Here's a post where the @vollaficationist clearly refers to themselves as being part of Volla and shares internal information which would only be known to someone working at Volla
-
For example, any system like this is likely to end up requiring approving each release before it would be compatible with apps checking for certified devices. This means releases would be arbitrarily delayed for certification prior to users being able to receive them without losing compatibility with any apps adopting it. The companies involved can put arbitrary requirements in place which are fine with them but not with us. Governments can also begin to exert control over this system.
European governments would be able to block certifying GrapheneOS because we won't implement age verification, invasive client side AI scanning and other systems they're trying to impose on devices and operating systems. They can make it into a requirement to integrate these for certification. Volla, Murena and iodé are not privacy/security hardened operating systems. They do not try to protect users against authoritarian surveillance including via exploits. They do not share our goals/values.
-
European governments would be able to block certifying GrapheneOS because we won't implement age verification, invasive client side AI scanning and other systems they're trying to impose on devices and operating systems. They can make it into a requirement to integrate these for certification. Volla, Murena and iodé are not privacy/security hardened operating systems. They do not try to protect users against authoritarian surveillance including via exploits. They do not share our goals/values.
These companies MUST NOT be allowed to successfully seize control over the compatibility of European banking/government apps with mobile devices via Unified Attestation. These companies have a view of privacy based around protecting people from Google and the US government rather than privacy from corporations and governments as a whole. They even market themselves as providing so-called digital sovereignty by giving European governments access and control instead of the American government.
-
These companies MUST NOT be allowed to successfully seize control over the compatibility of European banking/government apps with mobile devices via Unified Attestation. These companies have a view of privacy based around protecting people from Google and the US government rather than privacy from corporations and governments as a whole. They even market themselves as providing so-called digital sovereignty by giving European governments access and control instead of the American government.
GrapheneOS is based in Canada but we don't promote it based around it being based in Canada. We're willing to move our non-profit and operations elsewhere in the future if Canada ever passes laws incompatible with our goals. It's based in Canada because it was practical rather than as a core value or approach of GrapheneOS. If Canada goes down the same path as the EU and starts passing laws we cannot accept, then we'll leave Canada rather than ruining GrapheneOS. They won't do that with the EU.
-
GrapheneOS is based in Canada but we don't promote it based around it being based in Canada. We're willing to move our non-profit and operations elsewhere in the future if Canada ever passes laws incompatible with our goals. It's based in Canada because it was practical rather than as a core value or approach of GrapheneOS. If Canada goes down the same path as the EU and starts passing laws we cannot accept, then we'll leave Canada rather than ruining GrapheneOS. They won't do that with the EU.
GrapheneOS exists for the purpose of creating highly private and secure devices which are highly usable and compatible with all of the apps people want to use. GrapheneOS doesn't exist to provide a Canadian smartphone OS and eventually hardware. It's based in Canada because it was a pragmatic decision and we believe it's currently a better location for privacy projects than the US or EU. If that significantly changes, we're open to creating a non-profit elsewhere and moving our operations there.
-
GrapheneOS exists for the purpose of creating highly private and secure devices which are highly usable and compatible with all of the apps people want to use. GrapheneOS doesn't exist to provide a Canadian smartphone OS and eventually hardware. It's based in Canada because it was a pragmatic decision and we believe it's currently a better location for privacy projects than the US or EU. If that significantly changes, we're open to creating a non-profit elsewhere and moving our operations there.
GrapheneOS will fight against attempts by the Canadian government to take control over what people are allowed to use on their devices rather than building a system to enable it. Volla is building a system governments will be able to use to control which hardware and software people are allowed to use. The only usage of attestation should be to protect users as our Auditor app does, not to control what they can use as a growing subset of banking and government apps are doing. That should stop.
-
GrapheneOS will fight against attempts by the Canadian government to take control over what people are allowed to use on their devices rather than building a system to enable it. Volla is building a system governments will be able to use to control which hardware and software people are allowed to use. The only usage of attestation should be to protect users as our Auditor app does, not to control what they can use as a growing subset of banking and government apps are doing. That should stop.
We'll put our support behind a ban on root-based attestation as long as pinning-based attestation is still allowed. Pinning-based attestation doesn't have the same issues with being used to restrict competition and user choice. Our Auditor app is primarily based around pinning-based attestation with little faith put in the initial root-based attestation. A single leaked key from the least secure devices can be used to bypass root-based attestation. It's absolutely not a serious security feature.
-
R relay@relay.infosec.exchange shared this topic
-
GrapheneOS will fight against attempts by the Canadian government to take control over what people are allowed to use on their devices rather than building a system to enable it. Volla is building a system governments will be able to use to control which hardware and software people are allowed to use. The only usage of attestation should be to protect users as our Auditor app does, not to control what they can use as a growing subset of banking and government apps are doing. That should stop.
@GrapheneOS that's the fight
-
GrapheneOS is based in Canada but we don't promote it based around it being based in Canada. We're willing to move our non-profit and operations elsewhere in the future if Canada ever passes laws incompatible with our goals. It's based in Canada because it was practical rather than as a core value or approach of GrapheneOS. If Canada goes down the same path as the EU and starts passing laws we cannot accept, then we'll leave Canada rather than ruining GrapheneOS. They won't do that with the EU.
@GrapheneOS Where would you consider moving to? Nowadays it seems like you can't be save anywhere at all.
-
This is how these companies market their products. They mislead people into buying their products rather than using much more private and secure options.
iodé and Murena have been doing this on a much larger scale than Volla with much more underhanded tactics. They've heavily pushed the false narrative that GrapheneOS isn't usable by regular people, isn't compatible with enough apps and many other inaccurate claims. In reality, it has far broader app compatibility and is much more usable.
@GrapheneOS I must support the point made: I have tried both Murena's /e/OS on a Fairphone and GrapheneOS on a Pixel. The former may look more appealing/engaging at first, but I found the latter much more convenient after time.
-
GrapheneOS is based in Canada but we don't promote it based around it being based in Canada. We're willing to move our non-profit and operations elsewhere in the future if Canada ever passes laws incompatible with our goals. It's based in Canada because it was practical rather than as a core value or approach of GrapheneOS. If Canada goes down the same path as the EU and starts passing laws we cannot accept, then we'll leave Canada rather than ruining GrapheneOS. They won't do that with the EU.
@GrapheneOS Which laws have been passed that are incompatible with the project? I always heard client-side scanning being in the making and optional scanning has recently been disapproved for renewal, right? And isn't age verification on OS level an introduction by Californian lawmakers?
I am genuinely curious, and well aware, that European lawmakers are flirting with surveillance... except for themselves, of course.
-
We'll put our support behind a ban on root-based attestation as long as pinning-based attestation is still allowed. Pinning-based attestation doesn't have the same issues with being used to restrict competition and user choice. Our Auditor app is primarily based around pinning-based attestation with little faith put in the initial root-based attestation. A single leaked key from the least secure devices can be used to bypass root-based attestation. It's absolutely not a serious security feature.
Here's an archive preserving all of the posts from this account clearly run Volla:
It has the whole history of how it was used to promote it pretending to be a supporter with inaccurate marketing to the current outrageous conspiracy theory attacks.
-
Here's an archive preserving all of the posts from this account clearly run Volla:
It has the whole history of how it was used to promote it pretending to be a supporter with inaccurate marketing to the current outrageous conspiracy theory attacks.
@GrapheneOS FYI archive.ph isn't a trustworthy archive anymore: https://gyrovague.com/2026/02/01/archive-today-is-directing-a-ddos-attack-against-my-blog/
The owner has not only been DDoSing somebody's blog, but has actively altered archived websites: https://en.wikipedia.org/wiki/Wikipedia:Requests_for_comment/Archive.is_RFC_5#Evidence_of_altering_snapshots
The owner has admitted to one prior DDoS attack, and has also committed identity theft at least once.
Thanks
-
@GrapheneOS FYI archive.ph isn't a trustworthy archive anymore: https://gyrovague.com/2026/02/01/archive-today-is-directing-a-ddos-attack-against-my-blog/
The owner has not only been DDoSing somebody's blog, but has actively altered archived websites: https://en.wikipedia.org/wiki/Wikipedia:Requests_for_comment/Archive.is_RFC_5#Evidence_of_altering_snapshots
The owner has admitted to one prior DDoS attack, and has also committed identity theft at least once.
Thanks
@iampytest1 Do you have any alternative to use instead? archive.org will remove content upon request and we'd have archives we created deleted upon request from the companies which then subsequently denied it ever happened and have convinced a lot of their supporters it never did.
-
Here's an archive preserving all of the posts from this account clearly run Volla:
It has the whole history of how it was used to promote it pretending to be a supporter with inaccurate marketing to the current outrageous conspiracy theory attacks.
We're open to suggestions on a better archiving site since there are some complaints about the one we've been using. archive.org has repeatedly removed archives upon request by companies covering up what they've done to GrapheneOS so their service isn't acceptable.
-
@iampytest1 Do you have any alternative to use instead? archive.org will remove content upon request and we'd have archives we created deleted upon request from the companies which then subsequently denied it ever happened and have convinced a lot of their supporters it never did.
@GrapheneOS megalodon.jp can archive snapshots from archive.today, albeit at a really weird aspect ratio and zoomed out.
Sadly I'm not aware of any great alternatives, since AT was able to archive a lot of things the Wayback Machine and others couldn't.
I just figured I would let you and others know. The actual DDoS code is patched in most adblockers, and has been toned down, so there isn't an immediate threat beyond the general loss of trust in its reliability.There's also a general question of how much longer AT will still be alive. Some powerful forces want it dead, and there are things going on which even the owner isn't aware of.
-
@GrapheneOS megalodon.jp can archive snapshots from archive.today, albeit at a really weird aspect ratio and zoomed out.
Sadly I'm not aware of any great alternatives, since AT was able to archive a lot of things the Wayback Machine and others couldn't.
I just figured I would let you and others know. The actual DDoS code is patched in most adblockers, and has been toned down, so there isn't an immediate threat beyond the general loss of trust in its reliability.There's also a general question of how much longer AT will still be alive. Some powerful forces want it dead, and there are things going on which even the owner isn't aware of.
@iampytest1 We made the mistake of using Wayback Machine to keep archives of attacks on the GrapheneOS project and companies engaging in blatant scamming. It backfired when they removed the archives upon request. We've been using archive.today for years to keep archives due to not trusting Wayback Machine to preserve what we archive with it. It's quite bad if that's lost and there isn't an alternative to it.
