this post was submitted on 19 Aug 2025
4 points (55.6% liked)

Privacy

2366 readers
180 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
4
GrapheneOS: Another contributor attacked & banned by Daniel Micay (tech.michaelaltfield.net)
submitted 1 week ago by maltfield@monero.town to c/privacy@programming.dev
56 comments fedilink hide all child comments
 

Why was I banned from GrapheneOS? That’s a good question.

Why I was banned from GrapheneOS by Daniel Micay
Why I was banned from GrapheneOS by Daniel Micay)
top 50 comments
sorted by: hot top controversial new old
[–] SorryImLate@piefed.social 20 points 1 week ago

I can't believe I just wasted time reading this.

Tldr: GOS accused OP of trying to create public drama and instead of taking multiple opportunities to deescalate, OP kept pushing and got banned.

So, if GOS was wrong about OP wanting to create public drama, then why have they made this post?

I'm not saying GOS didn't overreact but that whole conversation was at the level of 13 year olds. Surely, OP, you can do better?

Specifically:
If all you wanted was to share the information with CalyxOS, wouldn't the logical option have been to copy the relevant text from @jertek's comment (which you had already recovered), and quote it in a comment on your CalyxOS feature request? You could have linked to @jertek there and continued the conversation without involving GOS.

You know GOS aren't intending to implement this feature - you were informed of that on the GOS discussion forum before opening the ticket. (I just searched the forum for this topic because I was so sure I must be missing context but no, not really.) So when they deleted the request, why not let it go? I just don't get why it mattered so desperately that they deleted your feature request, and why you couldn't clarify that anywhere except on a clone of their repo. I really, genuinely don't.

[–] wildbus8979@sh.itjust.works 12 points 1 week ago (13 children)

Yeah strcat has been an ass since the Copperhead days. He's set back Linux security at least a decade by pissing off Spender of GRsecurity to the point of making him remove the public patches (not that I think Spender was right to do that, but I understand why it happened after what Mackay did).

The dude is toxic.

[–] Scoopta@programming.dev 3 points 1 week ago (2 children)

Didn't he leave the project though?

[–] wildbus8979@sh.itjust.works 3 points 1 week ago (2 children)

He crashed and burned the Copperhead project, yes. Copperhead was just him and a business partner that he totally fucked over.

[–] Scoopta@programming.dev 3 points 1 week ago (1 children)

Yeah sounds about right. The only reason I'm even running graphene right now is because I heard he left the project. Otherwise I wasn't sure I wanted to be dependent on it

[–] Zaptosis@monero.town 1 points 1 week ago (1 children)

GrapheneOS is open source, just because you disagree with who runs it doesn't mean the code itself is bad. Its an extremely popular project now & there are a lot of eyes on it.

It has long since evolved beyond something Daniel can simply destroy as a whim & any attempt to sabotage it would be met with a roaring backlash & warnings from pretty much everyone in the privacy & security space.

I think you're good to keep on using GrapheneOS, there simply exists no better option. Though if you are set on switching I guess CalyxOS (if they remain in operation) or BraxOS would be the best alternatives.

[–] Scoopta@programming.dev 1 points 1 week ago (1 children)

XZ was also open source...albeit less eyes on it probably. Point is we take "open source" for granted and assume it means "secure" but the person running a project, even an open source one, can do real damage.

[–] Zaptosis@monero.town 2 points 1 week ago

I agree with that sentiment fully, just because something is open source doesn't mean it's automatically secure. Though when an extremely popular project's entire focus is high security & the specific eyes on the project are the exact people who are professionals in security, I'm more inclined to trust that it would be pretty hard for Daniel to slip in a critical flaw into the code.

Its just to me the whole idea that one man can sabotage a project of this scale seems pretty overboard. GrapheneOS is a great tool. A lot of people hated Edison, he was a huge ass with an even larger ego, but it doesn't mean we shouldn't use DC electricity. I would argue that if you dislike Daniel McKay, that same thought process should still apply. You may not think he's the greatest guy, personally I don't have any strong opinions on him. But what he's done is undoubtedly extremely helpful to anyone concerned with both privacy & security.

load more comments (1 replies)
load more comments (1 replies)
[–] sukhmel@programming.dev 2 points 1 week ago

Why is it even possible to remove public patches that are already used?

load more comments (11 replies)
[–] sudoku@programming.dev 9 points 1 week ago (2 children)

While the authors intentions are a bit iffy (the whole thing happened over a year ago), the fact that two new fresh accounts that speak just like Daniel apperead in the comments speak the loudest.

Daniel, if you are reading this, comparing Graphene features to Lineage is not targeted harassment, nor is creating feature requests that can be closed and explained politely. When browsing the GrapheneOS forum the weirdest thing is seeing misunderstanding people being threatened with bans instead of helped with explanations. Usually with forums I just assume a 12-year-old is behind the keyboard, but unfortunately that's not the case with Graphene.

[–] maltfield@monero.town 1 points 1 week ago* (last edited 1 week ago) (1 children)

𝐒𝐨𝐜𝐤·​𝐩𝐮𝐩·​𝐩𝐞𝐭⁣
/ˈ𝘴ɑː𝘬 ˌ𝘱ʌ𝘱.ɪ.𝘵𝘳𝘪/

(n.) An online identity created, and used, for purposes of deception. A sockpuppet purports to be an independent party that supports, approves of, or agrees with some agent (a person, organization, agency, or state), but is in fact created and controlled by that agent, and has no independent existence. Common uses of sockpuppets include plausibly deniable hacking or information operations, provocation, and astroturfing (creation of the illusion of grassroots support).

Source: https://thecyberwire.com/glossary/sockpuppet

[–] Zaptosis@monero.town 1 points 1 week ago

Legit 2 digit IQ, Tranquil is not a sock puppet. I've seen him in GrapheneOS chat rooms occasionally over the span of a few years during the time I've occasionally looked through them. From what I've seen he's very active & is constantly helping people out.

[–] tranquil_cassowary@sh.itjust.works 0 points 1 week ago (1 children)

I'm a real person and long-time community member. I'm not an account created by Daniel. You can go to the GrapheneOS Discord and search for from: tranquil_cassowary and see that I have posts going way back in time, on Matrix I used to go by stackedbedrock@arcticfoxes.net and now also go by tranquil_cassowary@arcticfoxes.net. My style of writing is also not the same at all, as is my level of English. It's probably easier for you though to assume that everyone who disagrees with you is one person, so that only one person would be disagreeing with you.

[–] sudoku@programming.dev 1 points 1 week ago (1 children)

I don't know if you or the other account is Daniel or not. You do have to have a few screws loose to be constantly looking for posts that are negative towards your project and create accounts (or multiple) to defend it ASAP. However doing it to someone elses project you would have to be in a nuthouse, so I usually assume the more intelligent option.

[–] tranquil_cassowary@sh.itjust.works 0 points 1 week ago* (last edited 1 week ago)

I looked for the posts once when they got post-spammed across all of Reddit and the Fediverse by the OP. Now I just get notifications for things happening in the replies. That's how these social media things work, there are notification inboxes. As I said, I'm not Daniel you can verify it by looking in the Discord. I'm passionate about this project, I think having a positive passion towards something isn't that strange. Being passionate about harassing a project and an open source developer, however, seems a bit stranger.

[–] noodlejetski@piefed.social 5 points 1 week ago (9 children)

seeing how the GrapheneOS team bans people without any given reason, goes out of their way to point out how they're the only good OS choice and literally anything else one might consider is insecure garbage (it really feels like mentioning Graphene and any other custom ROM on Mastodon in one post summons them with a 10-post thread pointing out why the two aren't in the same league and shouldn't be compared to each other, ever), and then paints themselves as the victim who is constantly harrassed by the competition without ever showing much evidence, I probably wouldn't be very comfortable running their product, even if it was available for my device.

[–] timbuck2themoon@sh.itjust.works 7 points 1 week ago (6 children)

It's a good product but yes, the team is ridiculous. Either because they do this incessantly or never stop the people doing it.

How hard is it to just let your product speak for itself? I wouldn't trust the team because they insist on making an echo chamber and mountains out of molehills. It simply reads as a team that isn't stable.

load more comments (6 replies)
[–] Skorp@sh.itjust.works 0 points 1 week ago (2 children)

This is a huge mischaracterization of what the project account does across socials. They are on the receiving end of misinformation like that being spread in this blog post, designed to stir up drama and provoke harassment towards the project. Anyone who has looked at the actual evidence (not the blog post), has found the claims in the blog post to be baseless.

People ask genuine questions about the differences between Android forks and the project account is available to provide factual information on those differences...and you're mad about it?

[–] wildbus8979@sh.itjust.works 4 points 1 week ago (1 children)

This is a huge mischaracterization of what the project account does across socials

That's true, there's no mention of all the brigading, evidenced by all the brand new accounts replying on all the threads where this was posted! The stuff of well adjusted people for sure!

[–] Skorp@sh.itjust.works 0 points 1 week ago (1 children)

So, you're not taking issue with the obviously fabricated things in this blog post, which this person shared across over a dozen Lemmy communities, Reddit, LinkedIn, Mastadon, etc., but you are taking offense that community members might come to where this is being posted to address/correct/refute it?

You seem to feel comfortable lobbing statements that GrapheneOS community members or even just people that might disagree with lies and targeted drama being posted aren't well adjusted, but not the person who posted the lies across the fediverse?

This all seems backwards.

[–] wildbus8979@sh.itjust.works 1 points 1 week ago (1 children)

I've had my fair share of personal experiences which the individual in question to know exactly who they are and where I stand on this issue. Thanks.

Go to therapy and do some introspection, Dan. You have a serious attitude problem that manifests itself as anti-social behavior. It's not a good look.

[–] tranquil_cassowary@sh.itjust.works 0 points 1 week ago (1 children)

They are not Daniel. There just are multiple people disagreeing with you. Despite you being toxic and supporting harassment content, community members and GrapheneOS users replying here have stayed very mature and polite towards you. I would look in the mirror first of all, if I were you.

[–] wildbus8979@sh.itjust.works 0 points 1 week ago (1 children)

Sure thing, Dan.

[–] Zaptosis@monero.town -1 points 1 week ago

I can vouch that these are all independent people. You're clearly the delusional one here, like whats even going on in your head?

If you think I'm also Daniel as well, then just search up my username. I guess Daniel (which is of course me) is a big time enjoyer of hacking roblox. Wherever do I, (clearly Daniel) find the time to manage the full lives of all these people. Must just be the most efficient person on earth.

[–] onlinepersona@programming.dev 1 points 1 week ago* (last edited 1 week ago) (2 children)

I honestly don't think it's false. I've seen people be on the receiving end of graphene developers propensity to claim their solution is the best and most secure ROM out there. GrapheneOS users are just as inclined to make those claims unsolicited, and that in threads that just mention custom ROMs and aren't talking about security or anything close to it.

The devs and community need to take a chill pill or go into therapy, because it seems like they all went through some traumatic event(s) and GrapheneOS or ROMs in general are their trigger.

I'd be much more willing to use the ROM and donate if the community weren't as intense and it also ran on devices other than Google's. Right now, both points drove me away from GrapheneOS and I actively discourage those around me to use or install it. If the devs and community were less intense and open to civil, friendly discussion + compromise, things would be different. Not everybody out there is a threat and has to be treated as such.

Anti Commercial-AI license

[–] Skorp@sh.itjust.works 0 points 1 week ago (1 children)

The blog post is false. You can verify it by looking at the repos. This person was being childish in their attempts to get GrapheneOS and other projects to accept the feature request. They were told "No". Now whether they or anyone else feels the reason behind that decision is valid or not is separate from the fact that this person then went out of their way to make noise and trouble for the project (by opening the repo, pinging the developers, etc.). We'll call it "entitlement". When they were blocked, instead of moving on and accepting that the feature wouldn't be implemented, they wrote up this blog post and spread it around the internet so that it would stir up drama, and direct more attacks towards the project. I'd call that a vendetta.

Other companies and projects have a tendency to take criticisms coming from the project as directed attacks. I take less issue with the project making objective criticisms. To respond to that criticism by pointing a finger back calling the founder "delusional", "insane", etc., doesn't seem appropriate. Even if it were true (which no one has evidence to claim), it would still be completely unacceptable to talk about someone like that. Your comments about them or the community "needing therapy" perpetuates that sentiment.

Intensity is one thing. That is arguably true and the OS may not be the leading AOSP fork in terms of security and privacy (see: Capabilities against forensic extraction) if it weren't the case. It is the projects unwillingness to compromise in this area that makes it stand out in that regard.

Other projects and companies make claims about and market their projects/devices/services. Not that I'm arguing that GrapheneOS should be the only ones able to comment on or evaluate those claims, but they are certainly some of the most qualified to. We shouldn't give them a pass because they claim to protect us against "big tech". Those things should be critically evaluated because it matters so much.

GrapheneOS evaluates other's primarily based on their technical merits and against their claims they make. How many of those who oppose do the same? Or do they just call them divisive, crazy, and incendiary?

Thank you for the civil discussion. I hope it can continue.

[–] onlinepersona@programming.dev 1 points 1 week ago* (last edited 1 week ago)

The blog post is false.

That wasn't what I meant by false. It was your phrase about the activity of project socials being mischaractered, which I still maintain it is not.

Other companies and projects have a tendency to take criticisms coming from the project as directed attacks.

It really depends what is said and how. As I have said before, and as the original comment you responded to said, the project socials (and community) constantly put down other projects and bring up grapheneOS in any discussion about ROMs. The problem is they seem to lack awareness and often ignore context.

For example, if I mentioned LineageOS as a good option for somebody who wants to degoogle their Samsung phone, you can bet that a grapheneOS maintainer or sympathiser will show up. They will inform everybody how insecure lineageos is, throw a bunch of technical terms around, and finally recommend the purchase of a google pixel and to flash it with grapheneOS. This happens regardless of what the original user says they want (a degoogled Samsung phone), here the question was asked (possibly thread about Samsung phones), what budget the user has (they might not have any to buy a new phone), and so on.

Your comments about them or the community "needing therapy" perpetuates that sentiment

I could call it "making objective criticism" like you call the actions of the grapheneOS maintainers and community. Do you understand now why that argument doesn't work? To you it may seem objective, but to others it is brigading, unwanted, annoying, and also insulting. Immediately entering every discussion about another ROM with a "that insecure" and "you might as well not have a passcode and hand over everything to Google" is far from the objective arguments you think the maintainers and community are making.

Hopefully it is more understandable now what I (and some others) take issue with. If grapheneOS maintainers and the community could just please stay on topic, make relevant comments, and be more diplomatic, maybe even supportive of other projects, that would improve their image so much...

Thank you for the civil discussion. I hope it can continue.

🙏 Thank you too.

Anti Commercial-AI license

[–] Zaptosis@monero.town -1 points 1 week ago (1 children)

I've criticized aspects on GrapheneOS before & have gotten well thought out & reasonable reasons why they made the decisions they do. They took the time to address my concerns respectfully & even linked independent research that supported their position.

Also I am not an active member of the GrapheneOS community, just an enjoyer of the project. So unless you've actually joined their community & tried engaging with them respectfully, I have no idea what you're talking about. Every single interaction I've had with them has been positive. Anytime I've looked in their chat rooms I see people helping out new users & answering questions I imagine have been asked hundreds of times.

Stop listening to what other people say, just go & see for yourself.

[–] onlinepersona@programming.dev 1 points 1 week ago* (last edited 1 week ago)

Stop listening to what other people say, just go & see for yourself.

I'm speaking from experience. Read my other responses to understand that it's not the technical feedback or whatever that I have trouble with. The GrapheneOS community inserts itself into every discussion about ROMs possible.

Someone brings up LineageOS for a OnePlus phone? Get a pixel and flash GrapheneOS. Someone brings up CalyxOS for a no pixel phone? Buy a pixel and flash GrapheneOS! So you bought a Volla phone with VollaOS? Wrong! You should've given Google your money for the most secure phone in the planet and flashed GrapheneOS! Oh, you don't have enough money for a new phone? Stop being poor and sell your assets because the TLAs are after you and your life is worthless without a Pixel and GrapheneOS! You think the pyramid of needs starts with food and physical safety? Guess what! That'd wrong again, because it starts with digital safety and that means GrapheneOS!

It feels even worse than the damn "Arch BTW" people, because we know it's a goddamn meme but the GrapheneOS people are serious. It's as if GrapheneOS is a status symbol that makes them levitate above the rest of us lowly LineageOS, CalyxOS, eOS, VollaOS, custom ROM plebs. As if GrapheneOS is the final stage of enlightenment that Buddha reached before he flashed his Pixel and ascended.

That's what the OP was talking about and I am too.

Anti Commercial-AI license

load more comments (7 replies)
[–] springonion@discuss.online 5 points 1 week ago

Hello everyone, I want to preface this by disclosing that I am part of the GrapheneOS team. My account is not freshly created by the way, since that seems to be such a hot topic here. We asked our community for help with dealing with this mess since the self proclaimed open-source "enthusiast", who is supposedly so eager to help, has gone out of his way to spread this literally all over the internet in order to harm an...open-source project. Here on Lemmy, Mastodon, Reddit, LinkedIn...even Facebook and elsewhere. That's where the "suspicious" new accounts come from. That said, yes you can go ahead and verify they are in fact members of the community. And you can verify mine too if you wish, on the GrapheneOS forum, our reddit, discord, matrix, github. I don't know what else I could tell you on this front honestly.

Now this person filed a duplicate feature request on the issue tracker regarding 3-button navigation. We closed it and provided an explanation on why it’s not wanted, primarily because 3-button navigation is really just a legacy mode and only kept around for compatibility reasons. Any feature that aims to provide a quicker way to force kill apps should be done in a way that’s not specific to it, but can be applied to all navigation modes. I hope this makes sense until here.

About a year later some people picked up on this feature request and started discussing it further. We have a rule where if you want to express your support for something you should react to it with a thumbs up emoji. That’s because each mention and reply sends an e-mail notification to multiple developers. We opted to delete the issue in order to stop the noise. In hindsight yeah that was a mistake, since apparently there are individuals around who are just waiting for an opportunity to act in bad faith as seen here.

This person kept insisting on it and continued to file more issues regarding this matter, even going as far as cloning our repository and continuing the spam there. We repeatedly asked them to stop and take it to dms instead but they didn't do either of these things. Now what they did do is dig this up over a year after our last interaction with them and make a mountain out of a molehill.

There you go, that's the gist of it.

[–] mindbleach@sh.itjust.works 4 points 1 week ago

The Hard Parts of Open Source. TL;DW - it's people.

load more comments
view more: next ›