This looks hugely blown out of proportion. The project founder has a well documented history of what I would consider a persecution complex. Once again he has provided no substantial evidence. The only thing they provided are some, admittedly borderline libelous, news articles. Unless they provide some more concrete information about these supposed attempts of getting a backdoor installed into the system, I will consider this as just another day of GrapheneOS drama.
concinds 1 days ago [-]
The evidence is not "news articles", but the contents of those articles where a high-ranking prosecutor threatened to go after GrapheneOS "if they don't cooperate with the law".
No matter your feelings about the creator, I think this was entirely the rational choice.
France is pro-Chat Control. For about a year now there's been an anti-drug trafficking fervor among legislators and government, in which they've pushed for encryption backdoors (separate from Chat Control at the EU level) and recently threatened GrapheneOS. The country is politically unstable so future politics are hard to predict, but anti-encryption politicians stand a good chance of winning the next election. Any rational project would move out.
0x1ch 1 days ago [-]
Didn't France intercept Telegram's CEO to force him to backdoor the app while in country?
Yes. Yes they did.
halJordan 24 hours ago [-]
They didn't. TG has never defaulted to e2ee and TG refused to provide the non-e2ee data they had. That is refusing to comply with the law.
You guys hurt your argument so much by straight up lying so you can feel self righteous anger over it
0x1ch 8 hours ago [-]
Being arrested as you walk off your flight sure seems like unjust prosecution.They had him for charges all the way up to being complicit in CSAM distribution. They wanted to hang him, or get what they wanted...
immibis 7 hours ago [-]
It's very normal. You get arrested anywhere they physically can, and then you go through a trial, which may be in a real court or a kangaroo one.
victorbjorklund 7 hours ago [-]
What? Why should criminals be protected specifically when they are walking of their flight?
maelito 1 days ago [-]
Durov runs an app where slave trade was known and documented, and did nothing.
sophrosyne42 1 days ago [-]
Can you believe that the cash Euro is used in crime, human trafficking, and exploitatiom everywhere, and the US hasn't invaded Europe to stop them from supporting human rights violations all over the earth?
maelito 5 hours ago [-]
This has nothing to do with encryption or GrapheneOS. Durov was letting slave networks on unencrypted channels go free.
sophrosyne42 4 hours ago [-]
Same with the Europeans, do you know how much tax evasion and embezzlement goes through Ireland alone?
jtmlis 24 hours ago [-]
The 500 euro bill, it used to be the Canadian 1000 dollar bill.
immibis 7 hours ago [-]
And institutions who handle cash are required to turn over their records to investigate such crimes. So are chat apps. Telegram refused.
sophrosyne42 6 hours ago [-]
So why doesn't the EU hand over its secrets to the US? Seems like the EU is a dangerous supporter of terrorism and human trafficking that should be dissolved
DANmode 1 days ago [-]
At who do you stop laying personal blame for how people use their free will on the Internet,
between Durov and Sir Tim Berners-Lee?
jojobas 1 days ago [-]
If your answer to slave trade using encryption is "deny encryption to everyone" we'll have to agree to disagree.
maelito 6 hours ago [-]
Telegram is not encrypted. These channels where not.
SiempreViernes 1 days ago [-]
Funny how you translated "comply with takedown request" into "deny encryption to everyone".
Doubly funny as you seem to be implying Telegram has worthwhile encryption to start with.
suspended_state 1 days ago [-]
I don't understand the last line in your comment: if Telegram doesn't have good encryption, why would anyone require to have a backdoor installed? Are you implying that the French government isn't able to decrypt a bad encryption scheme? Or that the idea that this government asked for a backdoor is preposterous?
jazzyjackson 1 days ago [-]
Encryption doesn't have to be backdoord because none of the group chats on telegram are encrypted (telegram gets to claim it's "encrypted" because it's TLS between client and server, but e2ee is not claimed except for inconvenient device-to-device chat.
In any case, the back door may be more of a Room 641A arrangement where all messages are intercepted by the host government, saving them the trouble of installing sockpuppet accounts in all the chatrooms they want to keep an eye on
suspended_state 8 hours ago [-]
It's possible that at some point in the past they used TLS, but I believe that MTProto(0) is used now for any communication through Telegram.
O no you're right, I was going off the fact that it's just an encrypted tunnel from client to server, doesn't hide any message content from service provider the way people might expect when they hear "encrypted"
rixed 22 hours ago [-]
The cynic in me believes that the motivation behind this very publicized melodramatic arrest is even simpler: reinforce the myth that Telegram is e2ee (remember the 90s when the DoJ wanted us to believe that 40bits keys were unbreakable?)
Lariscus 1 days ago [-]
I don't disagree about leaving France over their position on chat control or legislation.
I disagree about them essentially spreading misinformation about what actually happened. One prosecutor, that probably doesn't even know what GrapheneOS is, making boisterous claims to the press, is not the same as being contacted by the state about adding a backdoors.
jasonvorhe 1 days ago [-]
I don't get what you're saying.
Interviewed cop says they'll go after them if they don't cooperate, which would mean a) requesting assistance to law enforcement via means such as backdoors and server seizures and b) resulting in legal steps against the organization and its members by France. Who in their right mind wouldn't take this a threat? After Wikileaks, the Telegram CEO, pushes for chat control and other authoritarian techniques?
Sure, the cop might be a nobody in the grand scheme of things but they're representing a government agency publicly so they're probably not babbling out nonsense in a bar somewhere, being overheard by a reporter.
aunty_helen 1 days ago [-]
Don’t you need that sort of paranoia to go out and create a privacy focused mobile OS?
cladopa 1 days ago [-]
It is not called "paranoia" if it is real that they are coming after you.
Have you not seen what happened to Telegram CEO?
jjgreen 1 days ago [-]
A world-weary cynicism suffices.
idle_zealot 1 days ago [-]
I expect that most cynics would just keep their heads down and use iOS or something. The intense idealism needed to motivate something like Graphene is compatible with paranoia, but not with weariness.
bigbadfeline 1 days ago [-]
> The intense idealism needed to motivate something like Graphene
Yes, the intense idealism of the brainwashed and oblivious prompted the realistic Graphene creators to do something themselves instead of waiting for other realistic folks who happen to be few and far between.
gruez 1 days ago [-]
>The project founder has a well documented history of what I would consider a persecution complex.
When you are in this business it's better to be safe than Pavel Durov.
1 days ago [-]
yownie 12 hours ago [-]
I did a deep dive and Daniel Micay stepped down as lead dev back in 2023 FYI.
sunshine-o 1 days ago [-]
What happened to the founder of Telegram should be enough to discourage any of them to travel in France.
Especially since I guess they do not have the same kind of money and influence to fight it back.
rgblambda 1 days ago [-]
A European Arrest Warrant would make the entire EU off limits. Which makes me think they haven't thought this through and are just overreacting, as many on this thread suspect.
If the GrapheneOS maintainers were being advised by a lawyer, they'd surely know that if French Authorities wanted them arrested and they were standing on a street corner in Stockholm, they could just as easily be picked up by police as if they were in a café in Paris. Making the whole France travel ban just a load of theatrics.
bigbadfeline 1 days ago [-]
> Which makes me think they haven't thought this through and are just overreacting.
You're contradicting yourself. If "they haven't thought this through" they clearly haven't been paranoid enough but in that case they aren't overreacting, they're under-reacting. They need to transfer development out of the EU, not just out of France. That's one unexpected benefit of Brexit, btw.
nani8ot 1 days ago [-]
Sadly UK have been passing similar laws as the EU when it comes to encryption, so they aren't any better.
rgblambda 1 days ago [-]
My point is that they clearly haven't sat down with a lawyer, so don't know what the appropriate response is.
I suspect they'd get told to calm down while the lawyer sends a letter to the authorities explaining what they're currently attempting to articulate via social media.
The lead developer seems to have a history of this style of communication in response to any minor critique of himself or GrapheneOS.
SiempreViernes 1 days ago [-]
> You're contradicting yourself. If "they haven't thought this through" they clearly haven't been paranoid enough
There is no contradiction between "being paranoid" and "not being rational".
Oh my mistake, you intentionally put "benefit" and "Brexit" in the same sentence; yes, there's absolutely a contradiction there, well done lad.
bigbadfeline 23 hours ago [-]
> you intentionally put "benefit" and "Brexit" in the same sentence
My comment wasn't an endorsement of Brexit, UK or EU. I was only thinking that if a quick change to a nearby jurisdiction was needed, the UK would be a place to consider, at least in the short term.
blitzar 15 hours ago [-]
The UK position is that Europe were allowing encryption and stopping the UK from banning it.
The UK doesn't even pretend the laws are for "child safety" they call it what it is - "snoopers charter".
dijit 1 days ago [-]
I mean, maybe?
Multiple accounts have said the same thing in this thread, and I'll be honest here: given the Jia Tan situation, it could be true (in the way that he's being pushed by external forces). It could it be character assassination... Or it could be totally valid: idk.
But what I do know is that nobody is providing any citations.
I also know that progress depends on the tyranny of unreasonable people.
Bender 1 days ago [-]
They should consider making their primary site a .onion and then have clear-web portals in many countries that serve as a secondary class site or cache. The physical location of the primary site should be unknown.
hacker_homie 1 days ago [-]
We can only use technical solutions to this problem for so long.
The real issue is that the public wants a right to digital privacy.
The state would not like you to have that because they are lazy and want to be able to look at your messages.
Because they have convinced themselves that messages are a crime.
This is a political problem not a technical one.
ranger_danger 1 days ago [-]
> The real issue is that the public wants a right to digital privacy.
Legitimate question, is there any concrete evidence that the majority of the public actually does want this?
port11 14 hours ago [-]
I think that if you explain it properly, most people would be concerned.
Privacy is a nebulous term, but what does it enable? The right to be yourself, to expose what you want, to take back mistakes, to keep for yourself somethings that you don't want to share.
Privacy is therefore the right to be yourself. You do have something to hide, you don't want everyone knowing your deepest thoughts, aspirations, all of your past mistakes, etc.
But instead we always explain it in ways that people don't connect with.
ranger_danger 10 hours ago [-]
I don't think people would be concerned about that explanation either... I think they need to hear real-world consequences, of which the only one I can remotely think of would be identity theft, and the chances of that happening I think are still slim among all the people whose info has even already been exposed publicly.
How does privacy enable one to "not know your deepest thoughts" if you're aren't giving that information out in the first place?
xethos 6 hours ago [-]
> I don't think people would be concerned about that explanation either... I think they need to hear real-world consequences
I think you're right. I'm not hopeful the general population will change and suddenly say "E2EE matters, dammit!". Because the small scale consequences are boiling the frog, and the major ones "could never happen to me".
I'm sure we've all seen the Google account that got nuked [0, 1], but pointing that out to people is likely to garner responses ranging from "But I need Google for $thing" to "I don't have kids, so I'm fine". We unfortunately don't have any medium-scale fallout - just ghost stories of one guy, one time, being bitten.
[0] Costing the guy his phone number, photos, emails, contacts, any paid apps, documents in Google Drive, and presumably associating his credit card, address, and name with a banned account. Given how Google relies on automation for flagging and harassing accounts, I'd expect his troubles aren't over just yet should he make a new Google account.
There is not. In fact, many users will gladly give away any notion of privacy whatsoever in exchange for a Candy Crush lootbox.
blitzar 1 days ago [-]
I have felt great pity for Snowden all these years, his personal sacrifice was all for nothing, a short news cycle later and nobody cared.
wakawaka28 24 hours ago [-]
People care but lots of people were brainwashed by politicians and the media to think it's no big deal, and even that Snowden is a bad guy. I've met somewhat intelligent people in real life who have zero appreciation for his disclosure, seemingly oblivious to the fact that whistleblowers are unwanted by the establishment. Does anyone seriously think they didn't know that what they were doing was highly illegal and inappropriate?
Telaneo 1 days ago [-]
How many users are aware of their loss of privacy, and of those who are, how many are aware of its extent? These are not trade-offs with clear and obvious implications written on the tin.
9dev 19 hours ago [-]
Have you tried talking to normies about this? Sure, nobody likes bad things happening to them, but they usually neither understand what would be bad about a loss of privacy, think the long-term consequences are just paranoid fear-mongering, and will shrug away the implications next time they encounter a decision between comfort and privacy again.
It reminds me of Jamie Oliver (I think it was him) showing a group of pupils how Chicken Nuggets are made, in all its brutality; afterwards, when asking them if they would like to eat some nuggets now, guess what they said? "Yeeeeees!"
serial_dev 1 days ago [-]
I want digital privacy… but a lootbox is a lootbox.
doubled112 1 days ago [-]
As long as the cost/benefit calculation is high enough on your side, you’re fine with it?
…and if you ask them, most people don't want animals to suffer. Guess what they're ordering next time at the restaurant? It's not the vegan pasta.
goku12 17 hours ago [-]
And how exactly does that analogy apply here? The current situation is more like the government banning vegan pasta.
9dev 11 hours ago [-]
What I was trying to say was that people are "concerned" about lots of things, but that doesn't mean much on its own. As soon as they actually have to give up some immediate comfort for the long-term better option, they will not act upon their concerns but choose satisfaction right now, reliably.
17 hours ago [-]
hacker_homie 12 hours ago [-]
People I know are sick to death of all the advertisements in everything.
The personalized ad economy is the most obvious and personally impacting symptom of this legislative failure.
izacus 1 days ago [-]
I wonder what an actual referendum on Chat Control would actually say as well.
OuterVale 1 days ago [-]
The official title is 'Regulation to Prevent and Combat Child Sexual Abuse' and I imagine most people would be inclined to vote in favour of that without context.
bfg_9k 1 days ago [-]
And yet people don't realise that Epstein was talking in clear text for years through a gmail account that the government could access - and the powers that be didn't do anything about it. It's got nothing to do with protecting children, it's about controlling and monitoring the population.
anonymousiam 1 days ago [-]
It's a sad fact that there's just no way for GrapheneOS to win this fight. The intelligence agencies of every world government are on one side, and a relatively poor organization that produces less restricted cell phone software is on the other.
immibis 1 days ago [-]
And mostly (but not entirely) neutral judges are the arbitrators.
trizuz 17 hours ago [-]
[dead]
gruez 1 days ago [-]
How does this increase security? The actual code is distributed over github and is digitally signed. Same goes for the installers/updates. Attempts to replace the contents would be easily detected, and would won't do much, aside from maybe compromising someone installing in that short time frame. Moreover darknet sites have an identity problem. It's easy to validate that "grapheneos.org" is the official site, not least because there's no grapheneos.com or similar. If you're using a hidden service you'll get an address like graphenenlhxh74dsi1kk1k8se0wutcc2v4f7bnohqe8zxbkfk8z3wp8.onion. How do you know whether that's the official site, or graphenenlhxr1uvl0i8oiuzx587fpgcesik0apij5axd1a0xbdvj5eg.onion?
vbezhenar 23 hours ago [-]
> It's easy to validate that "grapheneos.org"
Is it? Why not graphene-os.org? Why not graphene.org? Why not grapheneos.com? Why not grapheneos.io? How do you validate it, really?
Also who REALLY controls that domain in the end? Someone with access to `.org` nameservers. Do you trust that person? What's their name?
gruez 23 hours ago [-]
>Also who REALLY controls that domain in the end? Someone with access to `.org` nameservers. Do you trust that person? What's their name?
Same way you trust/verify that you got Tor Browser from the right domain, and the organization behind it hasn't backdoored it (didn't the tor project recieve government funding?).
fragmede 23 hours ago [-]
You plug it into Google and hope they got it right
vbezhenar 21 hours ago [-]
Try putting Putty into Google.
immibis 1 days ago [-]
It's amazing to me that everyone even slightly disliked by the ruling class isn't doing this. Like remember when Nintendo took down a bunch of Switch emulators... from GitHub? Why were they primarily on GitHub?
zamadatix 11 hours ago [-]
GitHub is a great, free as in $, and convenient place to be. So long as they weren't ONLY on GitHub (they weren't, the source code is still around) they can get the best of both worlds before and after.
The deeper problem for the Switch emulators was letting their personal life be linked to it so Nintendo could seek legal pressure against them directly.
immibis 7 hours ago [-]
If you host on any mainstream site, you can expect they're recording your IP address, your ISP is recording who has that address, and both of them will rapidly give it up to anyone who seems official or legally scary enough.
zamadatix 4 hours ago [-]
One as the content provider can still use the same kinds of methods such as ToR to browse clearnet hosting sites without limiting the content consumers to only accessing the content via a .onion link.
It's the same thing as the original comment except in reverse. The only downside is you may lose the popular/easy distribution method if it gets taken down. The alternative is to just declare it lost day 1 though, so there is only a gain to be made in leeching a hosting site like GitHub while you can.
undeveloper 1 days ago [-]
Technically emulators are not against the law, piracy is against the law. And given that open source projects are all on github, it makes sense for them to just be on github
That said, there are many forks of the projects DMCA'd still floating around.
immibis 17 hours ago [-]
They don't have to be against the law - they just have to annoy powerful people.
aborsy 1 days ago [-]
Canada is liberal and a better option for hosting privacy projects than EU.
Every few months a bad proposal comes out of somewhere in EU. The details of this case don’t matter, the tendency is big government control.
tracker1 1 days ago [-]
I'm not sure... they've added some pretty repressive language controls themselves already. Let alone proposed legislation.
There is no place in the world where there are not bad proposals all the time. Some places are worse than others, but everyplace has problems and needs to be watched.
wiredpancake 1 days ago [-]
[dead]
mardifoufs 1 days ago [-]
The Canadian parliament can vote laws that break/infringe upon most of our charter rights with a simple majority, using the non-withstanding clause. The Quebec government has already used it and is signaling that it will use that clause even more often.
Again, that requires a simple parliament majority and courts aren't allowed to really do anything about a law once that clause is invoked. That makes for one of the worst places to be in for something like grapheneOS in the long term. You're just a single election away from a PM like Legault deciding that encryption is against "Canadian values" or something.
(They wouldn't even need that to restrict encryption, but it still makes us unique in the west since it's just a "routine" clause that can be invoked to suspend almost every possible legal challenge against a law outside of any emergency situation or extraordinary circumstance, and is used almost on a yearly basis nowadays )
dragonwriter 1 days ago [-]
> but it still makes us unique in the west since it's just a "routine" clause that can be invoked to suspend almost every possible legal challenge against a law
It is not unique in the West, or even specifically in those parts of the West that share the same head of state as Canada; in fact, Britain itself has a more extreme form of it given Parliamentary sovereignty.
1 days ago [-]
mardifoufs 9 hours ago [-]
It is unique in the sense that the charter itself has a clause that makes itself almost useless. And that provinces can also use it at will (that's really the main problem, as the federal government is way less likely to use it, and hasn't used it), and doing so short circuits any federal court oversight.
But I agree that parliamentary sovereignty is an even bigger can of worms.
palata 1 days ago [-]
EU is not a country. There are many different countries in the EU.
mschuster91 1 days ago [-]
EU has reciprocal arrest warrants and other treaties to assist law enforcement.
mbs159 18 hours ago [-]
Though not an equivalent, the US has extradition treaties and various international agreements for surrendering a fugitive to a foreign country
The title should be, "GrapheneOS jumps from frying pan to fire".
rixed 21 hours ago [-]
Is anyone working on a low orbit Datacenter already?
bedros 1 days ago [-]
wondering how this will affect veracrypt. which is mostly developed by a French developer.
metalman 11 hours ago [-]
this is all fluff and noise, as we are on the threshold of space based servers, complying with the laws of convienient country next, owned by company overthere, leased to a "guy in taiwan", maybe
1 days ago [-]
sunshine-o 1 days ago [-]
Here is the problem France and Europe need to be somehow attractive in the world today:
- Energy prices -> nope
- Science and technology -> not anymore plus the brain drain is accelerating
- Business environment and competitive taxes -> nope
Europe still had good living environment, safety, fair privacy and rule of law. But western Europe seems to be dedicated to destroy this too. In the meanwhile a lot of countries elsewhere are progressing rapidly in those domains.
For what it's worth, Micay has a long history of accusing other people of slandering the project without providing any evidence or rebuttals.
When asked for details, he gets defensive and accusatory, then creates multiple sockpuppet accounts to argue the same points over and over.
palata 1 days ago [-]
I read about this when I first discovered GrapheneOS, and it looked like it. And it may be partially correct.
But on the other hand, I have read a lot of "drama" between e.g. /e/OS and GrapheneOS, and more often than not, it looked like GrapheneOS was criticising actual limitations of /e/OS and /e/OS (a mix of the community and official comms) seemed to be the one being unfair.
GrapheneOS generally is pretty direct at saying stuff like "their approach is strictly less secure" or "they are often worse than Stock Android", and I understand that this is not good publicity for Murena. But I am yet to see one of these claims to be wrong: all I can say is that the tone is very direct and could offend the /e/OS people, even if the claims are true.
On the other hand, instead of just acknowledging and trying to explain why /e/OS may be a good choice (e.g. if you happen to own a phone that is not a Pixel and that is well supported by /e/OS), I have seen actually wrong claims from /e/OS against GrapheneOS (sometimes downright technically wrong about security/privacy). And while GrapheneOS is quite exemplary with their support (if your phone is supported, then it's best in class), I have run /e/OS on a couple of phones and I have seen by myself that some of the security updates were 3 years old while the Stock Android was actually up-to-date.
So yeah... I get that it's a sensitive topic, but I feel like there is more a long history of people accusing GrapheneOS of accusing people, and I'm not anymore convinced that this is actually true.
iamnothere 1 days ago [-]
This is likewise my experience. It’s true that Micay is prickly and unwilling to prioritize social grace over technical accuracy, but that’s kind of what I’d like to see for a project like this.
Grimblewald 1 days ago [-]
Honestly, this thread has done more to sell me on graphene than anything else. This makes me think its a fully serious and ridigid in its integrity endevour.
wkat4242 4 hours ago [-]
Micay was mostly up in arms against CalyxOS not so much /e/. I can't verify that he was right, but most commenters, even former supporters like Louis Rossmann say he wasn't.
But it's been very quiet since he stepped down and I have more confidence in grapheneos now.
preisschild 15 hours ago [-]
Yeah, I had found the same when I looked into this. It seems that the Murena CEO himself is spreading factually incorrect critique of GrapheneOS
1 days ago [-]
neilv 1 days ago [-]
"Just because you're paranoid, doesn't mean they aren't out to get you."
protimewaster 1 days ago [-]
I was going to say something along these lines.
There was a post on the GrapheneOS forums a while back, from Micay, claiming that a well-known YouTuber who had backtracked on recommending GrapheneOS (because of Micay's behavior, according to the YouTuber) had probably actually backtracked because the YouTuber was financially involved with a competing project. My initial reaction to the post was, "Oh, I guess this is that paranoia I've heard about with Micay." My thought was reenforced when it was further claimed, in that thread, that the YouTuber was active in a forum well known for online bullying of people they don't like. The whole thing definitely sounded paranoid.
In the thread, though, there was in fact linked paperwork where the YouTuber had registered the company in question, and also links to a verified account on the forums in question (using the YouTuber's real name).
So, yeah, just because you're paranoid, doesn't mean they're not out to get you.
neilv 1 days ago [-]
Yeah, I think it's fair to say that Micay knows a million times more about this technical and application space, and the political and business dynamics around it, than most HNers.
And I also believe that he's actually been personally targeted for harassment, from multiple directions, over the years.
So he's learned and earned some... vigilance.
And overall, I suspect that GrapheneOS is much better for the vigilant mindset.
I donated money partly with this in mind.
I don't know whether the project has a PR expert working with them already, but if not, that would be a nice pairing with the very smart and vigilant people on the team.
jasonvorhe 1 days ago [-]
Most people rather trust some newspaper or magazine instead of investing 10 minutes into researching on their own only to then start sockpuppeting for the conclusions of the author who probably didn't do their due diligence in writing the piece in the first place.
neilv 1 days ago [-]
"Sockpuppeting" has connotations that don't apply here, and it's an important term for other pressing purposes, so we don't want to dilute it. Does "parroting" express your intent well enough?
jasonvorhe 1 days ago [-]
I was struggling with the term myself being a non-native speaker. I appreciate your suggestion, it's a much better fit. Thanks!
mmooss 1 days ago [-]
I understand the concerns and anger of GrapheneOS's leadership, but the hyper-escalation tactic doesn't do what they hope:
First, it sends a message of inexperience in business, negotiation, and conflict resolution: 'I'm going to take my ball and leave' - it looks like an emotional overreaction without strategic thinking. These days you sometimes see powerful parties making similar threats - e.g., Uber threatening to leave certain markets. But those people have significant power and their tactic is really to demonstrate that in order to shift their negotiating position; usually they don't actually decamp, and GrapheneOS has relatively little power so that tactic doesn't apply.
As importantly, it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee. Others will take note, and many will think the same of other FOSS projects, large and small - they are easily intimidated and dismissed.
Another reason people don't use these tactics is that they have other important interests besides the one under immediate threat. A requirement of anyone with significant investments that can't be easily abandoned - which is everyone doing anything of value - is to navigate in a way that upholds all those interests. You don't burn down the house to kill a rat. It can be hard and requires careful, deliberate thought and strategy.
One unmentioned interest that might appeal to GrapheneOS's leadership is the freedoms of people in France to create FOSS, and to individual privacy and security.
elric 1 days ago [-]
Exiting France when they feel like the freedoms of their software and their contributors are in danger seems like a perfectly reasonable response.
GrapheneOS is an open source project. They hand out great software for free. They have no obligations to do this. And they certainly have no obligation to try to "negotiate" with obviously hostile governments. They have nothing to gain from this.
> You don't burn down the house to kill a rat.
I don't see how this analogy applies here. France is the house.
mmooss 1 days ago [-]
This is the second time people responded to a post about GrapheneOS strategy with an argument about obligations. It's hard to even explain how vastly different those issues are. I didn't say anything about GrapheneOS's obligations; I talked about strategy and tactics to serve their goals.
If you do want to talk about obligations - yes, we all have obligations to our communities, societies, etc., whether we like it or not, whether we deny it or not. GrapheneOS has obligations to the open source community, to freedom, to their users and developers, etc. Defining those obligations is very difficult and I won't try, but if none of us have those obligations then who does? There's nobody else coming to the rescue, there is no authority that will take care of it for you (like parents caring for irresponsible children) - it's just you and me.
delichon 1 days ago [-]
> I talked about strategy and tactics to serve their goals.
I am skeptical that there is any lesser step that they can take consistent with their goal of an uncompromised OS. Or that France would be satisfied with anything less than access. Security is not a side feature of GrapheneOS that they can compromise on, it's their core mission. It's like telling Frodo to see the sights in Mordor, but stay away from Mount Doom.
mmooss 23 hours ago [-]
This is part of the overreaction I described. Nothing the government of France has said publicly indicates any interest in GOS, beyond one quote from one prosecutor. Has there been any direct communication between someone from the government and GOS regarding this issue?
I get that people are outraged, etc. but it's actually damaging the cause. GOS looks like an unreliable partner.
elric 1 days ago [-]
> I talked about strategy and tactics to serve their goals
Putting their project or contributors at risk does not serve their goals. You seem to be expecting a lot from a bunch of volunteer contributors.
TheCraiggers 1 days ago [-]
> it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee.
Somehow I doubt France thinks they "won". What they wanted was a back door into the OS. Not only did they not get that but they lost what little bargaining power they had when gOS left France.
> it sends a message of inexperience in business, negotiation
You don't negotiate with terrorists. Obviously France isn't a terror organization but the point is the same: you don't play their game. You play your own.
Leaving the country is exactly that.
StopDisinfo910 1 days ago [-]
> Somehow I doubt France thinks they "won". What they wanted was a back door into the OS.
There is absolutely nothing pointing to France wanting a backdoor in GOS. The only thing we have is one prosecutor quoted in a far right journal saying she wouldn’t hesitate to charge them if they are linked to organised crimes and refuse to cooperate.
When France wants a backdoor in an open source project, they do it like every modern country with an intelligence service, sneakily.
blitzar 1 days ago [-]
When France wants a backdoor in an open source project, they do it like every modern country with an intelligence service, the borrow either the CIA's or Mossads.
eloisant 1 days ago [-]
If you want my opinion GrapheneOS isn't on the radar of the French government at all, so they don't think they "won" or "lost". It's kind of a "I don't think about you at all" Mad Men Meme.
It's just a few cops who said "I don't like that we can't crack it", and a journalist who asked the prosecutor who got Durov arrested and she said "well sure if they break the law we could sue them".
The only party that is getting hurt about this whole thing is their French hosting company, OVH, who tried to calm down the situation and talk to explain him that they can still safely use OVH.
GrapheneOS also lost something. Whatever they are shutting down in France has some value, or it wouldn't have existed in the first place. Also they lose access to future opportunities in France.
anvuong 1 days ago [-]
> self-advertised as uncompromising privacy focused OS
> didn't even compromise even a bit (negotiation is already a compromise) against a country who is notorious for advocating for privacy-invasive policies in recent years
> get lectured by yc high-horse rider on the obligation blah blah, even when by and large this move doesn't materially affect the end-users in any substantial way
I used 4chan style because most of the times 4chan commenters have more sense than yc these days. Many people here do live in glass houses.
GP here. Why have three people now said I commented on obligations? I said nothing about it (and thought nothing about it).
mcv 1 days ago [-]
I don't know. It's making the news, and if GrapheneOS is the only one protesting this, what are iPhone and Android already complying with? Perhaps I should also switch to GrapheneOS.
And moving your servers out of jurisdictions that threaten them is not hyper-escalation; that's just being responsible.
mmooss 1 days ago [-]
> It's making the news, and if GrapheneOS is the only one protesting this, what are iPhone and Android already complying with? Perhaps I should also switch to GrapheneOS.
That is a (minor) upside, imho.
palata 1 days ago [-]
I am genuinely not sure you understand what GrapheneOS is doing here. They were using French servers (OVH) for some infrastucture, and they are moving away from that because they are pissed at France.
They don't make GrapheneOS unavailable to French users, they just change "cloud provider".
There is no negotiation or conflict resolution there: they don't feel safe using a French provider, so they move to a non-French provider, period.
Klonoar 1 days ago [-]
Exactly what ball do you think they’re taking and leaving?
t3rra 1 days ago [-]
Ok, Johanna Brousse
Rendered at 01:44:30 GMT+0000 (Coordinated Universal Time) with Vercel.
France threatens GrapheneOS with arrests / server seizure for refusing backdoors - https://news.ycombinator.com/item?id=46035977 - Nov 2025 (244 comments)
Recent and related:
France is taking state actions against GrapheneOS? - https://news.ycombinator.com/item?id=45999024 - Nov 2025 (108 comments)
No matter your feelings about the creator, I think this was entirely the rational choice.
France is pro-Chat Control. For about a year now there's been an anti-drug trafficking fervor among legislators and government, in which they've pushed for encryption backdoors (separate from Chat Control at the EU level) and recently threatened GrapheneOS. The country is politically unstable so future politics are hard to predict, but anti-encryption politicians stand a good chance of winning the next election. Any rational project would move out.
Yes. Yes they did.
You guys hurt your argument so much by straight up lying so you can feel self righteous anger over it
between Durov and Sir Tim Berners-Lee?
Doubly funny as you seem to be implying Telegram has worthwhile encryption to start with.
In any case, the back door may be more of a Room 641A arrangement where all messages are intercepted by the host government, saving them the trouble of installing sockpuppet accounts in all the chatrooms they want to keep an eye on
(0): https://core.telegram.org/mtproto
I disagree about them essentially spreading misinformation about what actually happened. One prosecutor, that probably doesn't even know what GrapheneOS is, making boisterous claims to the press, is not the same as being contacted by the state about adding a backdoors.
Interviewed cop says they'll go after them if they don't cooperate, which would mean a) requesting assistance to law enforcement via means such as backdoors and server seizures and b) resulting in legal steps against the organization and its members by France. Who in their right mind wouldn't take this a threat? After Wikileaks, the Telegram CEO, pushes for chat control and other authoritarian techniques?
Sure, the cop might be a nobody in the grand scheme of things but they're representing a government agency publicly so they're probably not babbling out nonsense in a bar somewhere, being overheard by a reporter.
Have you not seen what happened to Telegram CEO?
Yes, the intense idealism of the brainwashed and oblivious prompted the realistic Graphene creators to do something themselves instead of waiting for other realistic folks who happen to be few and far between.
Source?
Especially since I guess they do not have the same kind of money and influence to fight it back.
If the GrapheneOS maintainers were being advised by a lawyer, they'd surely know that if French Authorities wanted them arrested and they were standing on a street corner in Stockholm, they could just as easily be picked up by police as if they were in a café in Paris. Making the whole France travel ban just a load of theatrics.
You're contradicting yourself. If "they haven't thought this through" they clearly haven't been paranoid enough but in that case they aren't overreacting, they're under-reacting. They need to transfer development out of the EU, not just out of France. That's one unexpected benefit of Brexit, btw.
I suspect they'd get told to calm down while the lawyer sends a letter to the authorities explaining what they're currently attempting to articulate via social media.
The lead developer seems to have a history of this style of communication in response to any minor critique of himself or GrapheneOS.
There is no contradiction between "being paranoid" and "not being rational".
Oh my mistake, you intentionally put "benefit" and "Brexit" in the same sentence; yes, there's absolutely a contradiction there, well done lad.
My comment wasn't an endorsement of Brexit, UK or EU. I was only thinking that if a quick change to a nearby jurisdiction was needed, the UK would be a place to consider, at least in the short term.
The UK doesn't even pretend the laws are for "child safety" they call it what it is - "snoopers charter".
Multiple accounts have said the same thing in this thread, and I'll be honest here: given the Jia Tan situation, it could be true (in the way that he's being pushed by external forces). It could it be character assassination... Or it could be totally valid: idk.
But what I do know is that nobody is providing any citations.
I also know that progress depends on the tyranny of unreasonable people.
The real issue is that the public wants a right to digital privacy.
The state would not like you to have that because they are lazy and want to be able to look at your messages.
Because they have convinced themselves that messages are a crime.
This is a political problem not a technical one.
Legitimate question, is there any concrete evidence that the majority of the public actually does want this?
Privacy is a nebulous term, but what does it enable? The right to be yourself, to expose what you want, to take back mistakes, to keep for yourself somethings that you don't want to share.
Privacy is therefore the right to be yourself. You do have something to hide, you don't want everyone knowing your deepest thoughts, aspirations, all of your past mistakes, etc.
But instead we always explain it in ways that people don't connect with.
How does privacy enable one to "not know your deepest thoughts" if you're aren't giving that information out in the first place?
I think you're right. I'm not hopeful the general population will change and suddenly say "E2EE matters, dammit!". Because the small scale consequences are boiling the frog, and the major ones "could never happen to me".
I'm sure we've all seen the Google account that got nuked [0, 1], but pointing that out to people is likely to garner responses ranging from "But I need Google for $thing" to "I don't have kids, so I'm fine". We unfortunately don't have any medium-scale fallout - just ghost stories of one guy, one time, being bitten.
[0] Costing the guy his phone number, photos, emails, contacts, any paid apps, documents in Google Drive, and presumably associating his credit card, address, and name with a banned account. Given how Google relies on automation for flagging and harassing accounts, I'd expect his troubles aren't over just yet should he make a new Google account.
[1] https://www.theverge.com/2022/8/21/23315513/google-photos-cs...
It reminds me of Jamie Oliver (I think it was him) showing a group of pupils how Chicken Nuggets are made, in all its brutality; afterwards, when asking them if they would like to eat some nuggets now, guess what they said? "Yeeeeees!"
80% are concerned.
The personalized ad economy is the most obvious and personally impacting symptom of this legislative failure.
Is it? Why not graphene-os.org? Why not graphene.org? Why not grapheneos.com? Why not grapheneos.io? How do you validate it, really?
Also who REALLY controls that domain in the end? Someone with access to `.org` nameservers. Do you trust that person? What's their name?
Same way you trust/verify that you got Tor Browser from the right domain, and the organization behind it hasn't backdoored it (didn't the tor project recieve government funding?).
The deeper problem for the Switch emulators was letting their personal life be linked to it so Nintendo could seek legal pressure against them directly.
It's the same thing as the original comment except in reverse. The only downside is you may lose the popular/easy distribution method if it gets taken down. The alternative is to just declare it lost day 1 though, so there is only a gain to be made in leeching a hosting site like GitHub while you can.
That said, there are many forks of the projects DMCA'd still floating around.
Every few months a bad proposal comes out of somewhere in EU. The details of this case don’t matter, the tendency is big government control.
https://www.eff.org/deeplinks/2025/07/canadas-bill-c-2-opens...
Again, that requires a simple parliament majority and courts aren't allowed to really do anything about a law once that clause is invoked. That makes for one of the worst places to be in for something like grapheneOS in the long term. You're just a single election away from a PM like Legault deciding that encryption is against "Canadian values" or something.
(They wouldn't even need that to restrict encryption, but it still makes us unique in the west since it's just a "routine" clause that can be invoked to suspend almost every possible legal challenge against a law outside of any emergency situation or extraordinary circumstance, and is used almost on a yearly basis nowadays )
It is not unique in the West, or even specifically in those parts of the West that share the same head of state as Canada; in fact, Britain itself has a more extreme form of it given Parliamentary sovereignty.
But I agree that parliamentary sovereignty is an even bigger can of worms.
- Energy prices -> nope
- Science and technology -> not anymore plus the brain drain is accelerating
- Business environment and competitive taxes -> nope
Europe still had good living environment, safety, fair privacy and rule of law. But western Europe seems to be dedicated to destroy this too. In the meanwhile a lot of countries elsewhere are progressing rapidly in those domains.
When asked for details, he gets defensive and accusatory, then creates multiple sockpuppet accounts to argue the same points over and over.
But on the other hand, I have read a lot of "drama" between e.g. /e/OS and GrapheneOS, and more often than not, it looked like GrapheneOS was criticising actual limitations of /e/OS and /e/OS (a mix of the community and official comms) seemed to be the one being unfair.
GrapheneOS generally is pretty direct at saying stuff like "their approach is strictly less secure" or "they are often worse than Stock Android", and I understand that this is not good publicity for Murena. But I am yet to see one of these claims to be wrong: all I can say is that the tone is very direct and could offend the /e/OS people, even if the claims are true.
On the other hand, instead of just acknowledging and trying to explain why /e/OS may be a good choice (e.g. if you happen to own a phone that is not a Pixel and that is well supported by /e/OS), I have seen actually wrong claims from /e/OS against GrapheneOS (sometimes downright technically wrong about security/privacy). And while GrapheneOS is quite exemplary with their support (if your phone is supported, then it's best in class), I have run /e/OS on a couple of phones and I have seen by myself that some of the security updates were 3 years old while the Stock Android was actually up-to-date.
So yeah... I get that it's a sensitive topic, but I feel like there is more a long history of people accusing GrapheneOS of accusing people, and I'm not anymore convinced that this is actually true.
But it's been very quiet since he stepped down and I have more confidence in grapheneos now.
There was a post on the GrapheneOS forums a while back, from Micay, claiming that a well-known YouTuber who had backtracked on recommending GrapheneOS (because of Micay's behavior, according to the YouTuber) had probably actually backtracked because the YouTuber was financially involved with a competing project. My initial reaction to the post was, "Oh, I guess this is that paranoia I've heard about with Micay." My thought was reenforced when it was further claimed, in that thread, that the YouTuber was active in a forum well known for online bullying of people they don't like. The whole thing definitely sounded paranoid.
In the thread, though, there was in fact linked paperwork where the YouTuber had registered the company in question, and also links to a verified account on the forums in question (using the YouTuber's real name).
So, yeah, just because you're paranoid, doesn't mean they're not out to get you.
And I also believe that he's actually been personally targeted for harassment, from multiple directions, over the years.
So he's learned and earned some... vigilance.
And overall, I suspect that GrapheneOS is much better for the vigilant mindset.
I donated money partly with this in mind.
I don't know whether the project has a PR expert working with them already, but if not, that would be a nice pairing with the very smart and vigilant people on the team.
First, it sends a message of inexperience in business, negotiation, and conflict resolution: 'I'm going to take my ball and leave' - it looks like an emotional overreaction without strategic thinking. These days you sometimes see powerful parties making similar threats - e.g., Uber threatening to leave certain markets. But those people have significant power and their tactic is really to demonstrate that in order to shift their negotiating position; usually they don't actually decamp, and GrapheneOS has relatively little power so that tactic doesn't apply.
As importantly, it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee. Others will take note, and many will think the same of other FOSS projects, large and small - they are easily intimidated and dismissed.
Another reason people don't use these tactics is that they have other important interests besides the one under immediate threat. A requirement of anyone with significant investments that can't be easily abandoned - which is everyone doing anything of value - is to navigate in a way that upholds all those interests. You don't burn down the house to kill a rat. It can be hard and requires careful, deliberate thought and strategy.
One unmentioned interest that might appeal to GrapheneOS's leadership is the freedoms of people in France to create FOSS, and to individual privacy and security.
GrapheneOS is an open source project. They hand out great software for free. They have no obligations to do this. And they certainly have no obligation to try to "negotiate" with obviously hostile governments. They have nothing to gain from this.
> You don't burn down the house to kill a rat.
I don't see how this analogy applies here. France is the house.
If you do want to talk about obligations - yes, we all have obligations to our communities, societies, etc., whether we like it or not, whether we deny it or not. GrapheneOS has obligations to the open source community, to freedom, to their users and developers, etc. Defining those obligations is very difficult and I won't try, but if none of us have those obligations then who does? There's nobody else coming to the rescue, there is no authority that will take care of it for you (like parents caring for irresponsible children) - it's just you and me.
I am skeptical that there is any lesser step that they can take consistent with their goal of an uncompromised OS. Or that France would be satisfied with anything less than access. Security is not a side feature of GrapheneOS that they can compromise on, it's their core mission. It's like telling Frodo to see the sights in Mordor, but stay away from Mount Doom.
I get that people are outraged, etc. but it's actually damaging the cause. GOS looks like an unreliable partner.
Putting their project or contributors at risk does not serve their goals. You seem to be expecting a lot from a bunch of volunteer contributors.
Somehow I doubt France thinks they "won". What they wanted was a back door into the OS. Not only did they not get that but they lost what little bargaining power they had when gOS left France.
> it sends a message of inexperience in business, negotiation
You don't negotiate with terrorists. Obviously France isn't a terror organization but the point is the same: you don't play their game. You play your own.
Leaving the country is exactly that.
There is absolutely nothing pointing to France wanting a backdoor in GOS. The only thing we have is one prosecutor quoted in a far right journal saying she wouldn’t hesitate to charge them if they are linked to organised crimes and refuse to cooperate.
When France wants a backdoor in an open source project, they do it like every modern country with an intelligence service, sneakily.
It's just a few cops who said "I don't like that we can't crack it", and a journalist who asked the prosecutor who got Durov arrested and she said "well sure if they break the law we could sue them".
The only party that is getting hurt about this whole thing is their French hosting company, OVH, who tried to calm down the situation and talk to explain him that they can still safely use OVH.
https://mastodon.social/@_bapt_/115585566888497543
> didn't even compromise even a bit (negotiation is already a compromise) against a country who is notorious for advocating for privacy-invasive policies in recent years
> get lectured by yc high-horse rider on the obligation blah blah, even when by and large this move doesn't materially affect the end-users in any substantial way
I used 4chan style because most of the times 4chan commenters have more sense than yc these days. Many people here do live in glass houses.
And moving your servers out of jurisdictions that threaten them is not hyper-escalation; that's just being responsible.
That is a (minor) upside, imho.
They don't make GrapheneOS unavailable to French users, they just change "cloud provider".
There is no negotiation or conflict resolution there: they don't feel safe using a French provider, so they move to a non-French provider, period.