Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena.
-
They dont provide privacy. So a promise is already broken. But beyond that, privacy cannot exist without security. They arent mutually exclusive, they are intertwined. To ignore security means you are not a privacy project.
E/ is not better at degoogling. GrapheneOS does not connect to any google servers, run any google play code, have any privilege google services, etc. Sandboxed google play is sandboxed and must be installed by the user. All default connections are to first party servers hosted by GOS. It is not more involved to get the same apps, google or otherwise.
@HybridStaticAnimate @codebam @GrapheneOS
That it must be installed by the user doesn't make it different.
IMHO the two app stores included in GrapheneOS are not sufficient for the vast majority of users.
If "every" user needs to install it to have a usable phone, it really is part of the attack surface.
(And yes, I'm aware the Play services are sandboxed on GrapheneOS which improves privacy and security)It's a bit like delivering a computer without network functionality because it reduces the attack surface, and then blaming the user if they install network drivers.
-
Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies.
Translation to English:
> There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything
@GrapheneOS
Well, I certainly find GraphineOS easy to use, and use it for everyday, because i value privacy and understand security. -
@mttn @GrapheneOS J'aimerais beaucoup que @gael réponde. J'ai fait confiance à /e/ et je n'y connais rien en sécurité... Ça m'inquiète.
@Camille @GrapheneOS @gael
Bah le truc c'est que les téléphones Android n'ont jamais été trop sécurisés jusqu'à il y a quelques années. (En tout cas à ma connaissance les iPhones étaient les seuls qui étaient vraiment protégés)
Maintenant on a Graphene avec des paramètres de protection vraiment incroyables, et certains autres téléphones genre le Google Pixel avec l'OS stock est apparemment assez sécurisé aussi. -
@Camille @GrapheneOS @gael
Bah le truc c'est que les téléphones Android n'ont jamais été trop sécurisés jusqu'à il y a quelques années. (En tout cas à ma connaissance les iPhones étaient les seuls qui étaient vraiment protégés)
Maintenant on a Graphene avec des paramètres de protection vraiment incroyables, et certains autres téléphones genre le Google Pixel avec l'OS stock est apparemment assez sécurisé aussi.@Camille @GrapheneOS @gael Je ne m'y connais pas assez pour pouvoir te dire que n'importe quelle personne pourra entrer dans ton téléphone, mais à coup sûr les autorités peuvent rentrer facilement dedans vu que c'est ce que Gaël semble impliquer.
Si les autorités peuvent pour des suspicions banales (et pas une suspicion genre espionnage d'état à haut niveau), je ne vois pas pourquoi quelqu'un de très expérimenté ne pourrait pas non plus. -
@Camille @GrapheneOS @gael Je ne m'y connais pas assez pour pouvoir te dire que n'importe quelle personne pourra entrer dans ton téléphone, mais à coup sûr les autorités peuvent rentrer facilement dedans vu que c'est ce que Gaël semble impliquer.
Si les autorités peuvent pour des suspicions banales (et pas une suspicion genre espionnage d'état à haut niveau), je ne vois pas pourquoi quelqu'un de très expérimenté ne pourrait pas non plus.@Camille @GrapheneOS @gael À priori c'est pas le voleur classique qui veut revendre ton téléphone qui va essayer de le hacker, mais bon, si la porte est ouverte honnêtement on ne sait jamais. (Et c'est ça qui fait peur, de ne pas savoir concrètement à quel point c'est faisable, donc pour moi c'est intuitif de vouloir un téléphone sécurisé)
-
@GrapheneOS @blueluma @Xtreix I also think it's not the best to directly attack them and others. Stating that GOS is better than others and how smooth it works can be presented in a better way. I'm not a PR specialist but disputing false claims maybe can be done in a better way without "sounding desperate". Sry not native English and therefore don't finding the right words.
GOS is strong and works nice and I I'm so excited about the Motorola cooperation. Keep on with this awesome work. -
France is the most anti-encryption, anti-privacy and anti-security country in the EU. They've been doing a gradual crackdown on open source privacy projects including GrapheneOS and Signal with escalating smears and threats. /e/ and Murena are on the side of the police state.
@GrapheneOS
To be fair, Signal lies about their actual security, particularly regarding metadata protection.Metadata Protection in Instant Messaging Applications: a Review
Twelve years after the public specification of the Signal protocol, almost all instant messaging protocols have embraced the ratchet construct, granting perfect forward secrecy and post-compromise security. Whatsapp, Signal, OMEMO-based applications, Olm and Megolm-based applications, or SimpleX ...
Pass the SALT Archives (passthesalt.ubicast.tv)
Olvid, a French IM, arguably offers better privacy than Signal, by design. But they are French, so I don't trust them either for the reasons you listed in this thread.
@simplex is way ahead of Signal and Olvid, privacy/security-wise.
-
@cutesobri @GrapheneOS No the translation is clearly not accurate. What G.D. says in french is the /e/ fundation builds an os you could not trust to hide from heavy investigations. In the mainlines, if you're pedocriminal, spy, executive, whatever, their operating system is not build for, it is (just) built to reduce everyday footprint in daily usage.
-
@cutesobri @GrapheneOS No the translation is clearly not accurate. What G.D. says in french is the /e/ fundation builds an os you could not trust to hide from heavy investigations. In the mainlines, if you're pedocriminal, spy, executive, whatever, their operating system is not build for, it is (just) built to reduce everyday footprint in daily usage.
@cutesobri @GrapheneOS What emerge from such reactions of @GrapheneOS is suspicion on their means and goals. Making short answers in social medias with a link to an up to date page collecting every evidence and pointing on every original sources of such alleged comportments would be clearly less misinterpretable and misleading. I understand that's a meticulous work far from developping a secure os, but I ear here and there of @GrapheneOS, and never in terms of trust.
-
@GrapheneOS Can't wait for your Motorola partnership to further legitimize GrapheneOS.
@mast0d0nphan @GrapheneOS is this real? Do you know when?
-
> we do reduces attack surface. However, we don't have a "hardened security" approach, we aren't developing a phone for pedo(censored) so they can evade justice. So there aren't difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That's not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn't be legal in real life
@GrapheneOS lmao the "i HaVE noThINg To HIde" crowd, maybe he should make all of his emails and texts public and live stream his home security cams, I mean what is he trying to hide ? is he a PDF?
-
@lispi314
Have a look at uBlockOrigin's "Hard mode":
https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode
Here scripts, frames, CSS and images are blocked by default.
@GrapheneOS @tedstechtips -
@cutesobri @GrapheneOS No the translation is clearly not accurate. What G.D. says in french is the /e/ fundation builds an os you could not trust to hide from heavy investigations. In the mainlines, if you're pedocriminal, spy, executive, whatever, their operating system is not build for, it is (just) built to reduce everyday footprint in daily usage.
@jsa I don’t know. They literally say “We don’t develop a phone for pedophiles to evade justice.” (“[…] on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice.”) Pedocriminals seem to be the main example they chose. They could’ve focused on other groups and instead mention secret services and the like. @cutesobri @GrapheneOS
-
@Xtreix @GrapheneOS I've only watched the short section of the videos from the post, do you have a source of the complete video so I could watch it and see the direct attack to GrapheneOS in it as you mention
@blueluma @GrapheneOS Duval's statement at 5:07:
“We don't have a hardened security approach, we're not developing a phone so that pedophiles (word censored in the video) can evade justice.
So there aren't any advanced features, like checking if the memory is corrupted, etc, really hardened features that might be useful for presidents, secret agents, and so on...”
The reference to a hardened phone intended for pedophiles is a direct reference to GrapheneOS, the only hardened mobile operating system available, as well as to phones compatible with the project and any other projects or devices that might adopt the same approach. These verbal statements follow a long series of false claims about GrapheneOS on social media.
He then states that this hardening may prove effective, but continues with the fallacious logic that it is useful only for high-value, targeted individuals or criminals, and that lambda people would never need it and would have no reason to use enhanced security to protect their data. He claims that GrapheneOS is for a minority and that /e/OS is for everyone.
-
@GrapheneOS
To be fair, Signal lies about their actual security, particularly regarding metadata protection.Metadata Protection in Instant Messaging Applications: a Review
Twelve years after the public specification of the Signal protocol, almost all instant messaging protocols have embraced the ratchet construct, granting perfect forward secrecy and post-compromise security. Whatsapp, Signal, OMEMO-based applications, Olm and Megolm-based applications, or SimpleX ...
Pass the SALT Archives (passthesalt.ubicast.tv)
Olvid, a French IM, arguably offers better privacy than Signal, by design. But they are French, so I don't trust them either for the reasons you listed in this thread.
@simplex is way ahead of Signal and Olvid, privacy/security-wise.
GrapheneOS (@GrapheneOS@grapheneos.social)
@otyugh@pouet.chapril.org @straybun@lgbtqia.space @watchfulcitizen@goingdark.social France's government is making false and unsubstantiated claims about Signal to promote the Olvid app made in France: https://interoperable-europe.ec.europa.eu/collection/open-source-observatory-osor/news/france-officials-use-open-source-alternative-olvid https://www.lemonde.fr/en/economy/article/2023/12/15/olvid-the-french-government-s-secure-messaging-app-already-under-fire_6346249_19.html France is pushing for encryption backdoors which could be forced into Olvid due to it being based in France but could not be forced into Signal since Signal would simply stop operating in France as we're choosing to do going forward. They're absolutely attacking Signal in addition to GrapheneOS.
GrapheneOS Mastodon (grapheneos.social)
-
GrapheneOS (@GrapheneOS@grapheneos.social)
@otyugh@pouet.chapril.org @straybun@lgbtqia.space @watchfulcitizen@goingdark.social France's government is making false and unsubstantiated claims about Signal to promote the Olvid app made in France: https://interoperable-europe.ec.europa.eu/collection/open-source-observatory-osor/news/france-officials-use-open-source-alternative-olvid https://www.lemonde.fr/en/economy/article/2023/12/15/olvid-the-french-government-s-secure-messaging-app-already-under-fire_6346249_19.html France is pushing for encryption backdoors which could be forced into Olvid due to it being based in France but could not be forced into Signal since Signal would simply stop operating in France as we're choosing to do going forward. They're absolutely attacking Signal in addition to GrapheneOS.
GrapheneOS Mastodon (grapheneos.social)
@Andromxda I am the author of the publication I linked in my previous post. I am not affiliated with the French government. I worked for the French gov between 2013 and 2018. We parted ways in terrible terms.
-
R relay@relay.infosec.exchange shared this topic
