Reading this comment inspired me to ask a better question as I see it here How to best evaluate privacy tech/products and the company/team behind them? in order to have a more holistic discussion about the matter at large here.
What do you think?
I believe “possible” qualifies as a statement of speculation here, not an accusation, in a mere reply to another user, too
Edit: typo
I can think of two examples immediately. Their attacks on Techlore and Trail of Bits/iVerify were baseless.
1 Like
Perhaps my issue, then, is how the article frames their speculation: “GrapheneOS accuses [emphasis mine] Murena & iodé of sabotage”, as per Jonah:
I still stand my ground that they should be held accountable for the accusations they throw at other people, outside of this article. They have a history of this, with accusations involving Techlore and Privacy Guides, among others.
But this is a very different topic, not related to the article at all. We should make a new thread if anything to discuss their overall history of accusations and how rightful or wrongful, helpful or hurtful it is.
5 Likes
Yes, this is just not a good article to be honest lol
1 Like
Unfortunately it is hard to take GrapheneOS seriously on this topic because they do the same to other security/privacy projects instead of uplifting the community
I think the issue here is that GrapheneOS is focused on security. Privacy is secondary. In contrast, Murena and friends are less secure but more private than stock (not sure to what degree in terms of privacy since IIUC they have their own services and I haven’t really looked into them because their devices are insecure). IMO the main problem is they’re talked about as if they’re the same, so GrapheneOS and Murena and friends get brought up together pretty often, which I’m guessing really annoys GrapheneOS.
I think the issue here is that GrapheneOS is focused on security. Privacy is secondary
I feel this is very untrue. Privacy is GOS’s main goal, as per their stated goals on the their own site. Security hardening is a close second.
Im unfamiliar with Murena, so I can’t speak towards any comparisons
1 Like
I feel this is very untrue. Privacy is GOS’s main goal, as per their stated goals on the their own site. Security hardening is a close second.
Where on their website does it say privacy is their main goal? The home page that you linked always says “privacy and security.” If you’re just judging by the order they are presented, the FAQ says “security and privacy,” and privacy comes before security alphabetically.
If there were a situation where they had to choose between privacy or security for a specific feature, I fully expect that they would choose security. A basic example is microG vs. sandboxed Google Play, or how they recommend using the Play Store instead of alternatives.
2 Likes
Here is a list of GOS features. Many focus on privacy to an extent I haven’t seen in alternatives
Here’s a good thread on MicroG. Users have less control over the data it can access, opposed to GOS sandboxed Play services. It’s less private
Im not sure what you mean with the installer note. The only stores recommended after Play are Aurora & F-Droid. That’s a debate I don’t care to explore. But I think Accrescent is their first recommendation
1 Like
I am not saying they don’t care about privacy, I am saying they care about security more than privacy. Note that I think this is a good thing.
Regarding microG, from what I understand (I don’t use it), you can choose to simply not use a number of features that require network connections. You can sort of do this with sandboxed Play Services, but if you enable network access, you don’t really know what it’s sending to Google.
For the installers, they recommend using the Play Store followed by Accrescent (which has nearly no apps, so it’s pretty much insignificant atm), and they do not recommend F-Droid or Aurora (I don’t recommend Aurora either, just FYI). The Play Store requires a Google account, and it requires giving Play Services network access, among other negatives (some of which also apply to Aurora). They recommend the Play Store because it is more secure than using Aurora. They recommend grabbing apps from GitHub directly (which may require a token identifying your GitHub account if you have a lot of apps and use Obtainium) rather than using F-Droid because it is more secure (at least in their opinion, don’t want to argue about this).
2 Likes
Alright yeah I agree with all of this, have an internet point. I don’t have a quantitative method to compare the weight they put on privacy vs security
GrapheneOS’s developers have accused Munera of sending user speech data to OpenAI. However, I’m not sure if this was/is true or not because I also don’t use their services.
The Murena voice-to-text service included in /e/OS even sends user speech data to OpenAI with no local option compared to Apple and Google both offering offline speech-to-text support via local models which users can make sure is always used.
From the GrapheneOS’s developers’ eyes, the problem is not microG per se.
DivestOS, which has been discontinued, had mostly (not fully) unprivileged integration for microG unlike /e/OS and CalyxOS where it’s privileged. /e/OS and CalyxOS also have privileged integration for Android Auto and other Google apps/services. If you install Android Auto on /e/OS or CalyxOS, it’s a highly privileged app not running in the regular app sandbox and also receives extensive privileged access via special permissions only available to OS components. microG is similar.
TLDR: DivestOS using microG is fine because it has unprivileged access. Others using microG is not fine because it has privileged access.
Believe it or not, Privacy Guides generally concur with this, except for the Play Store part.
GOS team always emphasize no true privacy without security.
It is definitely true, but the true privacy they refer to is not what nomies like us think or desperately need.
The threat model hey used to develop GOS, assumes user will be facing the worest adversaries anyone could have, government.
So in their sense, yes, security does come first, and it is a good thing for everyone, cause we have a golden standard to follow.
I wont be too caught up by GOS TEAM’s way of saying things, and quite often they force their own pride and idea on others. We only need to focus and discuss on what they say, not how they say it.
3 Likes
GrapheneOS is a privacy project above everything else. Our work on security is to protect privacy, so it’s not a separate thing.
Privacy without the security to enforce it is like shōji—it only works if everyone plays along.
3 Likes
If I am not mistaken, didn’t they hire a community manager? Or are they not a paid member of the team?
I missed the Trail of Bits attack. What was that about?
Not sure how I feel about Trail of Bits. Their Algo script was useful back in the day when I needed to roll my own WireGuard tunnel, but that’s the only interaction I’ve had with their products. Recently read something somewhere about them (allegedly) working with Palantir, which didn’t sound so good.
PalantIr is a customer of their iVerify product. Which is related to the GOS baseless attack when they called iVerify malware because they were upset with iVerify making a big deal of a default app on Pixel devices that had admin access.
The offending app was a defunct demo app for Verizon branded Pixels that somehow was kept in all Pixel production software at the time. iVerify running on PalantIr company Pixels flagged it as a security concern. PalantIr then banned Pixels from their use as company phones and went all iPhone. Which further enraged GOS…
2 Likes
The accusations from GrapheneOS come in response to articles by Le Parisien and Le Figaro, which claimed criminals use a version of GrapheneOS equipped with a “fake Snapchat” page that wipes data when accessed.
I have been using GrapheneOS on Pixel 3A XL, and 7 Pro, and now 9 Pro XL, and this has never been a feature. Just sloppy reporting, because like it would have like taken them really no effort to actually try GrapheneOS.
The team cited a specific passage in the Le Parisien coverage as a “direct threat” from French law enforcement leadership (OFAC), implying that tech providers who do not provide backdoors will face legal consequences.
If that’s the case they did the right thing, because by the sound of it this backdoor would not be a targeted approach because there is no login or unique identifiers to use GrapheneOS. These agencies do not at all sound legitimate with these requests, guess that’s why its done with secrecy. This kind of behavior is exactly the same as what you can expect over here.
By hardening the base Android code, GrapheneOS would effectively “burn” the expensive exploits used by police and forensic firms like Cellebrite, making all Android phones harder to crack, not just Pixels running GrapheneOS.
As they should, as these are used by all criminals, including criminal authorities in criminal states (If you need to know about which ones I am thinking of, just think about the worst most restrictive places on earth).
6 Likes
Realistically though, if I had to choose between someone making a security focused OS that thinks the world is against them or loves everyone in the world, I’m going to pick the former every time LOL.
I use GOS and specifically got the Pixel for it after all the shit in Britain. If they think everyone is out to get them it can only be better for us, the GOS user. Besides it may be true at least in part.
Whats the saying? Just because youre paranoid doesn’t mean they aren’t out to get you.
4 Likes
FIY national french television (France Info) just aired a small documentary on the “drug dealer dual use phone” (Not the exact title but this was pretty much what it meant), relaying the police’s information and treating it as the absolute truth.
2 Likes