Read the whole thread

However, we don’t have a “hardened security” approach, we aren’t developing a phone for pedo(censored) so they can evade justice.

  • weaselsrippedmyflesh@piefed.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    I don’t think he’s actually making the parallelism with pedophiles and security per se, but rather he’s making the case that his OS’ mission isn’t by default focused on that level of security or anonymity, but rather privacy and disengagement from companies who profit from your data being mined.

    He mentioned pedophiles, as well as the secret service, right after, as examples of either criminals who need to be obscured from detection (maybe because it’s easy for the Epstein class to pop in someone’s head, nowadays?) or government agents that need to protect themselves from data breaches, and said his type of OS isn’t made with that level of airtight security in mind, which is understandable and reasonable, and something we probably all knew already. It could’ve just as well been terrorists and investigative journalists mentioned.

    One could take his stance and engage in discussion on whether we need that level of security by default as ordinary citizens, or that even without exceptional circumstances, it becomes necessary in an increasingly hypervigilant society/government, but that’s a separate discussion.

    We should have a little nuance in interpreting speeches like these rather than taking things this literally, especially when it’s coming from a direct competitor in the degoogling sphere, who would naturally gain from holding it up in the most unflattering light.

    • Jason2357@lemmy.ca
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Are you a native french speaker? Maybe you heard it differently from me, but while I am all for nuance, lets not sanewash people and take them at their word.

      I use plenty of software where the developers are not primarily focused on security, but his line of reasoning sounds just plain dangerous for an OS developer. Maybe he phrased it bad, but that would be up to him to clarify and we shouldnt do that for him.

      • weaselsrippedmyflesh@piefed.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        It’s also up to us to not jump aboard any given claim and be critical of what others are spelling out for us. In any case, the transcripts in both english and french were posted by grapheneOS in the comments as well, so non-native french speakers can draw their own conclusions.

        You’re right that it’s also up to him to clarify his remarks, but I feel like this is a non-issue generously stretched out online that just sows further division that only benefits the big offenders against privacy.

    • PolarKraken@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      Honestly by now it’s becoming reasonable to assume “projection” as a baseline, to then change based on evidence, when someone has a take like this guy’s.

      I don’t mean the political tactic, just the garden-variety kind of projection. “Probably ~everyone thinks the way I do, and boy, we better not give everyone the tools to act on that…”

      Deeply wrong about how most folks think, because of how they themselves do, and believing they’re therefore helping. Likewise a self-admission, because they don’t realize they’re admitting anything.

      Maybe not the case with this guy, I’m not gonna dive in.

      But I do sincerely believe that’s a somewhat charitable take toward anyone making a claim like this today. Charitable in the sense of acknowledging a misunderstanding and desire to help.

      The less charitable one being - just obviously complicit. Fuck this noise.

    • FoundFootFootage78@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      The stereotype of pedophiles in cop shows is that they use desktop computers anyway, not phones. Don’t know how true to reality that is.

    • thatsnomayo [he/him]@lemmy.mlB
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      the privatized western govts & their tech boys literally are the infrastructure of the global pedos it’s asinine & dangerous to tell people to ignore that!

    • SatyrSack@quokk.au
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      So you don’t have to give Reddit clicks:

      Dutch hardware, French open-source OS, no Google services.

      Apologies for repeating this in pretty much every topic on Fairphone and /e/OS, but there is a lot of misinformation about this. The Fairphone hardware and software is developed by a Chinese company called T2Mobile (this is no secret, it is in Fairphone’s documentation).

      Switching to /e/OS does not really change that, because they use the same kernel trees, binary firmware blobs, and device trees maintained by the same Chinese company. So you replaced opaque blobs coming from a South Korean company to those from a Chinese company and Qualcomm (pick your poison I guess).

      Besides that /e/OS does not really decouple you from Google. It starts talking to Google pretty much the moment you first set up the device [1]. The device will download proprietary Google SafetyNet blobs that run as part of the privileged microG. /e/OS also contacts Google for assisted GPS, eSIM provisioning, WideVine provisioning, etc. Then if you install certain Google Apps, /e/OS gives them elevated privileges, breaking the regular sandbox model. For instance, if you install Android Auto because you want to use it in your car, some of the dependencies (e.g. Google Maps) have privileged access [2]. It does not stop at Google, e.g. for speech-to-text, Murena does not have any scrupules uploading your voice to OpenAI (and hide it somewhere in the terms that no-one reads) [4].

      Besides that, both Fairphone and /e/OS have a history of abysmal security. E.g., both used to sign system images with Android testing keys (which meant that malware could hide in your system image without you noticing). Fairphone is absolutely terrible at maintaining kernel trees - e.g. Fairphone 4 is still using a Linux version that has not been updated since 2020, Fairphone 6 is still on firmware blobs from June 2025 despite Qualcomm pushing out monthly fixes for vulnerabilities since then. The Fairphone 6 is also shipping a Linux kernel that hasn’t been updated since September 2024.

      Both the Fairphone stock OS and /e/OS are way behind on Android security updates. The Android Security Bulletins are only backports of security issues marked high or critical. On those they are typically 1-2 months behind and the ASB vulnerabilities are already known for 3 months by vendors due to Google’s new security embargo system. That means that Fairphone’s stock OS and /e/OS are usually 4-5 months behind on patching high/critical vulnerabilities. It is even worse for other vulnerabilities, which are commonly used as part of exploit chains. /e/OS and the stock OS are still on Android 15. Since they do not roll out other security updates than ASBs, it means that they are now 1.5 years behind in non-high/critical security updates (since Android 15 was released in September 2024).

      And then we haven’t even talked about shady things like the /e/OS App Lounge getting F-Droid packages [3] through a MITM server (cleanapk) for at least 6 years now that often serves outdated package versions. To make it more fun, they do not want to reveal who is actually maintaining this service.

      Similarly, hardware security is not great. In contrast to your old S24, the Fairphone 6 does not have separate secure enclave. They only use TrustZone, which basically uses the same CPU/RAM for the TEE (the OS gets isolated by secrets running it in a VM-like environment). TrustZone is vulnerable to side-channel attacks and PINs are easily brute-forced (so, on Fairphone you probably want to use a long passphrase).

      Some people will say: who cares, I’m not the target of a state level actor. Remember that in the days of Cellebrite, etc. device security is important to anyone who ever goes to a demonstration or crosses international borders.

      I understand that everyone is looking for European alternatives, please think twice if you want to replace them by Chinese blobs, very outdated software, and a security disaster.

      [1] https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/

      [2] https://eylenburg.github.io/android_comparison.htm

      [3] https://forum.f-droid.org/t/e-foundation-using-f-droid-with-middle-man-website/7162

      [4] https://forum.fairphone.com/t/e-os-betrays-users-privacy-openai-being-integrated-directly-into-core-os/119381

    • RenardDesMers@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Honestly, the fact that it is supported by default on the fairphone was quite appealing to me but this poor opinion from the CEO rubs me the wrong way

  • herseycokguzelolacak@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    I have a huge problem with GrapheneOS: they rely too much on Google hardware. That is why I never used Graphene and probably never will.

    • Lemmert@reddthat.com
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Just wondering, do you have a problem in the sense that you don’t want to support Google or more that you’re worried the actual hardware is not safe or trustworthy?

      • herseycokguzelolacak@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        Google is the exact opposite of privacy and security.

        I find it very dishonest that GrapheneOS was advertising itself as the secure option while tying itself so closely to Google.

        • Taasz/Woof@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          The Pixel phones were the only devices with secure enough hardware to make GrapheneOS viable, that’s why they developed it for them.

          It wasn’t because of some deal with google or anything like that.

          • herseycokguzelolacak@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            Hardware security guarantees are irrelevant for most people, including myself. A very small segment of the popularion needs them.

            What matters infinitely more is who has access to your data. And Google is one of the worst offenders.

            • Lemmert@reddthat.com
              link
              fedilink
              arrow-up
              0
              ·
              3 months ago

              I don’t really see the issue. So you don’t really care about robust and trustworthy hardware. That I get to some extent considering you’re more worried about your data itself. But if you’re flashing your device with GOS, there is no data being shared to Google unless you specifically want to use Google Play Services or the Play Store. Both of which don’t come pre-installed

              Edit: I added the if

              • herseycokguzelolacak@lemmy.ml
                link
                fedilink
                arrow-up
                0
                ·
                3 months ago

                Robust and trustworthy hardware does not matter if the apps you need for daily life (like banking or public transportation) are so integrated with Google’s ecosystem that they leak everything.

                Breaking Google’s hold over Android is the most important security topic of all time. Everything else is secondary. GrapheneOS is not real security.

                • Lemmert@reddthat.com
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  3 months ago

                  But how does this tie back to your original statement about GOS security and tying itself with Google? The issues you’re raising aren’t even a GOS specific one. I also find it strange to not call it secure because services themselves are reliant on Google’s services. That is not an issue any OS can solve. I say this as someone who does not rely on any Google services on my phone. I also believe you might be conflating security with privacy.

            • FauxLiving@lemmy.world
              link
              fedilink
              arrow-up
              0
              ·
              3 months ago

              Buying a phone from Google (HTC really) does not give Google access to your data.

              There are no Google services installed by Graphene, you have the option of running Google services if you choose, but even if you choose to do so they are kept in a sandbox and not given privileged information on the system.

              • herseycokguzelolacak@lemmy.ml
                link
                fedilink
                arrow-up
                0
                ·
                3 months ago

                There are no Google services installed by Graphene, you have the option of running Google services if you choose, but even if you choose to do so they are kept in a sandbox and not given privileged information on the system.

                Using Google hardware results in financial gain for Google, which is one of the worst companies out there for privacy and security. I do not like that GrapheneOS is working to propagate Google’s monopoly.

                • FauxLiving@lemmy.world
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  3 months ago

                  You’re moving the goalposts, you said:

                  What matters infinitely more is who has access to your data. And Google is one of the worst offenders.

                  That’s completely different than who benefits financially from your phone purchase.

        • Coleslaw4145@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          It only works on Pixel phones because they are the only phones on the market that meet the security requirments.

          Thats why for the future Motorola phones, Motorola will have to design a new phone that will meet those requirements. They can’t just put Graphene OS on an existing Motorola model.

  • Anaeijon@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 months ago

    I’m running e/OS in my old Poco F3 right now.

    I switched from LineageOS because I though, e/OS would be easier to ungoogle.

    In the end, it just defaults to way more compromises than I would have made on LineageOS.

    Over all, it’s actually just LineageOS with MicroG preinstalled, a really bad launcher, an ugly 2015-ish iPhone icon theme, and a few mediocre apps preinstallex, that usw these ‘Murena’ services that claim to be an alternative to Google services, but they are neither more secure/foss nor reliable.

    Their appstore is rather Bad. Yes, it essentially combines something like APKMirror and F-Droid in one app, but it requests a Google account to access PlayStore Apps.

    Imho, LineageOS with MicroG, no GApps, F-Droid and APKMirror and a few foss apps is the Vetter solution.

    I have my sync services selfhosted through a NAS and simply use WebDAV (backups), CardDAV and CalDAV. This was harder to set up in e/OS than in basic LineageOS, because e/OS is trying to push their own Murena services for that. And if I didn’t have all of these selfhosted, I’d rather use Proton services instead of Murena.

    Over all, really sketchy. It’s like a custom Rom that claims privacy but actually just wants you to möge to their own service.

    • AnimalsDream@slrpnk.net
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      This was pretty much my impression of /e/ as well. Used it only briefly. It ran poorly, had a bunch of crap I didn’t want. Bad launcher. Things didn’t work properly.

      Overall impression I got was that the people who make /e/ do not know what they are doing.

      While the GrapheneOS dev comes across as sus and toxic to me, part of me would like to give it a try. But between Pixel phones still having black screen of death problems, and newer ones lacking a headphone jack - I found a Moto G100 plus LineageOS with MicroG is a great option.

      I only run open software on it, and keep everything proprietary on my old un-degooglable phone that only gets turned on when necessary.

  • blackbrook@mander.xyz
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    I can’t believes he’s intentionally anti-privacy. Occam’s razor suggests he’s instead a fucking idiot.

    • rbits@lemmy.worldOP
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Yeah maybe. But whether it’s intentional or not, I would not want to use /e/os.

      But also, from the linked thread:

      Murena is a for-profit company owned by shareholders including Gaël Duval. /e/ has a non-profit organization which is also led by Gaël Duval. /e/ includes paid services from Murena. /e/ very clearly exists to build products for Murena to sell in order to enrich the shareholders.

      Despite being done for profit, /e/ receives millions of euros in funding from the EU on an ongoing basis. /e/ and Murena use extraordinarily inaccurate marketing to not only promote their products/services but also to mislead people about GrapheneOS and scare them away from it.

      From @grapheneos.org

      • blackbrook@mander.xyz
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        3 months ago

        Oh agreed. I wouldn’t want to install an OS from a fucking idiot either.

        (And I take your point that said idiot may also be a dishonest slime ball.)

      • ScoffingLizard@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        Graphene made an OS only for Google phones. I can see what they mean here, but not sure they have room to talk regardless of the security circumstances.

        It is shitty if there was a smear campaign against them though.

  • rbits@lemmy.worldOP
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Another quote from the thread

    Their marketing heavily focuses on avoiding Google and gives the impression they believe privacy means avoiding one company. Meanwhile, they add a bunch of Google services not present in the Android Open Source Project and give extensive privileged access to Google apps/services.

    From @grapheneos.org

    • rbits@lemmy.worldOP
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Recently, France’s national law enforcement began fearmongering about GrapheneOS and smearing it with inaccurate claims. France’s corporate and state media heavily participated. Many articles and also radio/television coverage misrepresented GrapheneOS as being for criminals.

      From @grapheneos.org

    • FoundFootFootage78@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      They’re two sides of the same coin. Can’t have privacy without security and can’t have security without privacy.

      Looking at the post though he’s specifically talking about advanced security as a means of preserving privacy, security you’d need if (based on his model) targeted by a government (whether foreign or your local police forensics team). I don’t think his model is correct though because while extra hardened security is useful to protect privacy in such an instance, it’s also just best practice because it’s better to have too much security than not enough, just to keep your bank account secure at least.

      • LedgeDrop@lemmy.zip
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        They’re two sides of the same coin. Can’t have privacy without security and can’t have security without privacy.

        Hmmm… I half agree with what you said. The corner stone of most security is an element of initial trust.

        With SSL, we’re trusting that the certificate authority is valid.

        With tools like GPG, I (as the sender) are trusting that the key I’m using to sign a message is really yours.

        With Android we (the users) and the application developers are trusting Google (hence why “sideloading” is now “bad”, because Google says it is).

        I absolutely agree that privacy cannot exist without security. But, your privacy is dependent on who your security model trusts.

        I don’t trust Google with my privacy (hence, I degoogle) , but my bank app doesn’t trust my security (hence, the app can only be installed via Google Play).

        So, privacy is dependent on security, but security is built on trust.

  • Fedpie@sopuli.xyz
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    I think it’s fair they support way more phones than GrapheneOS, even if the security is way worse. But it’s a whole other thing to call people who want secure phones pedophiles.

    • rbits@lemmy.worldOP
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      I am skeptical how worthwile it is to use /e/os over OEM Android at this point

    • weaselsrippedmyflesh@piefed.social
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      Agree with your outlook, but I think it’s not too farfetched to give the benefit of the doubt to the speaker here and establish that pedophiles were used as an example (of people whose survival depends on their data not being breached), rather than a direct comparison. And he goes on to name being an executive to the secret services as another example (again, of people to whom hardened security of data is an imperative), but we’re not saying he thinks secure phones are just for people in secret services, are we?

      He’s just saying, albeit rather clumsily, that their goal is simply not that level of hardened security, but rather privacy from data miners.

    • FoundFootFootage78@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      I think both approaches are too extreme. Supporting every device leads to poor security, poor stability, and therefore a poor user experience, but only supporting just Google devices (while there is a good reason for that) is a step too far for most people.

      If I were in the position of e/os I’d just support probably three manufacturers. Going through the major ones that I know of: Motorola and Google are obvious picks. Next would need to be something cheap and popular. Samsung is way out of the question. Xiaomi and Vivo I’ve never seen their phones mentioned outside of China (which is a country that generally doesn’t have the same privacy considerations as people in the west do). That leaves Oneplus and Tecno Mobile for the third model.

  • 9point6@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Lmao what a toxic piece of shit

    Privacy is something everyone deserves, not something only criminals want

  • apftwb@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Pedophiles use their work emails and gmail. Making a secure phone OS won’t make a difference.

  • tixnou@feddit.cl
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    some people in this thread still dont get it, so:

    you cant expect privacy while also having poor security practices. ideally you’d have both and most of these privacy projects are not much more than just a lineage fork with a dns blocker

    apparently in duval’s mind, you can always trust even a fascist government to never try to exploit your phone and to give you privacy. or something idk

  • mindbleach@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    First they came for people I don’t like, I assume, and I said hell yeah, there’s no way that will ever be me. Over here, officer. Come for a few more kinds of people I don’t like. Nothing bad ever happened to the French!

  • utopiah@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Sadly FUD as ANYTHING that is NOT increasing profit for surveillance capitalism, i.e Google, Meta, etc is a win for privacy!

    Of course /e/OS could be better, GrapheneOS could also be better (including on security) but the big picture is that still ANY of those solutions is making surveillance capitalism, the loss of privacy for profit and power, less efficient. That’s good for all of us who, being on Lemmy or other federated instance, believe we do benefit from having more privacy, or at least not trading it away.

    TL;DR: be inclusive, bring others up, don’t be exclusive aiming for perfection none of us can attain.