> Hopefully the HN mods will unflag the astroturfing campaign done by GrapheneOS here to allow a good healthy discussion.

A quick Google search shows that you've been attacking Daniel for a long time using this account. You complain about moderation and astroturfing and I find tons of posts by you attacking Daniel. You clearly have some sort of weird vendetta against him. Don't pretend to want a "good healthy discussion" when all you seem to be interested in is attacking him further.

All the stuff about members of our team not being stable is ridiculous and only works in favor of people or organizations that don't like us or want to damage GrapheneOS.

GrapheneOS has multiple people helping out. Many developers as well as people who help out with non-development work. It's a big claim to say that the whole team is unstable.

I'd suggest reading the article again. Considering the situation, the party about deleting the keys should be a good sign for anyone reading it. It shows that the project's leadership cares about doing things the right way. Members of the team are similarly dedicated to helping build and support an OS that improves people's privacy and device security, not to scam users by making a flashy product and rake in cash. Or, in Donaldson's case, work with shady companies and even possibly criminals.

Privacy and security projects like GrapheneOS are important considering the political landscape these days. People really need to stop repeating inaccurate claims about us, like that we're criminals, unstable, crazy, etc.

Just read the article again and I'd suggest also reading responses we sent to fact checkers (many answers didn't even show up in the article). James' side of the story is riddled with lies. So, if you read the article with that in mind, you can see that Copperhead got steered in the wrong direction by James. Daniel has been the owner of the open source project from the beginning and Copperhead was never in control of it. It was right to move forward without James. Nothing paranoid about that. It's more a move by someone who is dedicated to doing things right.

See the attacks on GrapheneOS and even other privacy projects trying to make them look like they are designed for criminals. Even French law enforcement took part. We have shared these details publicly and even with links to articles with quotes. There was even news about authorities in Spain assuming anyone with a Pixel was likely a criminal.

Months ago, we saw tons of reports of organizations reporting hacking GrapheneOS without any evidence or links to court cases. We never claim that GrapheneOS isn't hackable, but we still haven't seen any credible evidence showing forensics companies were able to hack it.

These are just a few examples of how GrapheneOS is being attacked. Again, we're not the only ones.

It's also important to note that GrapheneOS has many project members. GrapheneOS isn't a one man show.

Our responses to these things are not out of paranoia. We want our users to know what's going on, so we keep them informed. What's wrong with that?

> The community is unnecessarily toxic from what I've seen

I'm a GrapheneOS community moderator and I would disagree with this take. If people have issues with the community and feel that they can't ask "why" then a moderator should help with that. I can assure you we've had talks with "supportive" community members who cause problems. Being supportive of the project doesn't mean they can get away with acting rude towards others.

As for the F-Droid post, I never even heard of that post. I don't recognize the username of the user who posted it either. I guess I won't be able to see the original aggressive post, but either way just because someone is a fan doesn't mean the rest of our community is toxic.

> Instead of blockading SafetyNet as being a user hostile solution, GOS instead... implements their own version of it.

SafetyNet was depreciated, so you must be talking about Play Integrity. We don't reimplement Play Integrity, but rather have Sandboxed Google Play, and have even taken steps to reduce its effect on GrapheneOS users, notably optionally blocking API attempts or returning a server error (I forget) and blocking Google-injected code from running in apps that have automatic protection enabled in the Play Developer Console.

Outside of some workarounds, apps that expect Play Integrity verdicts can refuse to run if they choose to. Blocking things won't change that. Spoofing is also not practical because Google can and will break spoofing every time, especially since GrapheneOS has so many users. They already do that for people who root and use various spoofing methods.

> Pixel exclusivity is dumb and remains dumb.

Only Pixels meet the project's requirements as of now. GrapheneOS is in talks with a major OEM for them to get a few of their devices to meet the project's requirements and have official support for GrapheneOS. If all continues to go well, we expect it'll be 1-2 years before this happens.

> GOS doesn't let you do hosts based adblocking

There are apps and VPNs that can do this kind of thing.

> GOS as a project doesn't quite grasp the relationship between app developer and app user and how it's become toxified over the years > The problem these days is usually the developer going bad, not a third party.

The way you're talking here and your mention of F-Droid earlier leads me to believe you're a supporter of F-Droid. The project's advice is just that: advice. People are free to ignore that advice.

GrapheneOS is far from the only group that talks about issues with F-Droid. I don't personally know of all the issues with F-Droid, but as I understand it they use out of date servers, out of date build environments, and other similar issues. Also, they don't actually audit code at all, so developers can still sneak changes past them as long as the developers' changes aren't caught by their basic scanning. There's even the case where the WireGuard developer made changes that break F-Droid's terms of use or something like that. They were making those changes very much in the open and the F-Droid team didn't even notice. If a developer was trying to hide malicious changes, they could easily do that. No, we still have to trust developers. F-Droid is just another trusted party, and they don't deserve that trust considering all the issues they have.

As someone else pointed out, it's not just the comment. There's context you're either ignoring because it's inconvenient for you, or you don't know because you couldn't be bothered to learn more about it.

The video is harassment content, plain and simple. It's filled with disinformation and he lied about not using GrapheneOS moving forward. The developer was swatted multiple times, then when upset with Rossmann he tried to talk to him about his support for harassment content (the swatter was a fan), and instead of being a decent human being, Rossmann made a video of it while it was happening.

The basic thing is that the developer had been swatted multiple times right before that video. Swatted by a fan of the YouTubers who made the video that Louis commented on.

But the targeted update thing isn't even possible on GrapheneOS. The update server is basically a basic web server. The updates are stored on the servers and the update client downloads them. All update files follow the same naming system and the update client downloads updates using that system.

The update client never sends any IDs either.

So if GrapheneOS can't get unique IDs, then how can targeting be done? It's just not possible.

Pixels are the only devices that are out right now that meet the project's requirements. The project is in talks with a major OEM to have some of their devices meet GrapheneOS's requirements and have official support for GrapheneOS. Assuming all continues to go well, the project has said they expect those devices to be out in 1-2 years.

> GrapheneOS also enables security features when compiling the OS that have a performance impact but mitigate security risks. They end up with a slower phone with less battery life that's protected better against extremely uncommon attack vectors.

Apps may take slightly longer to launch, which was more noticeable on older devices, but not so much on modern supported devices. I understand that some of the other exploit protections mean that apps and processes take up slightly more memory, but that's another thing that people don't seem to be affected by.

As for battery life, not really. Most people report having roughly the same battery life with GrapheneOS as with the stock OS. People who don't install Google Play report much better battery life. Sure, the exploit protections might use a small amount of extra power, but it's negligible as far as I can tell based on my own experiences and what other people report.

> mentally unstable

It's not appropriate for you to be saying these things.

> Stuxnet only targeted specific Iranian systems, a needle in a hay stack, was spread did not harm random devices across the globe, and stayed mostly undetected. And this was done without "developer access" to the software itself. Is it hard ? Yes. Is it likely (especially given the knowledge of how GOS works) ? Perhaps not. Is it impossible ? Definitely not.

This makes no sense. GrapheneOS is an open source project and anyone can look at the changes made by the project. Even the OS is reproducible and people do check that, apparently, so GrapheneOS would be caught if they were making changes. Like I even found this repository just now after a quick search https://github.com/lucasbeiler/reproducible-builds-grapheneo...

GrapheneOS isn't just some random OS that nobody has heard of. There are lots of eyes on it, so sneaking some backdoor into the OS would be very difficult and extremely stupid. One misstep and the project would be gone. Do you really think Rossmann is worth that? I don't.

> When the lead dev of the OS you use daily threatens to "publicly expose you" as a user, I won't blame said user to stop using the software. And even less, to provide such data point regarding the behavior of that developer.

I've already pointed out in other comments that he had no good reason to fear a targeted update. It's just not possible. He should know that by now, but as far as I know he has never retracted that part of his video.