Zum Inhalt der Seite gehen

mastodon - Link zum Originalbeitrag
A false narrative is being pushed about GrapheneOS claiming we're ending operations in France due to the actions of 2 newspapers. That's completely wrong. If both newspapers and the overall French media had taken our side instead of extreme bias against us, we'd still be leaving.
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
We're ending operations in France and ending our use of French companies (mainly OVH) to provide services because of direct quotes by law enforcement in dozens of French news publications. Their inaccurate claims about GrapheneOS and thinly veiled threats were our sign to leave.
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
French law enforcement hijacked the servers of companies selling secure phones multiple times and is comparing us with those companies. They've made it clear they expect access to phones and will go after us if we do not cooperate. Cooperating with that means adding a backdoor.
Als Antwort auf GrapheneOS

webshinra
mastodon - Link zum Originalbeitrag
webshinra

I hope it's a bit of an excessive interpretation (and would be clearly illegal in french law) this day. But being someone aware of the dynamic of french politic, I would recommand that you (effectively) have the means to avoid persecution from our police, and protect your french users.

[I hope USA is also out of your choice for sensitive infrastructure]

Als Antwort auf webshinra

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@webshinra Our sensitive infrastructure for builds and signing are local machines within our physical control. Nearly all our internal communications are done via end-to-end encrypted Matrix chat rooms, but we do have an email server for at least initiating external communications prior to moving the important ones to Matrix. Our email server is hosted on OVH in Canada along with Matrix, Mastodon, our forum and attestation service. These 5 are the rest of what we plan to move away from OVH.
@webshinra
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
We were already moving away from OVH over time. We didn't have authoritative DNS or update mirrors on it anymore prior to this. We were only going to be using it for our website/network service instances which are tiny servers with only static content and reverse proxies.
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
We couldn't see any of the specific claims from French law enforcement until the news stories were published. French law enforcement are wrongly conflating GrapheneOS with products using portions of our code. Claims about our features, distribution and marketing are inaccurate.
Dieser Beitrag wurde bearbeitet. (2 Wochen her)
Als Antwort auf GrapheneOS

RFlorez
mastodon - Link zum Originalbeitrag
RFlorez
Evil authorities spreading half-truths to generate confusion.
Dieser Beitrag wurde bearbeitet. (2 Wochen her)
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
French law enforcement brought up SkyECC and Encrochat, two companies they went after with arrests and server seizures. They made it very clear they'll go after us similarly if they're able to conjure a good enough justification and we don't cooperate by providing device access.
Als Antwort auf GrapheneOS

xyhhx 🔻
mastodon - Link zum Originalbeitrag
xyhhx 🔻
dont you think you might be better off putting out a singular PR statement and moving your stuff without continuing to post about it? i get that it's been stressful but it'd probably have better optics than repeating the same things every couple of days
Als Antwort auf xyhhx 🔻

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS

@xyhhx French law enforcement is continuing to contact news agencies about it. They're continuing to publish news stories about it. We want our responses to that to be actively spread around too and that means continuing to post about it. Social media content is nearly dead a couple days later. Few people keep seeing it anymore.

News agencies will not publish our statements in full or at all. Many people are misrepresenting our statements. We want people to see it directly from us instead.

@xyhhx 🔻
Als Antwort auf GrapheneOS

xyhhx 🔻
mastodon - Link zum Originalbeitrag
xyhhx 🔻
maybe it'd be something @josephcox would write about, or some other high profile outlets
@Joseph Cox
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
Thinly veiled threats from law enforcement are quoted in several of the news article including archive.is/UrlvK. We don't store user data and cannot bypass brute force protection for encryption. Cooperating to provide device access means one thing: encryption backdoors.
Als Antwort auf GrapheneOS

2babcc
mastodon - Link zum Originalbeitrag
2babcc
Why don't you sue them now?
Als Antwort auf 2babcc

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@2babcc We aren't going to operate in France or travel to France so filing a lawsuit in France doesn't make much sense. Who would we sue? The lawsuits we could win most easily would be against /e/ and Murena for years of libel about GrapheneOS. Filing a lawsuit against a state agency as a foreign non-profit is probably not going to turn out well. We can't expect fair treatment in France's courts regardless.
@2babcc
Als Antwort auf GrapheneOS

2babcc
mastodon - Link zum Originalbeitrag
2babcc
Hire a lawyer in France to sue them instead of being there.
Als Antwort auf GrapheneOS

2babcc
mastodon - Link zum Originalbeitrag
2babcc
But that is really meaningless. You can't wake someone who's pretending to be asleep.
Als Antwort auf GrapheneOS

LΞX/NØVΛ 🇪🇺
mastodon - Link zum Originalbeitrag
LΞX/NØVΛ 🇪🇺

French enforcement are spinless, they are too afraid to go after google to break the hardware they prefer hit an open source software.

It's what coward do.

Als Antwort auf GrapheneOS

privacy_guru
mastodon - Link zum Originalbeitrag
privacy_guru
This is ridiculous. Short sighted, and frightening for all law abiding citizens who want to protect their privacy.
Als Antwort auf GrapheneOS

The Great Llama
mastodon - Link zum Originalbeitrag
The Great Llama
The other false narrative is that a "secure" backdoor can exist. It's been proven false, over and over.
Als Antwort auf The Great Llama

Bredroll
mastodon - Link zum Originalbeitrag
Bredroll
@TheGreatLlama the only semi viable way to do it is to be forced to give the authorities a firmware signing key. thats still open to corruption and abuse
@The Great Llama
Als Antwort auf Bredroll

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@Bredroll @TheGreatLlama GrapheneOS isn't capable of signing firmware for the secure element. The secure element also won't accept a valid signed firmware update with a greater version code until the Owner user successfully unlocks. That's the insider attack resistance feature which is one of our hardware requirements listed at grapheneos.org/faq#future-devi…. Google first implemented brute force protection with a secure element on the Pixel 2 and added insider attack resistance to prevent exactly that.

GrapheneOS Frequently Asked Questions

Answers to frequently asked questions about GrapheneOS.
GrapheneOS
@The Great Llama @Bredroll
Als Antwort auf GrapheneOS

Moté
mastodon - Link zum Originalbeitrag
Moté
hi there
Where are these dozens of news please? I've only seen two
Als Antwort auf GrapheneOS

Dr. BauBauS
mastodon - Link zum Originalbeitrag
Dr. BauBauS
France, j'avais une très haute opinion de toi, mais avec ce SNAFU, cela a changé.
Als Antwort auf Dr. BauBauS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@BauBauS France's people are very strongly against Chat Control and similar government actions but unfortunately the government does it anyway.
@Dr. BauBauS
Als Antwort auf GrapheneOS

Dielectric_Boogaloo
mastodon - Link zum Originalbeitrag
Dielectric_Boogaloo
wanted to try this OS so bad but it's all controversial and random fights about nothing with y'all. Shame, hopefully a battery alternative (maybe Linux based) is developed soon.
Als Antwort auf Dielectric_Boogaloo

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS

@Dielectric_Boogaloo Privacy and security are controversial. French law enforcement feels threatened by a handful of devices they can't break into with commercial malware. That's why these recent events in France are happening.

Many other groups feel threatened by GrapheneOS, especially companies selling phony privacy products making people much worse off than an iPhone.

GrapheneOS is a Linux-based OS. That's not a positive thing but rather the pragmatic reality of general purpose devices.

@Dielectric_Boogaloo
Als Antwort auf GrapheneOS

elenlaw
mastodon - Link zum Originalbeitrag
elenlaw
remember chat control? Germany voted against it only under the pressure.
Danger can be anywhere, now that politicians aimed at destruction of people's privacy.
Als Antwort auf elenlaw

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@elenlaw GrapheneOS privacy and security does not depend on server infrastructure but we still don't want our servers being hijacked by a state. We don't want them taking over our website or especially gaining access to our mail server used for external communications. Our internal communications are through end-to-end encrypted Matrix chat rooms, not email, so those are safe from surveillance through access to our servers. France is now a special case along with Spain, nowhere else yet.
@elenlaw
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@elenlaw We aren't going to put servers in a country like China in the first place but what we mean is that France and Spain are actively attacking GrapheneOS and are therefore special cases. We can avoid servers in the UK in the future too due to their hostility towards encryption, but so far they aren't attacking GrapheneOS. Our concern is having servers in countries or with providers based in countries where the state is actively hostile towards us. We don't even make an E2EE messaging app...
@elenlaw
Als Antwort auf 2babcc

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@2babcc We have authoritative DNS nodes in Singapore, Tokyo and Mumbai along with a website/network service node in Singapore. Once we see more traffic going to the Tokyo and Mumbai nodes, we could put web servers there too. There are no plans for additional locations in Asia in the near future. It would be nice to have an update mirror in Singapore but we it would be extremely expensive without sponsorship.
@2babcc