Readit News logoReadit News
strcat commented on France threatens GrapheneOS with arrests / server seizure for refusing backdoors   mamot.fr/@LaQuadrature/11... · Posted by u/nabakin
Hizonner · 24 days ago
Once they've established a rule that you have to help them in all cases, what stops them from forcing you to push an update to a phone while the user still has it, to collect information from the phone while actually unlocked and in use?
strcat · 11 days ago
We won't comply with illegal demands, so how would they force us to do it?

GrapheneOS System Updater doesn't identify the device or user to the server. A massive portion of GrapheneOS users are using a VPN and some are using Tor so many of the IP addressed are VPN/Tor exit IPs shared between people. How would an update be targeted to a specific phone?

strcat commented on France threatens GrapheneOS with arrests / server seizure for refusing backdoors   mamot.fr/@LaQuadrature/11... · Posted by u/nabakin
foxyv · 16 days ago
Is this rate limiting on the number of data key decryption calls by the HSM to prevent full data exfiltration? Or, is it rate limiting PIN attempts?
strcat · 11 days ago
It's rate limiting on key derivation attempts. A key is made via scrypt from the passphrase. A hash of this key is used as an authentication token to obtain a random token from the secure element for the final hardware-bound key derivation to use as an additional input. Passing the wrong authentication token results in rapidly increasingly throttling. We documented the previous less aggressive ramp up at https://grapheneos.org/faq#encryption but it actually ramps up a lot faster now to make 4 digit PINs less horrible, although we still strongly recommend 6 random digits as the minimum.

Secure element updates don't only need to have a valid signature and greater version. They also require the Owner user to authenticate successfully after booting in order for it to be accepted. This is what they refer to as insider attack resistance, since it protects against them being coerced by a government into removing the brute force protection for a locked device via an update.

strcat commented on France threatens GrapheneOS with arrests / server seizure for refusing backdoors   mamot.fr/@LaQuadrature/11... · Posted by u/nabakin
StopDisinfo910 · 24 days ago
> They've said if we don't cooperate with that, they'll take similar actions against us as they did SkyECC and Encrochat meaning hijacking our servers and trying to have us arrested.

No, they haven’t.

You are letting your paranoia talk by widely amplifying the content of two newspapers articles in media affiliated with the far right.

I’m quite surprised by your reactions to be fair because both SkyECC and Encrochat were actually affiliated with organised crimes. As far as I know, GrapheneOS isn’t.

strcat · 11 days ago
French law enforcement chose to do interviews with those newspapers and nearly all of the content of those articles is paraphrasing or directly quoting what they said. There's very little input from the journalists into those articles. They treated the claims from the state as facts and conveyed them as such, then posted our responses to vague queries not giving us the details of what was being claimed about us so we could properly respond to it.
strcat commented on GrapheneOS is the only Android OS providing full security patches   grapheneos.social/@Graphe... · Posted by u/akyuu
singpolyma3 · 11 days ago
Far from attacking your project in fact I often provide support for your users there's no ill will from my side let me assure you
strcat · 11 days ago
You regularly attack the GrapheneOS project and our team in your chat rooms including supporting libelous claims about us, as do others who work with you.
strcat commented on GrapheneOS is the only Android OS providing full security patches   grapheneos.social/@Graphe... · Posted by u/akyuu
singpolyma3 · 11 days ago
No one is attacking anyone. I feel like you're talking about someone else?
strcat · 11 days ago
You came to this thread to promote an inaccurate narrative in support of the absolutely vile attacks on us. Meanwhile, we've never done anything to you or your project beyond promoting it as one of the available options. We stopped doing that a while ago due to attacks from yourself and other project members. We haven't responded to those attacks beyond not mentioning your project anymore and removing our many past links to it.

We have chat logs archives of your rooms which can be used to prove ongoing attacks by your project members towards GrapheneOS and our team. That includes voicing support for harassment content. Is it as severe as what we can show for many others? No, but it's enough. I'm not confusing you with someone else. I'm aware of who you are and what yourself and others you work with have said over the years.

strcat commented on GrapheneOS is the only Android OS providing full security patches   grapheneos.social/@Graphe... · Posted by u/akyuu
singpolyma3 · 11 days ago
Listing a bunch of projects I've not heard of and attacking me for "supporting" them is exactly the kind of behaviour I'm talking about :P
strcat · 11 days ago
GrapheneOS did not attack you or your project. The same goes for the people you're supporting who chose to attack us for years and then feigned being victims when we finally began defending ourselves. We'll defend ourselves from the libel from your project too. You're choosing to make manipulative attacks on it without an actual basis to try to pile on the existing ones, while feigning ignorance of all of that. The chat logs show you aren't actually ignorant of it.
strcat commented on GrapheneOS is the only Android OS providing full security patches   grapheneos.social/@Graphe... · Posted by u/akyuu
Itoldmyselfso · 11 days ago
Don't know if you're replying to a wrong person but my point in the comment was about many of the tweets that get passed around include claims without links to any evidence. The recent tweets I've just seen from the top of my head were in relation to accusations of /e/os and Iode having government ties, but no evidence for that was linked in the tweets. A common person isn't going to go digging where that evidence has been presented if it isn't very clearly available, if at all. It may have a hassle to include it to every tweek, but the impression stands. Also never contested any of the harassment you have received.
strcat · 11 days ago
> many of the tweets that get passed around

You're talking about people misrepresenting what we say and lying about it while ignoring the provided evidence. You shouldn't be basing what you think GrapheneOS says from people misrepresenting that as part of attacking it.

> claims without links to any evidence

You've provided no links to any evidence for your inaccurate claims about us.

> accusations of /e/os and Iode having government ties

What our project account actually said is that both have been attacking GrapheneOS with false claims about our project and team for many years, including the false narratives you're using. We've provided ample evidence of that and linked to a recent example of the founder of /e/ and Murena supporting libel/harassment content from a neo-nazi site here. If you need that linked again:

https://archive.is/SWXPJhttps://archive.is/n4yTO

We can provide dozens more examples of him supporting harassment content. We don't link spreading harassment content so we try to avoid linking to it like this. People who are hostile towards us won't actually apply any skepticism to it but rather will just spread it to try to harm us more. Why would we regularly help them with doing it?

It is a fact that /e/ is heavily government funded despite the fact that it exists to build products for their for-profit Murena company to sell.

https://www.projets-libres.org/en/podcast/e-os-a-degoogled-a...

> The European Union has subsidized us to the tune of several million for this project.

This is the same EU moving ahead with passing Chat Control. /e/, Murena and iodéOS are based in one of the countries most strongly supporting it with national law enforcement actively smearing GrapheneOS with inaccurate claims due to considering a reasonably secure device intolerable. The recent attack from Duval linked above was made in the direct context of these smears against GrapheneOS. Duval has himself used his personal account, /e/ project accounts and Murena company accounts to falsely claim GrapheneOS isn't a privacy project, isn't for regular people and is only for people to protect themselves from the state. He has directly played into trying to marginalize it and support attacks on it from the French state which supports his project. Do you deny this? We did not say they're working with the government. We said they're taking advantage of it and trying to leverage it to harm us similarly to their years of spreading misinformation about GrapheneOS and supporting harassment towards our team to boost their extraordinarily insecure and non-private products/services. If you need third party sources on that, they're in https://discuss.grapheneos.org/d/24134-devices-lacking-stand... and both Divested Computing + Mike Kuketz also cover iodéOS too, as do other experts.

> A common person isn't going to go digging where that evidence has been presented if it isn't very clearly available

Yet you believe inaccurate claims about us without evidence, including the ones you're propagating and making here. People engaging in these attacks linking to unsubstantiated claims and harassment material from each other is not evidence. A YouTube video with a self-contradictory and clearly dishonest monologue pretending to have references not showing any of what's claimed is not showing evidence. That apparently passes as evidence for you, but actual proof and things you can verify do not.

strcat commented on GrapheneOS is the only Android OS providing full security patches   grapheneos.social/@Graphe... · Posted by u/akyuu
worldsavior · 11 days ago
Alright, didn't mean to make any libelous claims, it's just so it happens I never saw any evidence from your accusations. I already know these people are the worst, but it would be helpful if in any of your posts you would share some evidence like you did right now.
strcat · 11 days ago
Where's the evidence for the accusations being made towards me? No need to answer: fabrications and spin on Kiwi Farms and 2 Kiwi Farms adjacent videos on YouTube, which are regularly referenced and directly linked to by people involved with multiple companies and open source projects in the space. Here's a very recent example of the founder of /e/ and Murena once again linking to libelous harassment/bullying content, this time on a blatant neo-nazi conspiracy site:

https://archive.is/SWXPJ

https://archive.is/n4yTO

He's done this many times before and has directly spread Kiwi Farms harassment content himself from his personal accounts along with using the /e/ and Murena accounts for similar attacks. We never picked any fight with /e/ or Murena, they spent years spreading misinformation about GrapheneOS to mislead people into buying highly insecure products and services. They're enraged by us countering that misinformation as we did here with verifiable, accurate information with third party sources you should read too from Divested Computing, Mike Kuketz, their own forum (sending sensitive data to OpenAI without consent and falsely claiming it's anonymized when questioned) and elsewhere:

https://discuss.grapheneos.org/d/24134-devices-lacking-stand...

What is it you think hasn't been adequately proven?

Our chat rooms, forum, etc. are being endlessly raided with CSAM, gore and harassment towards our team. Our team is being swatted and threatened on a regular basis. We're having endless libel and bullying directed towards us including these baseless claims that we're insane. What the people attacking us can point to is that they think our replies debunking it and defending ourselves are too verbose which somehow makes us insane and delusional. Us banning people from the Techlore and /e/ communities raiding our rooms pretending to be users initially then attacking our team with harassment or posting CSAM is somehow us being toxic rather than those communities being toxic. It's not them being targeted with harassment. It's not them having fabricated stories spread about them.

It's you folks making accusations without evidence which simply reference a bunch of harassment content proving what we're saying is true. Linking to that harassment content proves people are doing it since most people can see it for what it is: a bunch of poorly made lies and misrepresentations to target someone with harassment.

strcat commented on GrapheneOS is the only Android OS providing full security patches   grapheneos.social/@Graphe... · Posted by u/akyuu
singpolyma3 · 12 days ago
The GrapheneOS obsession with picking a fight with everyone else is the most unfortunate part of the project.
strcat · 11 days ago
The attacks on GrapheneOS from Copperhead and their supporters including within other projects were not a fight we picked. You're pushing a false narrative in support of years of libel, bullying and harassment towards us. Your project's team has regularly engaged in very underhanded attacks on ours despite us never doing anything to you. We have archives of it.

Here's an example of what you support by the founder of Murena and /e/ who you support linking to libel and harassment on a neo-nazi conspiracy site (check out the site for yourself):

https://archive.is/SWXPJhttps://archive.is/n4yTO

The video that's linked there is an extraordinarily dishonest character assassination video filled with very blatantly false claims. The person who posted the video is unsurprisingly friends with a bunch of neo-nazis. Copperhead failed in their attempt at filing a baseless lawsuit against us and is on track to pay years of our legal fees.

A typical approach you folks take is linking to Kiwi Farms adjacent harassment content based on fabricated stories and spin targeting myself and the rest of our team. One of the two main people orchestrating harassment towards us has an identity verified Kiwi Farms account and was the one who involved them in targeting me (kiwifarms . st/members/larossmann.132201/).

strcat commented on GrapheneOS is the only Android OS providing full security patches   grapheneos.social/@Graphe... · Posted by u/akyuu
timschumi · 12 days ago
Not for the ones on the receiving end.
strcat · 11 days ago
Being on the receiving end of valid, technical criticism in response to making misleading claims about GrapheneOS for falsely marketing products is their own choice. It's certainly a lot nicer than being on the GrapheneOS team heavily targeted by libel, bullying and harassment from those groups. Here's a recent example of the founder of /e/ and Murena linking to libelous harassment content on a conspiracy site, which links to a Kiwi Farms style character assassination video from someone friends with neo-nazis:

https://archive.is/SWXPJhttps://archive.is/n4yTO

Check out the site for yourself. The linked video is plainly filled with extraordinarily dishonest claims that are widely disproven. Copperhead is losing the legal battle very badly and should end up paying our years of legal expenses soon. Other groups attacking us can look forward to similar losses in court when our attention moves to them. Years of libel, bullying and harassment has consequences.

s

u/strcat

KarmaCake day1376July 24, 2013View Original