Przejdź do głównej zawartości
Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is only useful for pedophiles and spies.

Translation to English:

> There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything
Ten wpis został zedytowany (2 miesiące temu)

2 użytkowników udostępniło to dalej

GrapheneOS
> we do reduces attack surface. However, we don't have a "hardened security" approach, we aren't developing a phone for pedo(censored) so they can evade justice. So there aren't difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That's not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn't be legal in real life

Aral Balkanudostępnił to.

GrapheneOS
> with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone.
GrapheneOS
Transcription in French:

> Il y a la surface d'attaque, là pour le coup on est pas des spécialistes de la sécurité, donc je ne pourrais pas te répondre avec précision, mais des discussions que j'ai eu, il semblerait que tout ce qu'on fait, ça réduit la surface d'attaque. Donc oui, probablement ça aide. Par contre, on a pas une approche "sécurité durcie", on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice. Donc il y a pas des trucs pas possibles pour voir
GrapheneOS
> si la mémoire est pas corrompue, des trucs de sécu vraiment durcis qui pourraient être utiles clairement pour des dirigeants, dans les services secrets ou que sais-je. C'est pas notre but, notre but c'est de partir d'un constat, aujourd'hui nos données personnelles sont pillées en permanence et ça serait pas légal dans la vraie vie avec le courrier ou le téléphone, on veut changer ça. Donc on vous fait un produit qui change ça par défaut pour n'importe quelle personne.
GrapheneOS
GrapheneOS exists to protect users from having their privacy invaded by arbitrary individuals, corporations and states. Privacy depends on security. GrapheneOS heavily improves both privacy and security while providing a high level of usability and near perfect app compatibility.

Aral Balkanudostępnił to.

GrapheneOS
/e/ has far worse privacy and security than the Android Open Source Project. They fail to keep up with important standard privacy and security patches for Android, Linux, firmware, drivers and HALs. They fail to provide current generation Android privacy and security protections.
GrapheneOS
For years, Gaël Duval has spearheaded a campaign to misrepresent GrapheneOS as not being usable, not compatible with apps and only useful to a tiny minority of people. He has repeatedly claimed GrapheneOS is for pedophiles, criminals and spies while claiming /e/ is for everyone.
jose
woo interesting I didn't know those declaration from Gael 😵‍💫 about you as project
GrapheneOS
It's hardly only GrapheneOS focusing on protecting users against exploits. Apple and Google have put a ton of work into it. Apple heavily focuses on privacy and security. That includes protecting against remote exploits, local exploits from compromised apps and data extraction.
GrapheneOS
GrapheneOS and iOS are both heavily focused on privacy and security. Both are gradually adding much stronger protections against apps/sites scraping data, coercion users into giving data via alternatives with case-by-case consent and increasingly strong exploit protections.
GrapheneOS
/e/ is far weaker in all of these areas compared to the standard Android Open Source Project on secure hardware. It doesn't keep up with standards updates and protections. It adds tons of low security attack surface and privacy invasive services. It's not in the same space as us.
GrapheneOS
/e/ and Murena devices are far worse for privacy and security than an iPhone. It's trivial to break into their devices remotely or extract data from them compared to an iPhone. They have weaker privacy protections from apps too. Their main approach to privacy is a DNS blocklist.
GrapheneOS
Their DNS blocklist can only block domains not used for useful functionality to avoid ruining usability. Meanwhile, the most privacy invasive behavior by apps is rarely ever split out into separate domains. Even for those, apps and websites can trivially evade DNS blocklists.
GrapheneOS
It's common for apps and websites to do everything through their own servers. That's best practice to avoid leaking API keys. It's increasingly common for invasive libraries to use hard-wired IPs and/or DNS-over-HTTPS to evade blocking. DNS filtering is increasingly less useful.
GrapheneOS
Murena is a for-profit company owned by shareholders including Gaël Duval. /e/ has a non-profit organization which is also led by Gaël Duval. /e/ includes paid services from Murena. /e/ very clearly exists to build products for Murena to sell in order to enrich the shareholders.
GrapheneOS
Despite being done for profit, /e/ receives millions of euros in funding from the EU on an ongoing basis. /e/ and Murena use extraordinarily inaccurate marketing to not only promote their products/services but also to mislead people about GrapheneOS and scare them away from it.
GrapheneOS
Recently, France's national law enforcement began fearmongering about GrapheneOS and smearing it with inaccurate claims. France's corporate and state media heavily participated. Many articles and also radio/television coverage misrepresented GrapheneOS as being for criminals.
GrapheneOS
Across French corporate and state media covering it, inaccurate claims by the state about features, distribution and marketing of GrapheneOS were wrongly presented as fact. Most of them didn't contact us and we weren't shown what was being claimed so we could properly respond.
Ten wpis został zedytowany (2 miesiące temu)
GrapheneOS
Here are several particularly egregious examples:

https://www.leparisien.fr/faits-divers/telephones-proteges-utilises-par-les-narcotrafiquants-rien-nest-inviolable-19-11-2025-3PP34GIBAJGH3EZOVEJVT7OMU4.php

https://www.leparisien.fr/faits-divers/google-pixel-et-grapheneos-la-botte-secrete-des-narcotrafiquants-pour-proteger-leurs-donnees-de-la-police-19-11-2025-NTGPQE4JCNGEHLF7XGIQ3CCA2I.php

https://www.franceinfo.fr/faits-divers/narcotrafic-les-autorites-alertent-sur-l-utilisation-d-un-systeme-d-exploitation-de-telephone-pour-echapper-aux-forces-de-l-ordre_7631510.html

Gaël Duval and Murena participated in these attacks. They even spread harassment content towards our team and shared it with sites attacking us.

Narcotrafic : les autorités alertent sur l'utilisation d'un système d'exploitation de téléphone pour échapper

Ce dispositif permet d'assurer un haut niveau de confidentialité et de protection contre les intrusions. Selon les renseignements criminels, il intéresse les trafiquants de drogue en quête constante de nouvelles technologies.
franceinfo (Franceinfo)
GrapheneOS
/e/ and Murena are based in France. They've been pushing false narratives about GrapheneOS falsely claiming it isn't usable by regular people and doesn't benefit them for years. Duval has been making the ludicrous claim GrapheneOS is only useful to criminals and spies for years.
GrapheneOS
/e/ and Murena aren't on the same side as GrapheneOS. They're charlatans selling devices with poor privacy and atrocious security to earn money. They've spent years trying to undermine a legitimate privacy project and heavily use the same talking points as police state advocates.
GrapheneOS
Their marketing heavily focuses on avoiding Google and gives the impression they believe privacy means avoiding one company. Meanwhile, they add a bunch of Google services not present in the Android Open Source Project and give extensive privileged access to Google apps/services.
GrapheneOS
/e/ and Murena have their own privacy invasive behavior in their apps and services. One particularly egregious example is their supposedly private speech-to-text service sending user data to OpenAI without consent instead of doing most locally like Apple:

https://community.e.foundation/t/voice-to-text-feature-using-open-ai/70509

Voice to Text feature using Open AI

As I was reading the Murena’s terms of use I discovered that the voice to text feature introduced with e/OS/ 3.0 is using the Open AI API. That means our voice is sent to Open AI so they can translate it to text.
/e/OS community

Dźwiedziuudostępnił to.

GrapheneOS
/e/ and Murena have repeatedly claimed GrapheneOS is for drug dealers, pedophiles, terrorists and spies. /e/ and Murena are anti-privacy. They're heavily profiting from marketing products as private but don't believe in it. /e/ is an authoritarian-aligned fake privacy project.
Seth Jones
In a world of corporate and state over reach, anyone wanting privacy is the enemy.
GrapheneOS
France is the most anti-encryption, anti-privacy and anti-security country in the EU. They've been doing a gradual crackdown on open source privacy projects including GrapheneOS and Signal with escalating smears and threats. /e/ and Murena are on the side of the police state.
GrapheneOS
That interview is not Gaël Duval misspeaking but rather he's expressing views we've seen him communicate in written form many times before. He has repeatedly misled people about what GrapheneOS provides and claimed it's only useful to criminals. He supported those media attacks.
GrapheneOS
Gaël Duval has repeatedly spread harassment content targeting our team with fabricated stories and bullying. Perhaps all of this is because he wants to maximize profits for Murena, but how is he going to achieve that by claiming serious privacy and security is for pedophiles?
GrapheneOS
Here's a paywall bypass for the 2 paywalled articles above:

https://archive.is/UrlvK

https://archive.is/AhMsj

These are among the most egregious cases of France's corporate and state media presenting highly inaccurate state smearing of GrapheneOS as fact but there's much more.
Xtreix
And this thing is old, for example, back when the first versions of Firefox were released, France had demanded versions of Firefox with significantly reduced security to allow law enforcement agencies to take remote control of it. I didn’t know about it at the time; I was too young, but I know it happened.

During the gradual transition to encrypting the web, France was reluctant and initially wanted to limit encryption to states websites and banks.

Surveillance by the French government has taken an even more aggressive turn since 2015, following the Charlie Hebdo attacks.

The GDPR has so far proven ineffective, and it is mainly due to the censorship and decisions of the Constitutional Council and the Court of Justice of the European Union that the French government is prevented from going further than it would like, but every year, it tries to circumvent these decisions.
Ten wpis został zedytowany (2 miesiące temu)
jon_bon
30(-ish) toots yesterday and today on /e/. Have you considered increasing the character limit per toot? Perhaps one longer toot (let's say, 1500 characters? 3000?) could summarise all your views on this topic?
GrapheneOS
@jon_bon Why doesn't Mastodon provide configuration for character limit through the configuration file? If it provided it, we would increase the limit to a much larger value. Since it doesn't, we're not currently doing it. We don't really want to have to patch each release of Mastodon and make sure we don't miss any new places they reference the hard-wired value of 500. We could do that but we prefer using the unmodified package which is why we haven't done it yet.
@jon_bon
🏳️‍🌈 Happy Pride-onphan! 🏳️‍⚧️
Can't wait for your Motorola partnership to further legitimize GrapheneOS.
🏳️‍🌈 Happy Pride-onphan! 🏳️‍⚧️
@luckychronic https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/

They haven't announced the release date nor the phones that are getting GrapheneOS, only the partnership for now.

Motorola News | Motorola's new partnership with GrapheneOS

Motorola announces three new B2B solutions at MWC 2026, including GrapheneOS partnership, Moto Analytics and more.
marreroc (Motorola's Official Global Blog)
@Lucky
GrapheneOS
@mast0d0nphan @luckychronic We've said it should be in 2027 and likely not near the start of the year.
@🏳️‍🌈 Happy Pride-onphan! 🏳️‍⚧️ @Lucky
David Penfold :verified:
Le Parisien :

"Ces engins jusqu’à présent inviolés, qui protègent les communications et qui ne partagent pas les données sur les serveurs, sont un nouveau défi que le parquet cyber entend bientôt relever."

C'est exactement pareil avec Signal sur Android si on n'utilise pas le cloud, ils nous prennent pour des imbéciles.
Joe Vinegar
I boosted this out of sympathy, but are there public sources for these statements?
BohwaZ
@joe_vinegar Nope, GOS social account has been attacking other projects without providing any sources for years. And if you try to ask, they'll tell you to do your own research, or that you are part of a conspiracy… This is sad really.
@Joe Vinegar
Daniël
@bohwaz @joe_vinegar Ehm, the thread literally starts with a video? It's pretty clear who they are attacking.

Why are you defending a company that says "security is only for pedophiles and spies"?
@Joe Vinegar @BohwaZ
BohwaZ
@danieldk
I am not defending what they said. The video doesn't mention gos at all.
@joe_vinegar
@Joe Vinegar @Daniël
Daniël
@bohwaz @joe_vinegar Ok, I think we can at least agree that Gael Duval's statement implies that phones that do security hardening are for criminals and spies?

Now, next, which serious projects (not snake-oil security phone companies) focus on phone hardening?

So, in what way is he not attacking @GrapheneOS ?

(Perhaps ironically, he is also attacking iOS and Pixel OS, but that will whoosh past his audience, since most people do not know about Apple/Google's hardening efforts).
@Joe Vinegar @BohwaZ @GrapheneOS
Ten wpis został zedytowany (2 miesiące temu)
Daniël
@bohwaz @joe_vinegar Put differently, he is using the "think of the children"-argument to attack anyone who has better privacy and security than them.

This effort to make security and privacy suspect puts them really in the same camp as the people using similar arguments for Chat Control, weakening cryptography, mandatory age verification, etc. They are amplifying this "security is only for bad people"-narrative.

Murena is *not* a privacy company.
@Joe Vinegar @BohwaZ
Ten wpis został zedytowany (2 miesiące temu)
GrapheneOS
@bohwaz@mamot.fr @joe_vinegar Gael Duval didn't say this as a one-off statement in that interview on video. He has repeatedly specifically claimed GrapheneOS is only useful for pedophiles, criminals and spies in his posts across platforms. It's something he has said many times. Duval didn't specifically say he was talking about GrapheneOS in that video clip but he definitely has elsewhere. It's typical for people to lie about what we've said and pretend stuff which has happened hasn't.
@Joe Vinegar
GrapheneOS
We can extend our thread with archive links to statements by Duval attacking GrapheneOS and dismissing the privacy and security protections it provides in the same way. The people committed to attacking and undermining GrapheneOS including attacks on our team members with personal insults and fabrications will continue doing so. There's no point in trying to satisfy people who will keep moving the goalposts and claim we haven't provided evidence when we have.
DonCC
they dont like free competiting with their paid services/products?
Fla
same question, do you have a source about this funding? Genuinely curious.
GrapheneOS
@fla Here's one of many cases you can hear it in his own words:

https://www.projets-libres.org/en/podcast/e-os-a-degoogled-android-gael-duval-e-foundation-murena/

> The European Union has subsidized us to the tune of several million for this project.

You can find the details of the millions of euros in funding being given to /e/ and how /e/ is heavily influencing where the money is going. They're steering government funding towards themselves and projects aligned with them. Many of these projects have a history of attacking the GrapheneOS project and our team.
@Fla
David Penfold :verified:
So just the basic stuff you can already get from a pi-hole, DDG app tracking protection etc.
Sean
to be fair they don't promise security, only privacy. at least in their foreword on their website here.

I don't think it's by accident that they don't even use the word secure, or security, on the whole page.

https://e.foundation/e-os/

I've seen claims before where they claim it's better than GrapheneOS. But in what regard? Maybe degoogling and having alternatives pre-installed? GrapheneOS is probably more involved to get the same apps. That's the only way /e/ is better in my opinion

/e/OS - e Foundation - deGoogled unGoogled smartphone operating systems and online services - your data is your data

ECOSYSTEMKEY FEATURESGET /E/OSNEED HELP /e/OS is a complete, fully “deGoogled”, mobile ecosystem /e/OS is an open-source mobile operating system paired with carefully selected applications.
e.foundation
GrapheneOS
@codebam /e/ doesn't have similar privacy protections as GrapheneOS. Unlike GrapheneOS, /e/ connects to a bunch of Google services by default and also unlike GrapheneOS gives extensions privileged access to Google apps and services. We don't use the term degoogled and it's not the purpose of GrapheneOS but GrapheneOS does only connect to our own servers by default and does not give any privileged access to installed Google apps without the user explicitly enabling narrow forms via a few toggles.
@Sean
GrapheneOS
@codebam /e/ fails to keep up with standard privacy patches and fails to provide standard privacy protections. /e/ has privacy invasive apps and services included. They have user tracking via a unique random identifier in their update client and multiple invasive services which are marketed as private when they aren't. They've had issues including leaking files stored in their cloud server to other users which turned out to clearly not actually be E2EE. Privacy also heavily depends on security.
@Sean
Martin
@codebam
They don't "promote" security, at least not like Graphene does, that part is true, but can you really claim privacy without security? (Not in the literal sense, of course you can, what I mean is, is it ethical to do so?)
How can a phone be private while being easily penetrable?
In the theoretical sense, these are two different things, in the practical sense, you can have security without privacy, but you can't have privacy without security.
@Sean
Ten wpis został zedytowany (2 miesiące temu)
GrapheneOS
@mttn /e/ doesn't have similar privacy protections as GrapheneOS. Unlike GrapheneOS, /e/ connects to a bunch of Google services by default and also unlike GrapheneOS gives extensions privileged access to Google apps and services. We don't use the term degoogled and it's not the purpose of GrapheneOS but GrapheneOS does only connect to our own servers by default and does not give any privileged access to installed Google apps without the user explicitly enabling narrow forms via a few toggles.
@Martin
GrapheneOS
@mttn /e/ fails to keep up with standard privacy patches and fails to provide standard privacy protections. /e/ has privacy invasive apps and services included. They have user tracking via a unique random identifier in their update client and multiple invasive services which are marketed as private when they aren't. They've had issues including leaking files stored in their cloud server to other users which turned out to clearly not actually be E2EE. Privacy also heavily depends on security.
@Martin
HybridStaticAnimate
@codebam
They dont provide privacy. So a promise is already broken. But beyond that, privacy cannot exist without security. They arent mutually exclusive, they are intertwined. To ignore security means you are not a privacy project.

E/ is not better at degoogling. GrapheneOS does not connect to any google servers, run any google play code, have any privilege google services, etc. Sandboxed google play is sandboxed and must be installed by the user. All default connections are to first party servers hosted by GOS. It is not more involved to get the same apps, google or otherwise.
@Sean
Claudius Link
@HybridStaticAnimate @codebam
That it must be installed by the user doesn't make it different.

IMHO the two app stores included in GrapheneOS are not sufficient for the vast majority of users.

If "every" user needs to install it to have a usable phone, it really is part of the attack surface.
(And yes, I'm aware the Play services are sandboxed on GrapheneOS which improves privacy and security)

It's a bit like delivering a computer without network functionality because it reduces the attack surface, and then blaming the user if they install network drivers.
@Sean @HybridStaticAnimate
GrapheneOS
@realn2s @HybridStaticAnimate @codebam

> IMHO the two app stores included in GrapheneOS are not sufficient for the vast majority of users.

Our own App Store is the only one included in GrapheneOS. We don't bundle third party apps and services into the OS. Using those is entirely a user choice and will remain that way.

Our App Store provides Accrescent and the Play Store. If you think other apps such as Obtainium should be easily available then get those to submit their apps into Accrescent.
@Claudius Link @Sean @HybridStaticAnimate
Senioradmin
So, your recommendation is, if I don't want to buy a Google Pixel, to buy an iPhone instead of another Android phone which can run LineageOS? Just asking for clarification.
Blue Luma
I don't think you should attack frontally others like that whenever 😶

Reminding security is privacy is good.
Responding to attacks is good (which is not the case *here*)

I understand its CEO and the Murena company might have attack the GrapheneOS project in the past, and responding to that was normal too.

But I don't see attacking /e/OS like that often as a positive feedback in general. A simple reminder could have been enough.

❤️ on the GrapheneOS project btw
Xtreix
@blueluma
"I don't think you should attack frontally others like that whenever"

Gael Duval attack GrapheneOS, GrapheneOS responds to these attacks.

"I understand its CEO and the Murena company might have attack the GrapheneOS project in the past"

It's not in the past, these attacks are recuring, and he does it again in this recent video. Duval has been waging a disinformation campaign against GOS for years.
@Blue Luma
Blue Luma
@Xtreix this post does not respond to a direct attack as far as I know
@Xtreix
GrapheneOS
@blueluma @Xtreix It's a response to a long series of attacks by Duval on GrapheneOS claiming it's only useful for pedophiles, criminals and spies. He didn't specifically name GrapheneOS as part of the interview we showed a clip from but he certainly has elsewhere on a regular basis. We felt people would take it more seriously with him saying it out loud in a video as opposed to his regular posts across platforms where he says it. That's why we chose this over the many other cases he did it.
@Xtreix @Blue Luma
SomeAnoTooter
@blueluma @Xtreix I also think it's not the best to directly attack them and others. Stating that GOS is better than others and how smooth it works can be presented in a better way. I'm not a PR specialist but disputing false claims maybe can be done in a better way without "sounding desperate". Sry not native English and therefore don't finding the right words.
GOS is strong and works nice and I I'm so excited about the Motorola cooperation. Keep on with this awesome work.
@Xtreix @Blue Luma
GrapheneOS
@SomeAnoTooter @blueluma @Xtreix The way we're handling it is working fine. /e/ and Murena are enemies of privacy as they've made clear by repeatedly claiming serious privacy protections are only for pedophiles, criminals and spies. This isn't the first time they're saying it.

They're promoting an approach where they avoid some Google apps/services while adding a bunch of Google services to the OS and use DNS filtering to block low hanging fruit but not the most privacy invasive behavior.
@SomeAnoTooter @Xtreix @Blue Luma
GrapheneOS
@SomeAnoTooter @blueluma @Xtreix DNS filtering is not a serious approach to privacy. It does not stop apps sending whatever they want to whoever they want. In practice, it does not stop nearly any of the most privacy invasive behavior because it's done via the same domains as the useful functionality and they aren't blocking that. It's trivial for apps to bypass and many are doing it by having fallback to hard-wired IPs or using their own DNS resolution from the beginning to entirely bypass it.
@SomeAnoTooter @Xtreix @Blue Luma
GrapheneOS
@SomeAnoTooter @blueluma @Xtreix Murena and /e/ are undermining privacy as a whole by repeatedly claiming in multiple formats that serious privacy and security protections as only being for pedophiles, criminals and spies. Since they're presenting themselves as advocates for privacy selling privacy products, the fact that they're pushing these talking points makes it far more damaging. It's going to contribute to the ongoing crackdown on privacy and encryption in France. They're not allies.
@SomeAnoTooter @Xtreix @Blue Luma

GrapheneOSudostępnił to.

Blue Luma
@Xtreix I've only watched the short section of the videos from the post, do you have a source of the complete video so I could watch it and see the direct attack to GrapheneOS in it as you mention 👀
@Xtreix
Ten wpis został zedytowany (2 miesiące temu)
Xtreix
@blueluma Duval's statement at 5:07:

“We don't have a hardened security approach, we're not developing a phone so that pedophiles (word censored in the video) can evade justice.

So there aren't any advanced features, like checking if the memory is corrupted, etc, really hardened features that might be useful for presidents, secret agents, and so on...”

The reference to a hardened phone intended for pedophiles is a direct reference to GrapheneOS, the only hardened mobile operating system available, as well as to phones compatible with the project and any other projects or devices that might adopt the same approach. These verbal statements follow a long series of false claims about GrapheneOS on social media.

He then states that this hardening may prove effective, but continues with the fallacious logic that it is useful only for high-value, targeted individuals or criminals, and that lambda people would never need it and would have no reason to use enhanced security to protect their data. He claims that GrapheneOS is for a minority and that /e/OS is for everyone.
@Blue Luma
Blue Luma
@Xtreix
> ... a direct reference to GrapheneOS, the only hardened mobile operating system available...

I thought (from this thread https://grapheneos.social/@GrapheneOS/116354085393739314) that iOS is (or can be) hardened as well as GrapheneOS, with some minor differences I think

GrapheneOS

2026-04-05 20:54:05


GrapheneOS and iOS are both heavily focused on privacy and security. Both are gradually adding much stronger protections against apps/sites scraping data, coercion users into giving data via alternatives with case-by-case consent and increasingly strong exploit protections.

@Xtreix
GrapheneOS
@blueluma @Xtreix We didn't say that but rather said Apple is doing similar work on seriously protecting people's privacy and security including from sophisticated attacks. Sophisticated attacks may be done by state actors but aren't exclusive to them. They're also hardly strictly very targeted attacks but rather are also deployed quite broadly. Apple has at least publicly taken a stance similar to GrapheneOS of trying to protect users against state surveillance with technical measures.
@Xtreix @Blue Luma
GrapheneOS
@blueluma @Xtreix We didn't compare the protections offered by them there but rather said we're working on similar things for similar reasons. It's a contrast with /e/ where these protections in both GrapheneOS and iOS are consistently being portrayed as only protecting pedophiles, criminals and spies. It's utter nonsense. The vast majority of people these protections benefit are none of those things. Violation of basic human rights by states is also pervasive and happens in the west too.
@Xtreix @Blue Luma
Blue Luma
I prefer seeing post about GrapheneOS or Android security from your account than continous attacks on other projects (even if they are legitimatel), but that's my personal opinion
GrapheneOS
@blueluma /e/, Murena and Duval have been continuously attacking the GrapheneOS project for many years. They've misled a huge number of people about what GrapheneOS provides. Many people wrongly believe GrapheneOS isn't for them because of this.

GrapheneOS is a highly usable OS with far broader app compatibility than /e/. Unlike /e/, GrapheneOS has major privacy enhancements instead of rolling back privacy compared to the Android Open Source Project. /e/ adds a bunch of invasive apps/services.
@Blue Luma

GrapheneOSudostępnił to.

GrapheneOS
@blueluma Gaël Duval has repeatedly claimed serious privacy and security projects are only for pedophiles, criminals and spies. They've specifically said this about GrapheneOS many times but have also attacked Signal before too.

Duval, /e/ and Murena aren't on the same side. They're doing what they think will make them money which is compromising between privacy and state access. They present protecting privacy from more than American corporations as nefarious. They're undermining privacy.
@Blue Luma

GrapheneOSudostępnił to.

Fla
can you link to posts / videos where Gael talks about Graphene please?
Catalyst A
and I, as an activist couldn't be anymore grateful for you!
Hari Prakash
lmao the "i HaVE noThINg To HIde" crowd, maybe he should make all of his emails and texts public and live stream his home security cams, I mean what is he trying to hide ? is he a PDF?
Ten wpis został zedytowany (2 miesiące temu)
Fabrice Desré
@murena Vous êtes sérieux ? Sous entendre que les systèmes sécurisés sont utiles pour que les pédophiles échappent à la justice ?

Vous étiez déjà dans le fond du panier en ce qui concerne la compétence technique, mais là c'est absolument lamentable.
@Murena - choose freedom!
Renan LE CARO
when we don't have masks we say they are useless against covid. When we don't have solid security we say it's for spies and pedos.

I understand that their focus is not on hardening but on building alternatives to google services, but that doesn't mean they need to talk like this about android hardening.
virkon
*sigh* once again the pedo* argument. Right in line with right wing folks in the EU chat surveillance is necessary because you know ....
Xtreix
I posted a comment on the video; apparently, my YouTube comments are visible again.
GrapheneOS
@7f12a48deefa2b96f073bc2a21bf5a5c09580a2110801deaee1d0dba8d3135b9 GrapheneOS is based in Canada, not France. However, we avoid strongly tying ourselves to Canada and are willing to move elsewhere if there are ever authoritarian laws which prevent us from continuing GrapheneOS in it. Laws which don't impact us directly aren't an issue. We did have multiple public-facing servers in France and had most of our public-facing servers hosted with a French company (OVH). We left those entirely behind.
@users/7f12a48deefa2b96f073bc2a21bf5a5c09580a2110801deaee1d0dba8d3135b9
GrapheneOS
@claude_champagne Here's a paywall bypass for the 2 paywalled articles above:

https://archive.is/UrlvK

https://archive.is/AhMsj

The third one doesn't have a paywall and there are many more similar articles across other sites. We didn't want to link the ones where our team was personally targeted by a tech news site heavily misrepresenting our statements and adding up the total amount of tweets we posted over a week mainly as replies to questions to misrepresent as being on our main timeline.
GrapheneOS
@cutesobri We used a manual translation for the quote we included in this thread but automatic translation is good enough for the articles. There are a only a few specific places in the content where we got a native French speaker to help out with making sure we were getting the full nuance of it including the parts with the not so subtle threats.
@Sobri | Zoe (she/her)
Vishnu2jd
Why do you guys act like every individual seeking a bit more privacy has the same highest level of threat level.

Not everyone needs to have world class security and privacy.

One wants to have reasonable privacy and security without affecting daily activities too much.

I am using vanilla lineage os on oneplus without any Google play services, not even microG.

My bootloader is unlocked. Its fine.

1/n
Vishnu2jd
I consider my threat level to be spying from big tech and government mass surveillance. And this lineage os works perfectly for that.

I don't even have pin/password for my phone cause I don't care, let alone locked bootloader

I blocked Google and Facebook at dns for most apps.
GrapheneOS
@Vishnu2jd Providing protection from corporate and government mass surveillance requires keeping up with important privacy patches and privacy protections which you don't have. It also requires adding much better privacy protections than the standard ones in the Android Open Source Project. GrapheneOS is adding far better privacy protections on an ongoing basis. It isn't something which has an end but rather is an ongoing process. Storage Scopes and Contact Scopes are important examples of it.
@Vishnu2jd
GrapheneOS
@Vishnu2jd Your device lacks essentially privacy and security patches, exposing you to exploits by unsophisticated attackers including apps taking advantage of missing privacy patches and protections to scrape data. Why doesn't that matter? You also don't have protection against someone who obtains your device being able to fairly easily extract all your data due to lack of strong protection against it unless your device is turned off and you use a strong passphrase such as 8 diceware words.
@Vishnu2jd
GrapheneOS
@Vishnu2jd It's nearly certain you actually use a short PIN and that means it can be brute forced due to lack of a secure element performing throttling. You're probably taking it for granted that your data is protected by encryption, but with most older Android devices and many recent devices that's nto actually the case if you aren't using a strong passphrase. If the device isn't turned off then the security of the hardware, firmware and OS is very relevant too. MOST people care about this.
@Vishnu2jd
GrapheneOS
@7f12a48deefa2b96f073bc2a21bf5a5c09580a2110801deaee1d0dba8d3135b9 No, it doesn't have any laws with interfere with GrapheneOS and there aren't currently laws being proposed which would be an issue. There are laws being proposed which are eroding privacy in ways which don't directly impact us since we aren't hosting things like a non-E2EE email or messaging service. It's possible there will be issues in the future but there are already issues with laws being passed in the EU and some US states.
@users/7f12a48deefa2b96f073bc2a21bf5a5c09580a2110801deaee1d0dba8d3135b9
GrapheneOS
@Camille @mttn /e/ has very poor privacy and atrocious security. You should read https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private and then read the third party sources we included in our post from Mike Kuketz and Divested Computing. You should also look at the comparison by Eylenburg too which has input from multiple companies via the issue tracker where anyone can point out any issues with it or make suggestions.

/e/ is very clearly not a legitimate privacy project and Duval has authoritarian views against privacy.

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum
GrapheneOS Discussion Forum
@Camille @Martin

GrapheneOSudostępnił to.

GrapheneOS
@jsa @cutesobri The translation we posted in our thread was done by multiple native French speakers. It was thoroughly reviewed and the fine details and nuances of it were combed over repeatedly in a public channel. It's absolutely an accurate translation. You're trying to spin Duval's authoritarian anti-privacy views into something else. Duval has repeatedly made these claims in both French and English that GrapheneOS is only useful to pedophiles, criminals and spies. It wasn't a single time.
@jsa @Sobri | Zoe (she/her)
jsa
@cutesobri No the translation is clearly not accurate. What G.D. says in french is the /e/ fundation builds an os you could not trust to hide from heavy investigations. In the mainlines, if you're pedocriminal, spy, executive, whatever, their operating system is not build for, it is (just) built to reduce everyday footprint in daily usage.
@Sobri | Zoe (she/her)
Ten wpis został zedytowany (2 miesiące temu)
GrapheneOS
@jsa @cutesobri /e/ fails to keep up with crucial standard privacy and security patches. It fails to provide important standard privacy and security protections. They add a bunch of Google services compared to the Android Open Source Project and give those highly privileged access. They integrate giving highly privileged access to Google apps too. They include their own privacy invasive services including their speech-to-text quietly sending user data to OpenAI while Apples defaults to local.
@jsa @Sobri | Zoe (she/her)
GrapheneOS
@jsa @cutesobri /e/ isn't what Duval claims it is but rather is a half-baked fork of LineageOS marketed as private when in reality it greatly rolls back privacy and security compared to LineageOS. /e/ and Murena are misleading people into buying products which leave them far worse off in regards to not only security but also privacy than if they'd simply bought an iPhone instead. /e/ claims to be about privacy but yet advocates for invasive state surveillance capabilities. That's a trojan horse.
@jsa @Sobri | Zoe (she/her)
Fnordinger
@jsa I don’t know. They literally say “We don’t develop a phone for pedophiles to evade justice.” (“[…] on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice.”) Pedocriminals seem to be the main example they chose. They could’ve focused on other groups and instead mention secret services and the like. @cutesobri @GrapheneOS
@GrapheneOS @jsa @Sobri | Zoe (she/her)
jsa
@Fnordinger @cutesobri Is @GrapheneOS developping for pedocriminals ? To my knowledge no, but your assumption presuppose this. Do not forget that these are criminals, hence act like such. If a government approved tool serve their idiotic interests, they'll use it, legally or not, will you tell this tool is for criminals ? I think, the way G.D. speaks between words means : pedocriminals, we do not need and do not want you as users and I do not see any link to grapheneos in this.
@GrapheneOS @Fnordinger @Sobri | Zoe (she/her)
GrapheneOS
@jsa @Fnordinger @cutesobri Your attempt at spinning what was said by Gaël Duval is completely pointless because he has repeatedly made these statements in both French and English across platforms. He has repeatedly smeared GrapheneOS with the ludicrously false claim that it's only useful for pedophiles, criminals and spies. This isn't a one-off statement by him but rather a consistent belief he holds. Duval has consistently claimed serious privacy and security protections are morally wrong.
@jsa @Fnordinger @Sobri | Zoe (she/her)
GrapheneOS
@jsa @Fnordinger @cutesobri Duval's consistent statements smearing providing far more serious privacy and security protections are going to contribute to the ongoing crackdown on privacy and security in France. It's clear why Duval is doing it. /e/ is a heavily government-supported project and heavily marketed based on it being based in France and the EU. He wants the government to crack down on far more private and secure options while sparing his products. He's consistently driven by greed.
@jsa @Fnordinger @Sobri | Zoe (she/her)

GrapheneOSudostępnił to.

GrapheneOS
@jsa @Fnordinger @cutesobri A prominent project and company repeatedly smearing serious privacy and security protection as only being for pedophiles, criminals and spies is a very serious matter. It's sabotage of the privacy movement as a whole and is going to have serious consequences. Everyone promoting /e/ and Murena is putting Duval in a position where he can further undermine privacy by presenting doing more than avoiding Google apps as being for criminals. /e/ is a trojan horse.
@jsa @Fnordinger @Sobri | Zoe (she/her)

GrapheneOSudostępnił to.

jsa
@cutesobri @cutesobri I'm native french speaker, and everything you post here can just be considered as fud, you do not give any source details on your assumptions. As I said earlier today, just make short posts, linking to a page which makes an inventory of the sourced grievances you got on people. Everyone, even you wil take benefits of this. You do not know me and directly tribute me goals I do not have. Just chill down, please.
@Sobri | Zoe (she/her)
Ted's Tech Tips
@jsa @Fnordinger @cutesobri The entire point that GOS is only used by criminals is such an exhausted and cliche argument at this point. It's used against almost any privacy/security project. It's the same argument that governments use to justify encryption backdoors, age verification, and many other invasive technologies.

I'm a "law-abiding citizen" by every metric and rulebook, but I use GrapheneOS because I don't want Google and many other companies tracking everything I do.

1/2
@jsa @Fnordinger @Sobri | Zoe (she/her)

GrapheneOSudostępnił to.

jsa
@Fnordinger @cutesobri I ear you. Just make your posts being sourced. It'll be less an harassement for everyone.
- Hey ! People ! Believe me ! This person tells garbage ! Whatch this excerpt and the translation !
- Khof! This excerpt does not complies with what you tell.
- This excerpt have been revieved by ... And if it is not exactly what I said, go find in the whole video, there must be a moment it will be said as I described. You want to smirch the project
- ...
@Fnordinger @Sobri | Zoe (she/her)
GrapheneOS
@nate @Vishnu2jd /e/ and Murena are misrepresenting what their products provide and leaving people far worse off in regards to privacy and security than if they simply used an iPhone. However, they're not limiting themselves to that. Instead,. they're sabotaging the privacy movement as a whole by portraying the far more serious privacy and security protections provided by iOS and GrapheneOS as only being useful for pedophiles, criminals and spies. /e/ is a trojan horse sabotaging privacy.
@Vishnu2jd @Nate
GrapheneOS
@x_cli @simplex We listed Signal as an example of another serious privacy project which Duval has repeatedly attacked and misled people about. It wasn't a recommendation of Signal over other options, but we don't agree with your assessment about Olvid.

We've never seen Signal lying about privacy or security. What exactly are you referring to?

We've seen /e/ and Murena doing it relentlessly and we can show many examples of it as we've been doing including here:

https://grapheneos.social/@GrapheneOS/116358370057342525

GrapheneOS

2026-04-06 15:03:44


Duval has a history of claiming serious privacy and security protections only help pedophiles, criminals and spies. He has explicitly smeared GrapheneOS this way repeatedly, but also attacks privacy projects in general as he did there.

/e/ and Murena products have poor privacy and atrocious security. Here's information on that with links to coverage by third party experts:

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private

We can make an expanded article with more info and more links to 3rd party experts included too.


Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum
GrapheneOS Discussion Forum
@Alyx @SimpleX Chat
LisPi
@tedstechtips Allowlisting requests & assets by default (yes this also breaks everything by default until one allows strictly what they need).

Unfortunately umatrix died a while ago and I'm not aware of anyone else doing it to anywhere near the same degree as it did.

An additional problem is that if the "legitimate" destination is also malicious, umatrix cannot help.
@Ted's Tech Tips
GrapheneOS
@lispi314 @tedstechtips That doesn't do anything to address the privacy invasive behavior built into the app's own services providing functionality. That's how the most privacy invasive behavior happens in practice other than cases where a site is tricked into including malware or one of the client side services they use is compromised. Filtering in the browser does work dramatically better than DNS filtering but even with an allowlist approach it has the same inability to deal with root issues.
@LisPi @Ted's Tech Tips
GrapheneOS
@lispi314 @tedstechtips Apps are increasingly doing it server side to avoid leaking API keys and having it filtered out by DNS filtering. Apps are also using the lazier approach of using client-side DNS resolution or fallbacks to IP addresses. Facebook has started using those approaches in their apps. Multiple Facebook apps including WhatsApp can still connect to some of their services without DNS working due to hard-wired IP fallbacks not depending on DNS resolution if it fails to connect.
@LisPi @Ted's Tech Tips
LisPi
@tedstechtips > That doesn't do anything to address the privacy invasive behavior built into the app's own services providing functionality.

Indeed, that's what I refer to as the '"legitimate" destination' first party being malicious.

Some however are lazy and externalize the enactment of their malice. They can possibly be used with reduced harm (through allowlisting) for some amount of time before they correct & apply their malice everywhere.
@Ted's Tech Tips
Ten wpis został zedytowany (2 miesiące temu)
GrapheneOS
@x_cli

> it supports multiple identities, none tied to a real world identity or PII

Multiple instances of Signal can be used on the same device at a time. Contact discovery and sharing of the phone number can and should generally be disabled. It's an anti-spam mechanism to still require it despite having usernames. There are non-KYC services for phone numbers available.

> Signal can only be installed from the Google Play Store

No, Signal is available outside the Play Store in multiple ways.
@Alyx
GrapheneOS
@x_cli https://silent.link/ exists and takes payment in Monero. In fact, they don't accept fiat payments at all. Data SIMs are a $9 flat fee and it's $98/year for SIMs with inbound SMS support usable for validating phone numbers for use with WhatsApp, Signal and many other apps requiring it. It's a requirement for many apps and therefore it's useful to have a private phone number for activations in general. It's not an obscure service and many GrapheneOS users are actively using it already.
@Alyx
GrapheneOS
@x_cli Android secondary user profiles, work profiles and Private Space profiles are all standard features. Those aren't specific to GrapheneOS. There are major improvements to the privacy, security and usability of secondary users and profiles in general as part of GrapheneOS but they work fine in AOSP and the stock Pixel OS. Certain Android OEMs disable secondary user support but they mostly aren't disabling Private Space and we're not aware of any disabling support for work profiles.
@Alyx
GrapheneOS
@blueluma @iceiceice /e/ and Murena have continued attacking GrapheneOS. Portraying privacy and security hardening as a whole as only being useful for pedophiles, criminals and spies is a new low. They've previously claimed GrapheneOS is only useful for criminals and spies, but they were specifically attacking GrapheneOS, DivestOS, Signal and several other projects rather than the broader claims made in the interview we showed above. You're disregarding most of what was covered in our thread.
@Blue Luma @kaya_
MattisCB
i fully understand that investing time and effort into a project can be frustrating when others profit from that work giving nothing back or denouncing this project for their profit.
But please reconsider your communication about graphene os. Everything from this account is constant bickering about how others disrespect you. That seems petty and unprofessional. I want to hear about developments, features, supported devices. For the rest: get a lawyer. Supporters will fund that.
Miguel Torrellas
Is it on yt? I want to hard sub it
Ten wpis został zedytowany (2 miesiące temu)
FUCK OFF GOOGLE, AMAZON &Co !!
Signal is still lying that the safest way to install is via the Google Playstore. This entails installing Google services on your phone AND accepting the terms and conditions set by Google. That's not safe at all, it's accepting dystopia.

Safest way is via the F-Droid store (@fdroidorg), using the GuardianProject repo (@guardianproject)
screenshot from https://signal.org/android/apk/ Signal Android APK Website distribution build The safest and easiest way to install Signal for Android is through the Google Play Store. Danger zone Advanced users with special needs can download the Signal APK directly. Most users should not do this under normal circumstances. Signal 8.4.2 [blue download button]
@Guardian Project @F-Droid
Ten wpis został zedytowany (2 miesiące temu)
David 🖋️
is this guy not reading the news?

The US Gov't and Chinese governments are sparing no expense to spy on everyone they possibly can. Tech companies are deploying surveillance networks inside homes and schools.

We're not just defending ourselves from teenagers trying to steal $500 from our PayPal account.
hambier
Why is this in my timeline again? Do you boost your own posts multiple times? Just to *attack* people and projects?

I *was* interested in Graphene, especially since the announcement of the Motorola cooperation, but this constant belligerance is despicable. I wish you luck, I'm unfollowing you. Enough is enough.
GrapheneOS
@hambier We boosted these posts due to ongoing attacks by /e/, Murena and their supporters on GrapheneOS across the fediverse and elsewhere. They're trying to mislead people with false claims that it isn't a privacy project, doesn't do much work on privacy, isn't usable by regular people, isn't targeted at regular people, isn't compatible with apps and much more. This video shows Duval claiming hardening is only useful for criminals and spies which is a consistent claim from /e/ and Murena.
@hambier
GrapheneOS
@hambier This video shows Duval attacking GrapheneOS and other hardening projects with authoritarian talking points. Our thread also addresses other inaccurate talking points about GrapheneOS including the claim that it isn't a privacy project. All of these threads have been written in response to a far greater amount of posts from /e/, Murena and their supporters attacking the GrapheneOS project. We boosted the initial post of our thread because they're continuing to make these claims.
@hambier
Karl Voit :emacs: :orgmode:
I would like you to ask to use the "unlisted" visibility option for your own replies within a thread like this.

Many of your followers have seen the arguments and are already on your side. At the same time, their timelines get spammed by those messages quite often.

Mine as well.

I've just read a thread where people tend to lose sympathy related to GOS for that reason (words like FUD, flamewar, turf war, ... were used, I don't judge here). And they unfollowed your account like I did just now.

So please do continue your stuff but don't splash all messages in all timelines by moving your follow up postings in an unlisted Mastodon thread. 🙇

(this message was posted "public" on purpose)
Theodore August Whitmore
Mass surveillance and encryption suppression won't protect us. Criminals exploit vulnerabilities, risking data exfiltration from everyone, including government horse 💩. Ultimately, it seems like they're collaborating with criminals to establish a control state nonetheless lmao, the circus is bigger every day 🤡
Ted's Tech Tips
@jsa @Fnordinger @cutesobri GOS also gives me way more control over my own phone, and honestly that's something everyone should want.

Secure and private software is for anyone who wants to use it, and for varying amounts of threat level. The amount of privacy, security, and control that GOS provides *should* just be the baseline for every mobile OS, but companies like Murena and /e/OS muddy the waters with misleading marketing.

Security/privacy theatre is dangerous.

2/2
@jsa @Fnordinger @Sobri | Zoe (she/her)
Ten wpis został zedytowany (2 miesiące temu)