Przejdź do głównej zawartości
This is an extreme misrepresentation of both what Gaël Duval said in this interview and our response to it. What he clearly said is that /e/ and Murena aren't providing security hardening which he claims is only useful for pedophiles, criminals and spies. Gaël Duval has repeatedly said this in his posts including ones where he directly says GrapheneOS is only useful for pedophiles, criminals and spies. We can show archives of numerous posts with him saying exactly that.

https://tilde.zone/@notthebee/116358115664425978

Wolfgang

2026-04-06 13:59:02


RE: grapheneos.social/@GrapheneOS/…

/e/OS founder: we aren't developing a phone for pedophiles so they can evade justice

GrapheneOS social media person: "Why are you attacking GrapheneOS?"

@GrapheneOS@grapheneos.social:
Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is only useful for pedophiles and spies.

Translation to English:

> There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything
https://grapheneos.social/system/media_attachments/files/116/353/970/673/759/638/original/9e06eacbb567eab4.mp4


GrapheneOS
We shared a video of Gaël Duval once again making these claims because that's harder to dismiss than his written posts across platforms. He has made the same claims in both French and English. Multiple /e/ supporters participating in ongoing attacks on GrapheneOS with inaccurate claims have tried to dismiss this based on him not explicitly mentioning GrapheneOS in the video and by spinning what he said. That's fine, we can make another thread with a collection of his posts saying this elsewhere.

grayrattusudostępnił to.

GrapheneOS
Duval has a history of claiming serious privacy and security protections only help pedophiles, criminals and spies. He has explicitly smeared GrapheneOS this way repeatedly, but also attacks privacy projects in general as he did there.

/e/ and Murena products have poor privacy and atrocious security. Here's information on that with links to coverage by third party experts:

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private

We can make an expanded article with more info and more links to 3rd party experts included too.

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum
GrapheneOS Discussion Forum
GrapheneOS
2nd recent example of Duval portraying serious privacy/security protections as being for pedophiles:

https://www.clubic.com/actualite-604786-murena-e-os-interview.html

Translation:

> But above all, we must not confuse the issue: /e/OS allows its users to avoid the massive collection of personal data that takes place on smartphones currently on the market—it is not designed to help child sex offenders evade the law. In other words: /e/OS is not a system designed for enhanced security that would be useful only to specific individuals.

"On arrive à un point de bascule violent" : le fondateur de /e/OS alerte sur la souveraineté - Interview

Gaël Duval a cofondé Mandrake Linux en 1998. Près de trente ans plus tard, le fondateur de Murena et de /e/OS n'a pas changé de combat, mais le monde, lui, commence à rattraper ses convictions.
Guillaume Belfiore (Clubic.com)
GrapheneOS
Duval makes many false claims about /e/ in this article.

He repeats his extraordinarily false claim that they ship the latest security patches each month across devices which they don't do on a single device let alone all of them. Shipping backports of AOSP patches is not providing all the security patches.

He once again misleads people about their speech-to-text service sending user data to OpenAI. Running it through their own servers first is not anonymizing it.

https://community.e.foundation/t/voice-to-text-feature-using-open-ai/70509

Voice to Text feature using Open AI

As I was reading the Murena’s terms of use I discovered that the voice to text feature introduced with e/OS/ 3.0 is using the Open AI API. That means our voice is sent to Open AI so they can translate it to text.
/e/OS community
GrapheneOS
He downplays the large number of default enabled Google services added by /e/ with extensive privileged access. Contrary to his claims, it does use Google Play binaries both in apps using it and ones downloaded by microG which they enabled by default.

Murena previously claimed server side encryption was good enough for their audience and comparable to actual end-to-end encryption. They ended up leaking highly sensitive user data across accounts for their services:

https://community.e.foundation/t/e-foundation-ecloud-security-notice-june-15-2022/42420

E Foundation/ecloud Security Notice June 15, 2022

We have confirmed, based on a recent investigation, that limited user data was leaked on Sunday, May 29th 2022 impacting 26 of our cloud users.
/e/OS community
glimbusGlorbo
Hello! With all due respect, I only followed this account because I was under the impression I would primarily receive gOS news and updates. As of late this conversation has dominated my feed. I encourage you to continue to do what you think is best with this account. Where should I go to just receive news on gOS updates in a more concise way? Thank you!
GrapheneOS
@glimbusGlorbo These are GrapheneOS news and updates. Our project and team are being attacked in France and elsewhere in an attempt to marginalize the project by portraying it as being for criminals. It's being done directly by French national law enforcement smearing the GrapheneOS project and there's a government-funded company in France directly participating in it. It's important for people to know what is happening in order for the protect to be protected from these attacks on us.
@glimbusGlorbo
wod0bow
@glimbusGlorbo

All people understand that. Add it to "about GrapheneOS" / "history of the project" page on GrapheneOS website with references instead just repeating that over and over...
And instead posting information that you will take legal actions if... Just take legal actions. We (as a comunity) will even help to rise funds for that.
But information should be simple and not constantly repeated.
People just have enough of same drama instead of news.
Thats all.
@glimbusGlorbo
glimbusGlorbo
its an important issue for sure. IMHO it deserves a whole article discussing it. but, again with all due respect, i dont want my feed to be diluted by this issue. id love to know if theres a fediverse channel just for the OS updates and links to other happenings
dpplggr
very informative, thank you.
🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
I would switch to grapheneOS if I could use it on fairphone because I believe in an absolute right to privacy its not just for abusers. I'm not going to get a phone other than the fairphone because it's more important to me that there is no slavery and conflict minerals used in the phone and the modularity is a nice plus too. So unless grapheneOS supports a phone that has these features I can't ethically justify buying a phone without them just to use it.

#GrapheneOS #Android #Fairphone #ConflictMinerals #ModernSlavery
#android #fairphone #grapheneos #modernslavery #conflictminerals
GrapheneOS
@ambiguous_yelp Fairphones don't come close to meeting our security requirements and we'll never work with a company partnered with Murena. You don't need to give any money or support to /e/ and Murena in order to use a Fairphone. You use LineageOS which is more private and secure than /e/.

Fairphone's claims about updates, long term support, privacy and security aren't accurate. It's possible their Chinese ODM has awful working conditions. They mostly use regular components regardless.
@🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
Olivenolje
@ambiguous_yelp

@GrapheneOS in a fairy world in which Fairphone met your hardware and software requirements, would you consider working with them?
@GrapheneOS @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
Héliosélène
@ambiguous_yelp
There is no absolute privacy on grapheneOS phones. For example using graphene's default browser vanadium, you end up being a lot more uniquely fingerprintable than with a regular android and google chrome.

So this is all a matter of threat model. GrapheneOS is secure, but no device connected to the internet is 100% private, and using grapheneOS stands out a lot more from a metadata standpoint (for now at least).
@🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
GrapheneOS
@helioselene @ambiguous_yelp GrapheneOS goes out of the way to avoid standing out as being GrapheneOS on networks and to services when people are using a VPN. That's why it has a toggle to use the standard connectivity checks. Fixing privacy and security vulnerabilities inherently makes it possible to see those are fixed but that doesn't mean it stands out.

Contrary to your claims, Vanadium has far better protection against fingerprinting than Chrome but doesn't have nearly as many users.
@Héliosélène @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
GrapheneOS
@helioselene @ambiguous_yelp GrapheneOS supports using any Android browser app. There's nothing forcing people to use Vanadium. If you prefer using Brave because it has a significantly larger userbase to blend into than Vanadium along with additional anti-fingerprinting features then you can use Brave instead. It isn't as secure as Vanadium and has privacy disadvantages too. Brave on GrapheneOS is more secure than Brave outside of GrapheneOS due the protections. Same applies to other browsers.
@Héliosélène @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
GrapheneOS
@helioselene @ambiguous_yelp Nearly everyone cares enough about privacy for receiving standard privacy and security patches to be highly important to them even if they don't realize it. The same applies to receiving the standard Android privacy and security protections. Most Android OEMs fail to deliver a bare minimum level of privacy and security. Murena devices are horrible from a basic privacy and security perspective. Dismissing this by claiming it's about threat models is simply nonsense.
@Héliosélène @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
Scanner Diciest
@ambiguous_yelp
FairPhone is developed and made in China. Most factories there cruelly exploit workers. I don’t think it’s more ethical than Apple, at least you can report the Chinese factories like Foxconn to Apple and it works. And they can’t ship latest Android major releases and security patches, which makes long term support useless.

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum
GrapheneOS Discussion Forum
@🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
@a53bdb Fairphone pays their workers a higher wage. But I didnt mention that I was talking about modern slavery in mineral extraction.

#Fairphone #ModernSlavery #ConflictMinerals
#fairphone #modernslavery #conflictminerals @Scanner Diciest
GrapheneOS
@ambiguous_yelp @a53bdb If that's the case, how much are the workers at Fairphone's ODM paid compared to the ones working for Foxconn on iPhones?

Can you provide evidence there's less slavery involved in the supply chain for Fairphone's than iPhones?

Fairphone also uses a lot of standard components. Are you saying they have a more ethical Qualcomm SoC, display and similar components despite them being standard off-the-shelf components? Are those taken into account when comparing to iPhones?
@🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp @Scanner Diciest
Scanner Diciest
@ambiguous_yelp China is a highly corrupt capitalist country, not the so-called socialism or communism. Officials and capitalists jointly exploit the people at the bottom. Without supervision like Apple, they will try their best to continue to exploit workers.
@🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
Daniël
@ambiguous_yelp maybe buying a second-hand Pixel is an option? Re-using a phone is a great way of reducing the impact of phone production.

Fairphone is bad when it comes to security. It doesn't have a secure element like the Titan M2 in the Pixel (only TrustZone) and their kernels, firmware blobs etc. are way outdated. Even on the FP6 they are still shipping firmware blobs from June last year, even though Qualcomm does monthly security bulletins.
@🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
nebucatnetzer
@danieldk @ambiguous_yelp It is bad choises all around.
Using a second hand phone reduces the climate impact a bit but you're increasing the value of the device which is from an U.S. company. Especially one that has currently increasingly stupid ideas how Android should evolve.
In the end everybody has to pick their poison.
@🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp @Daniël
Daniël
@nebucatnetzer @ambiguous_yelp That is very much a secondary effect though. By buying a new Fairphone you are directly financing a Chinese ODM (T2Mobile) that develops the hardware and software, with proprietary Chinese TCL blobs.

And for the large price you get a phone with an SoC, cameras, and speakers of a 200-300 Euro phone.

Most of the extra cost does not go to wages, the extra wage cost is ~$1.90 according to their own marketing materials
@nebucatnetzer @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
Daniël
@nebucatnetzer @ambiguous_yelp Conflict-free minerals are a good point, but you save a lot more minerals (and thus labor extracting these minerals) by buying a second-hand phone, or ensuring that your phone gets a good second life by e.g. selling it.
@nebucatnetzer @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
Ten wpis został zedytowany (2 miesiące temu)
Daniël
@nebucatnetzer @ambiguous_yelp Moreover, what is better for longevity, a phone that gets nearly all updates on day 1 and has an SoC that is fast enough for years to come or a phone that is a security risk from day 1 and had a pretty mediocre SoC even when it was released?

E.g. Fairphone promised at least five years of updates for the Fairphone 4. However, in 2026 it still running a Linux patch release (4.19.197) from 2021.
@nebucatnetzer @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
nebucatnetzer
@danieldk @ambiguous_yelp
Look I'm not going argue this to death.
I'm sure you made the right decision for your requirements.

> However, in 2026 it still running a Linux patch release (4.19.197) from 2021

Out of curiosity, could this be down to the SoC?
@🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp @Daniël
GrapheneOS
@nebucatnetzer @danieldk @ambiguous_yelp Fairphone chose to use an outdated SoC in each of their devices, chose not to ship LTS revisions and chose to do nothing once the kernel was end-of-life. They weren't doing updates prior to it being end-of-life either. Fairphone 5 has an end-of-life kernel already too despite not being very old. They don't truly provide the kind of updates and long term support their marketing says they do. They provide the bare minimum partial AOSP backports.
@nebucatnetzer @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp @Daniël
Daniël
@nebucatnetzer @ambiguous_yelp The problem is that the larger public has been led to believe that if a phone gets Android Security Bulletin patch backports, that they have all security updates.

I am surprised how common this belief is.
@nebucatnetzer @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
nebucatnetzer
@danieldk @ambiguous_yelp

Isn't the more important part to get vendor support for the SoC?
AFAIK this is why they went with that strange chip in the 5.

As for the kernels they ship I don't know what the limitation there is.
That's why I'm asking, if there aren't any, then yeah they should ship a newer version.
@🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp @Daniël
Wolfgang
I would love to see these archives, especially instances where he says that GrapheneOS is for criminals and pedophiles
GrapheneOS
@notthebee They've repeatedly posted the claim in written form and it's clearly what was being said in the video despite your attempt and spinning it. We're currently gathering up cases of their attacks on GrapheneOS including where they've misrepresented what it provides, claimed it isn't usable or compatible and presented it as only useful in extreme circumstances. In multiple cases, they're claimed it's primarily useful to criminals as Duval did in that video for all hardening in general.
@Wolfgang
GrapheneOS
@helioselene @ambiguous_yelp Their data is outdated and doesn't take into account how quickly browsers have major releases. 45 days is far too long, it needs to be more like a week or 2 weeks.

It's also not representative of overall web browsing at all. Firefox is extremely over-represented in it.

Vanadium is on Chromium 147 in our Stable channel which was released very recently while Google has currently only rolled it out of 0.25% of users in their Stable channel:

https://chromiumdash.appspot.com/releases?platform=Android
@Héliosélène @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
GrapheneOS
@helioselene @ambiguous_yelp Why wouldn't the combination of using Vanadium, a major browser version of 147, your configured languages and time zone result in a unique or nearly unique value on this site? Hardly anyone uses it and we don't point people towards it as others do because it's not a good source of info. This site does not indicate that it's possible to tell you apart from other Vanadium users. You can set your language to US English only and a UTC time zone toggle is coming soon.
@Héliosélène @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp
GrapheneOS
@helioselene @ambiguous_yelp There's not really any browser you can use to avoid fingerprinting. Nothing mainstream does a good enough job and a non-mainstream option means you can be fingerprinted solely based on using a super niche browser. Vanadium does a good job avoiding telling apart Vanadium users and there are several improvements we can make including a way to pretend to have the UTC time zone which it could prompt about at startup or it could have a fingerprint review for settings.
@Héliosélène @🌱🏴‍🅰️🏳️‍⚧️🐧🔧📎 Ambiyelp