The founder of /e/os is anti-security : privacy

[–] endlessvoid@lemmy.today 126 points 1 month ago (5 children)

"anyone who wants privacy from their government is a pedophile" is a hell of a stance...

[–] PolarKraken@lemmy.dbzer0.com 22 points 1 month ago

Honestly by now it's becoming reasonable to assume "projection" as a baseline, to then change based on evidence, when someone has a take like this guy's.

I don't mean the political tactic, just the garden-variety kind of projection. "Probably ~everyone thinks the way I do, and boy, we better not give everyone the tools to act on that..."

Deeply wrong about how most folks think, because of how they themselves do, and believing they're therefore helping. Likewise a self-admission, because they don't realize they're admitting anything.

Maybe not the case with this guy, I'm not gonna dive in.

But I do sincerely believe that's a somewhat charitable take toward anyone making a claim like this today. Charitable in the sense of acknowledging a misunderstanding and desire to help.

The less charitable one being - just obviously complicit. Fuck this noise.

[–] thatsnomayo@lemmy.ml 7 points 1 month ago

the privatized western govts & their tech boys literally are the infrastructure of the global pedos it's asinine & dangerous to tell people to ignore that!

load more comments (3 replies)

[–] Fedpie@sopuli.xyz 59 points 1 month ago (4 children)

I think it's fair they support way more phones than GrapheneOS, even if the security is way worse. But it's a whole other thing to call people who want secure phones pedophiles.

[–] rbits@lemmy.world 29 points 1 month ago (2 children)

I am skeptical how worthwile it is to use /e/os over OEM Android at this point

[–] JamesBoeing737MAX@sopuli.xyz 9 points 1 month ago

Well, you get a superiour privacy and security by just debloating a device via ADB.

load more comments (1 replies)

[–] weaselsrippedmyflesh@piefed.social 7 points 1 month ago

Agree with your outlook, but I think it's not too farfetched to give the benefit of the doubt to the speaker here and establish that pedophiles were used as an example (of people whose survival depends on their data not being breached), rather than a direct comparison. And he goes on to name being an executive to the secret services as another example (again, of people to whom hardened security of data is an imperative), but we're not saying he thinks secure phones are just for people in secret services, are we?

He's just saying, albeit rather clumsily, that their goal is simply not that level of hardened security, but rather privacy from data miners.

load more comments (2 replies)

[–] Armand1@lemmy.world 34 points 1 month ago* (last edited 1 month ago) (1 children)

The full translation of the clip of Gaël Duval provided by GrapheneOS:

There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything we do reduces attack surface.

However, we don't have a "hardened security" approach, we aren't developing a phone for pedo(censored) so they can evade justice. So there aren't difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever.

That's not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn't be legal in real life with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone.

As a french speaker, I can attest that the translation is fairly accurate.

While I don't agree with the characterisation Gaël Duval makes here, I believe the statement from GrapheneOS here:

Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies.

Is a bit disingenuous. It sounds like they do make some efforts to secure their device, but it's not their main focus. Theirs is to improve privacy first and foremost.

I would take anything GrapheneOS devs says with a grain of salt, as we all know that they have quite an adversarial relationship with... well... everyone. But especially other OS makers.

[–] Danitos@reddthat.com 19 points 1 month ago* (last edited 1 month ago) (2 children)

It sounds like they do make some efforts to secure their device, but it's not their main focus. Theirs is to improve privacy first and foremost.

I don't have any issue with that: different OSes have different priorities and that's okay. However, I feel like he's basically saying that users of hardened secure devices are pedos, and I have a very big issue with that. I don't know if maybe in French it doesn't sound that way, but they English translation does for me.

load more comments (2 replies)

[–] FEIN@lemmy.world 33 points 1 month ago (2 children)

Kind of shameful of /e/ to blatantly disregard user privacy like that. Is Graphene our last stand against Orwellian surveillance?

load more comments (2 replies)

[–] 9point6@lemmy.world 26 points 1 month ago

Lmao what a toxic piece of shit

Privacy is something everyone deserves, not something only criminals want

[–] blackbrook@mander.xyz 25 points 1 month ago (1 children)

I can't believes he's intentionally anti-privacy. Occam's razor suggests he's instead a fucking idiot.

[–] rbits@lemmy.world 12 points 1 month ago (2 children)

Yeah maybe. But whether it's intentional or not, I would not want to use /e/os.

But also, from the linked thread:

Murena is a for-profit company owned by shareholders including Gaël Duval. /e/ has a non-profit organization which is also led by Gaël Duval. /e/ includes paid services from Murena. /e/ very clearly exists to build products for Murena to sell in order to enrich the shareholders.

Despite being done for profit, /e/ receives millions of euros in funding from the EU on an ongoing basis. /e/ and Murena use extraordinarily inaccurate marketing to not only promote their products/services but also to mislead people about GrapheneOS and scare them away from it.

From @grapheneos.org

load more comments (2 replies)

[–] rbits@lemmy.world 19 points 1 month ago (3 children)

Another quote from the thread

Their marketing heavily focuses on avoiding Google and gives the impression they believe privacy means avoiding one company. Meanwhile, they add a bunch of Google services not present in the Android Open Source Project and give extensive privileged access to Google apps/services.

From @grapheneos.org

[–] rbits@lemmy.world 12 points 1 month ago (2 children)

Recently, France's national law enforcement began fearmongering about GrapheneOS and smearing it with inaccurate claims. France's corporate and state media heavily participated. Many articles and also radio/television coverage misrepresented GrapheneOS as being for criminals.

From @grapheneos.org

[–] lsjw96kxs@sh.itjust.works 6 points 1 month ago

It was already debunked. A single french tabloid (not true journal) featured why graphene was used by criminals. It's not the government that was specifically targetting it by all means it had.

load more comments (1 replies)

load more comments (2 replies)

[–] pmk@piefed.ca 19 points 1 month ago

I can see how one can interpret it like that, but it's not how I read what he said. I think the point he's trying to make is that hardened security protects the user from attacks, yes, but their focus is to provide services that can be trusted not to attack the user. He said: "really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That's not our goal"

I mean, I use GrapheneOS on my phone, but do I personally need all the hardened security? Not really. It's nice theoretically, but mainly I'm just happy the OS itself isn't spying on me. I'm personally not very worried about an evil maid attack or state level spying.

[–] quips@slrpnk.net 18 points 1 month ago (1 children)

You did not need to censor anything this is not Reddit

[–] rbits@lemmy.world 5 points 1 month ago (3 children)

First of all, I didn't censor it, that's a quote from the Bluesky post.

But also, why is everybody so offended by censored words here? I don't get it.

[–] fatcat@discuss.tchncs.de 27 points 1 month ago (1 children)

But also, why is everybody so offended by censored words here?

I think because it's a sign how social media corps have trained us to avoid certain words or even create new ones (for example "unalive" instead of "kill").

[–] MasterNerd@lemmy.zip 27 points 1 month ago (2 children)

The term is algospeak, where you change your wording due to online censoring. I fucking hate that corporations have managed to literally change the way we speak.

load more comments (2 replies)

[–] hyacin@lemmy.ml 9 points 1 month ago (1 children)

But also, why is everybody so offended by censored words here? I don’t get it.

The biggest reason seems to be that it will evade filters, which people set up very intentionally and specifically to keep these Fedi-spaces a safe place for them mentally.

So, for example, someone comes here to get away from the 'real world' and news and whatnot, may have a filter that blocks anything with the word "Trump", or one I actually see censored a lot more often, "Israel"

Then someone makes a post about "Isr*el is so bad" and it sails right through their filters.

load more comments (1 replies)

[–] DieserTypMatthias@lemmy.ml 18 points 1 month ago

Well, that'll be another 100€ December donation to GrapheneOS.

[–] onlinepersona@programming.dev 17 points 1 month ago

Please provide the video with the question included. This looks cut to fit the anti murena narrative that GrapheneOS has been screaming about for years. It's the same tactic Republicans use against others: cutting only a bit that sounds bad when taken out of context.

[–] apftwb@lemmy.world 17 points 1 month ago

Pedophiles use their work emails and gmail. Making a secure phone OS won't make a difference.

[–] tixnou@feddit.cl 13 points 1 month ago

some people in this thread still dont get it, so:

you cant expect privacy while also having poor security practices. ideally you'd have both and most of these privacy projects are not much more than just a lineage fork with a dns blocker

apparently in duval's mind, you can always trust even a fascist government to never try to exploit your phone and to give you privacy. or something idk

[–] 5PACEBAR@piefed.ca 13 points 1 month ago (2 children)

Take this with a grain of salt: GrapheneOS is always stirring shit with other players in the privacy space and they try to paint them in the worst light possible.

[–] FauxLiving@lemmy.world 7 points 1 month ago (1 children)

It's a video of him speaking in his own words, not much salt needed.

load more comments (1 replies)

[–] blackbeard@europe.pub 13 points 1 month ago (1 children)

Interesting conversation with GrapheneOS. Didn't know they essentially hate each other. I'm using e/os but just because I cannot run graphene on my device.

[–] Danitos@reddthat.com 6 points 1 month ago (6 children)

GrapheneOS's leadership hates basically any other ROM. If you say something negative about GrapheneOS, he will probably calle you out as part of CalyxOS team in a hate raid party, or something of the like.

They make an amazing OS, but you're better off not giving them much attention in their constant drama.

load more comments (6 replies)

[+] verdi@tarte.nuage-libre.fr 11 points 1 month ago* (last edited 1 week ago) (4 children)

[deleted]

[–] Coleslaw4145@lemmy.world 6 points 1 month ago* (last edited 1 month ago) (1 children)

Finally, Motorola produces a panoply of devices for LEA, if you think a for profit company will not leverage their deal with GOS to sell a bypass device to law enforcement agencies and have the monopoly on that market you are out of your goddamn mind.

You realise that Motorola Solutions (that make stuff for law enforcement agencies) and Motorola Mobility (that make phones) are two completely seperate companies?

Motorola Mobility is a wholly owned subsidiary of Lenovo.

They have nothing to do with eachother beyond just the brand. Motorola Mobility dont even own the rights to the name or logo. They have to license the brand from Motorola Solutions.

load more comments (1 replies)

load more comments (3 replies)

[–] nebulahhh@lemmy.blahaj.zone 10 points 1 month ago (6 children)

We've known that /e/os is anti security/privacy look at all their attacks on grapheneos

load more comments (6 replies)

[–] utopiah@lemmy.ml 7 points 1 month ago* (last edited 1 month ago) (2 children)

Sadly FUD as ANYTHING that is NOT increasing profit for surveillance capitalism, i.e Google, Meta, etc is a win for privacy!

Of course /e/OS could be better, GrapheneOS could also be better (including on security) but the big picture is that still ANY of those solutions is making surveillance capitalism, the loss of privacy for profit and power, less efficient. That's good for all of us who, being on Lemmy or other federated instance, believe we do benefit from having more privacy, or at least not trading it away.

TL;DR: be inclusive, bring others up, don't be exclusive aiming for perfection none of us can attain.

load more comments (2 replies)

[–] weaselsrippedmyflesh@piefed.social 7 points 1 month ago (1 children)

I don't think he's actually making the parallelism with pedophiles and security per se, but rather he's making the case that his OS' mission isn't by default focused on that level of security or anonymity, but rather privacy and disengagement from companies who profit from your data being mined.

He mentioned pedophiles, as well as the secret service, right after, as examples of either criminals who need to be obscured from detection (maybe because it's easy for the Epstein class to pop in someone's head, nowadays?) or government agents that need to protect themselves from data breaches, and said his type of OS isn't made with that level of airtight security in mind, which is understandable and reasonable, and something we probably all knew already. It could've just as well been terrorists and investigative journalists mentioned.

One could take his stance and engage in discussion on whether we need that level of security by default as ordinary citizens, or that even without exceptional circumstances, it becomes necessary in an increasingly hypervigilant society/government, but that's a separate discussion.

We should have a little nuance in interpreting speeches like these rather than taking things this literally, especially when it's coming from a direct competitor in the degoogling sphere, who would naturally gain from holding it up in the most unflattering light.

[–] Jason2357@lemmy.ca 5 points 1 month ago (1 children)

Are you a native french speaker? Maybe you heard it differently from me, but while I am all for nuance, lets not sanewash people and take them at their word.

I use plenty of software where the developers are not primarily focused on security, but his line of reasoning sounds just plain dangerous for an OS developer. Maybe he phrased it bad, but that would be up to him to clarify and we shouldnt do that for him.

load more comments (1 replies)

[+] versionc@lemmy.world 6 points 1 month ago* (last edited 5 days ago) (1 children)

[deleted]

[–] SatyrSack@quokk.au 12 points 1 month ago* (last edited 1 month ago) (2 children)

So you don't have to give Reddit clicks:

Dutch hardware, French open-source OS, no Google services.

Apologies for repeating this in pretty much every topic on Fairphone and /e/OS, but there is a lot of misinformation about this. The Fairphone hardware and software is developed by a Chinese company called T2Mobile (this is no secret, it is in Fairphone's documentation).

Switching to /e/OS does not really change that, because they use the same kernel trees, binary firmware blobs, and device trees maintained by the same Chinese company. So you replaced opaque blobs coming from a South Korean company to those from a Chinese company and Qualcomm (pick your poison I guess).

Besides that /e/OS does not really decouple you from Google. It starts talking to Google pretty much the moment you first set up the device [1]. The device will download proprietary Google SafetyNet blobs that run as part of the privileged microG. /e/OS also contacts Google for assisted GPS, eSIM provisioning, WideVine provisioning, etc. Then if you install certain Google Apps, /e/OS gives them elevated privileges, breaking the regular sandbox model. For instance, if you install Android Auto because you want to use it in your car, some of the dependencies (e.g. Google Maps) have privileged access [2]. It does not stop at Google, e.g. for speech-to-text, Murena does not have any scrupules uploading your voice to OpenAI (and hide it somewhere in the terms that no-one reads) [4].

Besides that, both Fairphone and /e/OS have a history of abysmal security. E.g., both used to sign system images with Android testing keys (which meant that malware could hide in your system image without you noticing). Fairphone is absolutely terrible at maintaining kernel trees - e.g. Fairphone 4 is still using a Linux version that has not been updated since 2020, Fairphone 6 is still on firmware blobs from June 2025 despite Qualcomm pushing out monthly fixes for vulnerabilities since then. The Fairphone 6 is also shipping a Linux kernel that hasn't been updated since September 2024.

Both the Fairphone stock OS and /e/OS are way behind on Android security updates. The Android Security Bulletins are only backports of security issues marked high or critical. On those they are typically 1-2 months behind and the ASB vulnerabilities are already known for 3 months by vendors due to Google's new security embargo system. That means that Fairphone's stock OS and /e/OS are usually 4-5 months behind on patching high/critical vulnerabilities. It is even worse for other vulnerabilities, which are commonly used as part of exploit chains. /e/OS and the stock OS are still on Android 15. Since they do not roll out other security updates than ASBs, it means that they are now 1.5 years behind in non-high/critical security updates (since Android 15 was released in September 2024).

And then we haven't even talked about shady things like the /e/OS App Lounge getting F-Droid packages [3] through a MITM server (cleanapk) for at least 6 years now that often serves outdated package versions. To make it more fun, they do not want to reveal who is actually maintaining this service.

Similarly, hardware security is not great. In contrast to your old S24, the Fairphone 6 does not have separate secure enclave. They only use TrustZone, which basically uses the same CPU/RAM for the TEE (the OS gets isolated by secrets running it in a VM-like environment). TrustZone is vulnerable to side-channel attacks and PINs are easily brute-forced (so, on Fairphone you probably want to use a long passphrase).

Some people will say: who cares, I'm not the target of a state level actor. Remember that in the days of Cellebrite, etc. device security is important to anyone who ever goes to a demonstration or crosses international borders.

I understand that everyone is looking for European alternatives, please think twice if you want to replace them by Chinese blobs, very outdated software, and a security disaster.

[1] https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/

[2] https://eylenburg.github.io/android_comparison.htm

[3] https://forum.f-droid.org/t/e-foundation-using-f-droid-with-middle-man-website/7162

[4] https://forum.fairphone.com/t/e-os-betrays-users-privacy-openai-being-integrated-directly-into-core-os/119381

load more comments (2 replies)

[–] Undertaker@feddit.org 5 points 1 month ago* (last edited 1 month ago)

It fits into the whole philosophy. There are several posts ( Initial Kuketz, discussion on Kuketz critique, reminder/restart discussion, criticism on usage of OpenAI in /e/ and poor communication, same questions again with no or wrong answers) criticising /e/ for heavily ignoring privacy and security flaws and only one response post on this Duvals answer on OpenAI usage in which they clarify to see 'emotional' reactions and look for alternatives while still finding it acceptable and criticism is 'FUD' and 'hurt of reputation' instead of valid concern.

Additionaly the points postet by Kuketz are not addressed since today. Updates are a bit faster but still with weeks delay and still not including several parts of security updates (instead it's the bare minimum).

I looked for several posts on social media and Duval always ignores the points and yells that all the people are only up to harass him. He also uses false arguments to convince (probably) himself of this ridiculous behaviour.

I started using /e/ in summer 2022 and was positive and hopeful because of the idea (long updates, privacy in mind, degoogled). But over the years learning that nearly all internal community and external expert criticism was ignored or marked as irrelevant or harassment when it's not, my opinion changed and I'm no longer willing to talk or write about /e/ diplomatically as it is inappropriate.

Privacy

A place to discuss privacy and freedom in the digital world.

Some Rules

Related communities