A quick Google search shows that you've been attacking Daniel for a long time using this account. You complain about moderation and astroturfing and I find tons of posts by you attacking Daniel. You clearly have some sort of weird vendetta against him. Don't pretend to want a "good healthy discussion" when all you seem to be interested in is attacking him further.

GrapheneOS has multiple people helping out. Many developers as well as people who help out with non-development work. It's a big claim to say that the whole team is unstable.

I'd suggest reading the article again. Considering the situation, the party about deleting the keys should be a good sign for anyone reading it. It shows that the project's leadership cares about doing things the right way. Members of the team are similarly dedicated to helping build and support an OS that improves people's privacy and device security, not to scam users by making a flashy product and rake in cash. Or, in Donaldson's case, work with shady companies and even possibly criminals.

Privacy and security projects like GrapheneOS are important considering the political landscape these days. People really need to stop repeating inaccurate claims about us, like that we're criminals, unstable, crazy, etc.

See the attacks on GrapheneOS and even other privacy projects trying to make them look like they are designed for criminals. Even French law enforcement took part. We have shared these details publicly and even with links to articles with quotes. There was even news about authorities in Spain assuming anyone with a Pixel was likely a criminal.

Months ago, we saw tons of reports of organizations reporting hacking GrapheneOS without any evidence or links to court cases. We never claim that GrapheneOS isn't hackable, but we still haven't seen any credible evidence showing forensics companies were able to hack it.

These are just a few examples of how GrapheneOS is being attacked. Again, we're not the only ones.

It's also important to note that GrapheneOS has many project members. GrapheneOS isn't a one man show.

Our responses to these things are not out of paranoia. We want our users to know what's going on, so we keep them informed. What's wrong with that?

I'm a GrapheneOS community moderator and I would disagree with this take. If people have issues with the community and feel that they can't ask "why" then a moderator should help with that. I can assure you we've had talks with "supportive" community members who cause problems. Being supportive of the project doesn't mean they can get away with acting rude towards others.

As for the F-Droid post, I never even heard of that post. I don't recognize the username of the user who posted it either. I guess I won't be able to see the original aggressive post, but either way just because someone is a fan doesn't mean the rest of our community is toxic.

> Instead of blockading SafetyNet as being a user hostile solution, GOS instead... implements their own version of it.

SafetyNet was depreciated, so you must be talking about Play Integrity. We don't reimplement Play Integrity, but rather have Sandboxed Google Play, and have even taken steps to reduce its effect on GrapheneOS users, notably optionally blocking API attempts or returning a server error (I forget) and blocking Google-injected code from running in apps that have automatic protection enabled in the Play Developer Console.

Outside of some workarounds, apps that expect Play Integrity verdicts can refuse to run if they choose to. Blocking things won't change that. Spoofing is also not practical because Google can and will break spoofing every time, especially since GrapheneOS has so many users. They already do that for people who root and use various spoofing methods.

> Pixel exclusivity is dumb and remains dumb.

Only Pixels meet the project's requirements as of now. GrapheneOS is in talks with a major OEM for them to get a few of their devices to meet the project's requirements and have official support for GrapheneOS. If all continues to go well, we expect it'll be 1-2 years before this happens.

> GOS doesn't let you do hosts based adblocking

There are apps and VPNs that can do this kind of thing.

> GOS as a project doesn't quite grasp the relationship between app developer and app user and how it's become toxified over the years > The problem these days is usually the developer going bad, not a third party.

The way you're talking here and your mention of F-Droid earlier leads me to believe you're a supporter of F-Droid. The project's advice is just that: advice. People are free to ignore that advice.

GrapheneOS is far from the only group that talks about issues with F-Droid. I don't personally know of all the issues with F-Droid, but as I understand it they use out of date servers, out of date build environments, and other similar issues. Also, they don't actually audit code at all, so developers can still sneak changes past them as long as the developers' changes aren't caught by their basic scanning. There's even the case where the WireGuard developer made changes that break F-Droid's terms of use or something like that. They were making those changes very much in the open and the F-Droid team didn't even notice. If a developer was trying to hide malicious changes, they could easily do that. No, we still have to trust developers. F-Droid is just another trusted party, and they don't deserve that trust considering all the issues they have.

The video is harassment content, plain and simple. It's filled with disinformation and he lied about not using GrapheneOS moving forward. The developer was swatted multiple times, then when upset with Rossmann he tried to talk to him about his support for harassment content (the swatter was a fan), and instead of being a decent human being, Rossmann made a video of it while it was happening.

But the targeted update thing isn't even possible on GrapheneOS. The update server is basically a basic web server. The updates are stored on the servers and the update client downloads them. All update files follow the same naming system and the update client downloads updates using that system.

The update client never sends any IDs either.

So if GrapheneOS can't get unique IDs, then how can targeting be done? It's just not possible.

What I see here is someone who wants a feature, a feature that many people want, but it hasn't been added for reasons listed in the GrapheneOS issue tracker. No one was rude or anything there in that link you shared that I can see.

> the lead developer responds makes it look like there are some serious unresolved mental issues

To say something like this is extremely out of line.

> Louis Rossmann’s video

What you fail to mention here is incredibly important context, but leaving that out conveniently supports the narrative that Daniel is crazy. Biggest fact there is that he had just been swatted multiple times. Louis commented on another harassment video and Daniel was understandably upset. By the way, the swatter had been in contact and even told GrapheneOS project members that they were a fan of the YouTuber who made the first video. So, attempted murder by some other person, a "friend" was supporting harassment content making him out to be "crazy" and comments on that video showing support for it, then, knowing that, Louis records a video of a private conversation in real time. The video itself was filled with lies and misrepresentations. Even the title was a lie because Rossmann continued to use GrapheneOS for long after that video was released.

Not to mention the fact that targeted updates aren't even possible on GrapheneOS considering how updates work and the infrastructure. Louis may not understand these things, but even though we and others have pointed this fact out multiple times, the video remains up. The video is clearly meant to do one thing: damage or destroy GrapheneOS.

Apps may take slightly longer to launch, which was more noticeable on older devices, but not so much on modern supported devices. I understand that some of the other exploit protections mean that apps and processes take up slightly more memory, but that's another thing that people don't seem to be affected by.

As for battery life, not really. Most people report having roughly the same battery life with GrapheneOS as with the stock OS. People who don't install Google Play report much better battery life. Sure, the exploit protections might use a small amount of extra power, but it's negligible as far as I can tell based on my own experiences and what other people report.

Well, yes, but not really. What you're saying could be true if the OS wasn't open source. It's not some small OS that nobody knows about. There are forks of the OS, there are other projects that selectively copy code/commits from GrapheneOS, there are security researchers who pay attention to its development. There are also people who reproduce and verify builds. It's just not possible for that kind of code to be snuck in there.

This section of the website about whether GrapheneOS is audited is also helpful https://grapheneos.org/faq#audit

> This is what is keeping me from installing GOS too. Interaction from the developers seems very aggressive towards the competing OSs, which doesn't inspire much trust.

If you pay attention to what they're responding to, you'll find that a lot of that is in response to something they said, clarification about inaccuracies in news articles, etc. The official accounts are also followed by many of the OSes' users, so some posts are for them too if certain things are being talked about in the community.

> In the end you need to trust someone, but I'm not sure GOS is more trustworthy than LineageOS (which has a bigger community, more developers and /e/os building on top of them).

I personally prefer quality over quantity. GrapheneOS developers take a long time to develop new features, test them, rewrite them, and it goes on and on until they have a resulting feature that is very high quality. They also have to keep in mind how much they're adding/changing so features and changes can be ported quickly when there are new upstream releases. Updating quickly is very important for security. Leaving vulnerabilities unpatched for months is not acceptable for a project and users who value security. The same can't be said of LineageOS or /e/OS. They're slow to update, roll back security, etc.

You yourself have even admitted that while it may not be true that he can be targeted, you make excuses for Rossmann saying he's a "layman when it comes to software". So, yes, it is baseless.

> it's like going to a restaurant and having a disagreement with the cook, for the latter to explicitly threaten to harm onto you. At that point, is it that far fetched to think he might poison the food ? When you know he has full control over the kitchen ?

This is a horrible metaphor because an open source project and the resulting OS is nothing like that. Better analogy would be that all the customers can watch the chef while they work, they all share the same food, and there are even cameras there for the world to see what the chef is doing in real time.

> You can disagree with Rossmann perception of the actual threat, but you should at least admit that it is not absurd for Rossmann to think that someone who demonstrated such irrational behavior might attempt to harm in through the means at their disposal, among which introducing malicious code.

If he had any integrity, he would have retracted that part of his video _at least_ when people pointed out that it wasn't true that he could be targeted. But as far as I know, he hasn't.

> Then in the first place, perhaps the cyber security geniuses who built a privacy and security oriented OS for smartphone could do the due diligence of gathering and presenting actual evidence of Rossmann implication in the alleged harassment campaign before before posting multiple accusatory statements across their socials media "with serious allegations and a very high potential of harming someone's reputation" ?

Anyone who thinks for even a moment can see what happened here. Someone tried to murder Daniel 3 times, he was upset about that and with Rossmann, he talked to Rossmann, Rossmann _records_ it as it's happening knowing full well what he was doing (which I'd argue is quite scummy), and releases the video complete with inaccuracies about the potential of being targeted. Not to mention he has a verified Kiwi Farms account, which anyone who knows the history of that site can draw their own conclusions. It's very easy to see what's all right out there in the open.

It's not appropriate for you to be saying these things.

> Stuxnet only targeted specific Iranian systems, a needle in a hay stack, was spread did not harm random devices across the globe, and stayed mostly undetected. And this was done without "developer access" to the software itself. Is it hard ? Yes. Is it likely (especially given the knowledge of how GOS works) ? Perhaps not. Is it impossible ? Definitely not.

This makes no sense. GrapheneOS is an open source project and anyone can look at the changes made by the project. Even the OS is reproducible and people do check that, apparently, so GrapheneOS would be caught if they were making changes. Like I even found this repository just now after a quick search https://github.com/lucasbeiler/reproducible-builds-grapheneo...

GrapheneOS isn't just some random OS that nobody has heard of. There are lots of eyes on it, so sneaking some backdoor into the OS would be very difficult and extremely stupid. One misstep and the project would be gone. Do you really think Rossmann is worth that? I don't.

> When the lead dev of the OS you use daily threatens to "publicly expose you" as a user, I won't blame said user to stop using the software. And even less, to provide such data point regarding the behavior of that developer.

I've already pointed out in other comments that he had no good reason to fear a targeted update. It's just not possible. He should know that by now, but as far as I know he has never retracted that part of his video.

Rossmann shouldn't be excused for making his harassment video about Daniel because he doesn't understand how things work. Anyone who bothers to think about it for a moment would understand that someone who had been swatted 3 times by a crazy person spamming community chat rooms with illegal content would be extremely upset. Someone tried to _murder him_ and was trying to destroy the project, and then this video comes out leaking a private chat, and Rossmann portrays him as crazy? Rossmann knew what was happening and then his first thought was to start recording? How is that justifiable?

You confessed you are a Rossmann fan in another comment, but even a fan should be able to see what had gone on here...

> Expecting a layman to know that is not reasonable.

And you are defending the inaccuracy in his video saying he's afraid of being targeted when it's not even possible, and your excuse for him is that he doesn't understand. There is no excuse for his video in the first place, but to also add this falsehood that he even can be targeted is extremely damaging for a project prioritizing privacy and security. And yet even though I'm sure he knows this now, as far as I know he hasn't retracted what he said. I don't think he cares about accuracy. Among other things, he's a YouTuber and he got views and attention, so I guess he got what he wanted at the expense of someone else during an extremely trying time. I don't think that's justifiable, I think it's scummy.

> If anything, even after that video, he kept recommending GOS whenever he talked about privacy.

Doesn't excuse what he did.

Rossmann shouldn't be excused for making his harassment video about Daniel because he doesn't understand how things work. Anyone who bothers to think about it for a moment would understand that someone who had been swatted 3 times by a crazy person spamming community chat rooms with illegal content would be extremely upset. Someone tried to _murder him_ and was trying to destroy the project, and then this video comes out leaking a private chat, and Rossmann portrays him as crazy? Rossmann knew what was happening and then his first thought was to start recording? How is that justifiable?

You confessed you are a Rossmann fan in another comment, but even a fan should be able to see what had gone on here...

And you are defending the inaccuracy in his video saying he's afraid of being targeted when it's not even possible, and your excuse for him is that he doesn't understand. There is no excuse for his video in the first place, but to also add this falsehood that he even can be targeted is extremely damaging for a project prioritizing privacy and security. And yet even though I'm sure he knows this now, as far as I know he hasn't retracted what he said. I don't think he cares about accuracy. Among other things, he's a YouTuber and he got views and attention, so I guess he got what he wanted at the expense of someone else during an extremely trying time. I don't think that's justifiable, I think it's scummy.

> Fuzion24 / platform_manifest Created 10 years ago Updated 10 years ago

This isn't really a practical way of doing it. Google Play and Google Play Services having privileged access is more than sufficient.

No. Nobody claimed to know the actual identity of the person.

> Like the attacks he hallucinates from project

They're not hallucinations.

> I am confident in seeing signs of a mental disorder there and stating that publicly.

Not a doctor, but is confident in their diagnosis of someone they don't actually know after watching some YouTube videos.

> Complete Bullshit.

I mean that these kinds of videos where he portrays people as crazy appeals to Kiwi Farmers. His verified account there, him participating there, and him making videos that do appeal to them all add up to me coming to the conclusion that they _SEEM_ to be made with the _intent_ to appeal to Kiwi Farms members.

But that would be incorrect. It's not possible for anyone from the GrapheneOS project to target a GrapheneOS user that way. Look into how updates and the update servers work.

> neither you can audit GOS code with enough confidence to declare that the risk of an exploit or backdoor being introduced is zero.

The updater app is pretty easy to read through. I think a software developer would be able to understand it. The update servers' setups are also very easy to understand. It doesn't take a software developer genius to figure these things out.

You provided exactly 0 sources in all of the comments I've seen posted by you so far.

> Showing his true colors = not accepting that there is an evil conspiracy and asking for proof.

"Evil conspiracy"? You say that someone else is paranoid and yet you are saying things like this? It's kind of ironic.

> You are completely brainwashed

Okay. If you say so.