use our own timeline.

f_ 🇵🇸Apr 12

@GrapheneOS @kuketzblog I'm not saying it is inaccurate info.

Who is attacking your developers personally? Where? How? Why?

GrapheneOS Apr 12

@fun @kuketzblog Duval has heavily participated in attempts to baselessly portray our founder as insane, delusional, schizophrenic, etc. They mislead people about GrapheneOS and then respond to us addressing it with these personal attacks.

Here's an example where Gaël Duval was linking to harassment content targeting our founder with fabricated stories on a neo-nazi conspiracy site where the content was primarily sourced from Kiwi Farms:

https://archive.is/SWXPJ
https://archive.is/n4yTO

f_ 🇵🇸Apr 12

@GrapheneOS @kuketzblog Okay, Duval (and Rossmann/FUTO) are attacking you publicly.

Are individual (previous or not) users attacking your developers personally?

GrapheneOS Apr 12

@fun @kuketzblog /e/ users are heavily involved. They raid our chat rooms, send vile content via direct messages and emails, post replies to us and many others spreading libelous harassment content. They're doing a large portion of the work of causing harm to us by propagating the content and relentlessly harassing both our team and community. When there are posts about GrapheneOS on Hacker News, privacy subreddits, etc. they show up to mislead people about GrapheneOS and make personal attacks.

f_ 🇵🇸Apr 12

@GrapheneOS @kuketzblog (also, I recommend against linking to archive.is since that website and the whole family of archive.ph websites are involved in a harassment/DDoS campaign: https://arstechnica.com/tech-policy/2026/02/wikipedia-might-blacklist-archive-today-after-site-maintainer-ddosed-a-blog/)

GrapheneOS Apr 12

@fun @kuketzblog Which archive site should we use instead that's not going to take down what we archive upon request from the person engaging in attacks on us as archive.org will do?

f_ 🇵🇸Apr 12

@GrapheneOS @kuketzblog When did that happen, on what URL, by whom, and why?

f_ 🇵🇸Apr 12

@GrapheneOS @kuketzblog I'm asking just because I genuinely want to know how easy it is for someone harassing to do such a thing.

GrapheneOS Apr 12

@fun @kuketzblog They take down content upon request as a standard policy. It doesn't work for what we need.

https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org/

How do I request to remove something from archive.org? – Internet Archive Help Center

f_ 🇵🇸Apr 13

@GrapheneOS @kuketzblog I would archive to archive.org and in addition take screenshots if that's a concern. The advantage w/ screenshots also is that, assuming you just post them here, they will never go down unless your infra does (or you remove them)

Internet Archive: Digital Library of Free & Borrowable Texts, Movies, Music & Wayback Machine

f_ 🇵🇸Apr 13

@GrapheneOS @kuketzblog from what I can tell they don't remove unless there's a very good reason to

f_ 🇵🇸Apr 13

@GrapheneOS @kuketzblog "because grapheneos archived it to talk about it!!!!!" is I think not good enough of a reason for them to get rid of it

verified_transgender

@GrapheneOS it's not usable? I didn't realize. but what other choice do I have as a criminal? /sarcasm

Rebel Zhang Apr 13

@GrapheneOS @kuketzblog *compatible

Rebel Zhang Apr 13

@GrapheneOS @kuketzblog Are there usable secure operating systems for PCs? Qubes OS is very secure but also have a very steep learning curve.

Kuketz-Blog 🛡Apr 12

@GrapheneOS I’m aware of the situation, and I understand why you respond to it.

From my perspective, though, it would be better to put all of this into a dedicated blog post, FAQ, or similar resource people can refer to when needed. That would keep the information available without bringing the same broader conflict back to the main timeline again and again.

Personally, I mainly follow the account for updates about GrapheneOS itself. That is what I value most. The surrounding disputes may deserve a response too, but I think they would be better handled separately from the regular project communication.

I mean this constructively. I appreciate GrapheneOS and the work behind it. I would simply prefer the main account to focus more on GrapheneOS itself.

shadowwwind Apr 12

@kuketzblog @GrapheneOS agree, everytime my feed gets flooded by a post chain with these things I consider to unfollow.
However using just the RSS feed to follow updates doesn't really work for me because I don't want to read through all the internal and small changes. However things like the RCS update and network location I don't want to miss.

shadowwwind Apr 12

@kuketzblog @GrapheneOS and I follow your account because I care and want to see posts about GrapheneOS. If I would want to know thinks about e/OS i would go look for that.

Btw I also don't think e/OS is worth so much of your attention.

GrapheneOS Apr 12

@shadowwwind @kuketzblog The level to which people have been misled across platforms about GrapheneOS is extreme. People widely believe and propagate the incorrect claims that it's not a privacy project, not usable by regular people, only useful to people targeted by sophisticated attacks and much more. /e/ and Murena are currently the main source of these claims which has been the case for a while now. Their business model is predicated on convincing people there aren't better options.

GrapheneOS Apr 12

@shadowwwind @kuketzblog If someone isn't outraged about providing closer to reasonable privacy and security being portrayed as primarily useful to pedophiles, criminals and spies then they were never our target audience.

Our posts are well received on Bluesky and X. It seems the main issue here is people are using clients poorly displaying threads where each of our posts shows up in their feed separately instead of as a single thread. We can patch in long post support to Mastodon instead.

GrapheneOS Apr 12

@shadowwwind @kuketzblog Bluesky doesn't have long posts. We have to format everything we write to fit within Bluesky's character limit including how it weights URLs. Mastodon's standard hard-wired character limit isn't high enough for us to fit more than one of those into a single post. We can only even use 500 characters if we're strictly writing the content for Mastodon. If we patch Mastodon's character limit then we could post the whole thing as a single post but it's not a standard feature.

shadowwwind Apr 12

@GrapheneOS @kuketzblog then like Kuketz suggested, make a blog post, link that. Works on all those platforms

shadowwwind Apr 12

@GrapheneOS @kuketzblog neither of us ever questioned the situation. Both of us are aware of it.
Again, I follow your account to learn about GrapheneOS. I couldnt care less about murena or e/OS.

Outrage excels on X so that isn't surprising.

Also the client thing doesn't really matter. However I am starting to associate your account with posts with negative topics. I am starting to expect that I get annoyed when reading your posts. Annoyed about e/OS, yes.

shadowwwind Apr 12

@GrapheneOS But it makes me want to avoid your account because, I don't need negativity in my feed. And I don't care about e/OS. Let them be shit. Tell my why GrapheneOS is great.

shadowwwind Apr 12

@GrapheneOS and considering, that there is no such thing as bad publicity, you also need to evaluate, if responding to them at all is worth the attention you give them by it.
And if your time spend writing critiques of Murena could be better spend creating good publicity for GrapheneOS.
By responding to Murena you don't gain publicity yourselves.

@GrapheneOS @shadowwwind @kuketzblog but are these the sort of people that follow you on Mastodon? Because those people that are misleading or were mislead are probably not following you. So you are sort of preaching to the choir here - and are alienating the choir in the process...