Post B0UT4kIBShFNXj7wp6 by GrapheneOS@grapheneos.social
(DIR) More posts by GrapheneOS@grapheneos.social
(DIR) Post #B0U10PcxYPynZpzSIC by GrapheneOS@grapheneos.social
2025-11-21T21:34:46Z
3 likes, 5 repeats
Please listen to this podcast about ANOM:https://darknetdiaries.com/transcript/146/The FBI ran a string operation in Europe where they created their own 'secure' phone and messaging platform. Their OS used portions of our code and was heavily marketed as being GrapheneOS or based on GrapheneOS.
(DIR) Post #B0U10QaVyzcOYXr17Y by GrapheneOS@grapheneos.social
2025-11-21T21:36:08Z
0 likes, 1 repeats
Through this operation, the FBI provided criminals in Europe with a communication network they heavily trusted. It gave them much more confidence to coordinate and commit crimes. The vast majority of this crime was ignored for years to avoid exposing ANOM as being a honey pot.
(DIR) Post #B0U10RwsvJ6emDKOcy by GrapheneOS@grapheneos.social
2025-11-21T21:37:34Z
1 likes, 2 repeats
In cooperation with many European governments, the FBI heavily encouraged and facilitated organized crime in Europe. US and European governments facilitated drug trafficking, human trafficking, murders, rape, kidnapping and much more for years while claiming it was GrapheneOS.
(DIR) Post #B0U2TMnDGvmD8b9lfE by ozzelot@mstdn.social
2025-11-21T22:02:04Z
0 likes, 0 repeats
@GrapheneOS Is this the origin of that absolutely stupid "GrapheneOS is for criminals" take?
(DIR) Post #B0UI0wONQxYqPr0VDk by GrapheneOS@grapheneos.social
2025-11-21T21:48:12Z
0 likes, 0 repeats
It's an outrageous infringement on the GrapheneOS copyright and trademarks. US and European governments did massive harm to the GrapheneOS project through doing this. They placed us in very real danger of violence from organized crime by selling fake GrapheneOS devices to them.
(DIR) Post #B0UI0xQtZ5AZdxC1mi by GrapheneOS@grapheneos.social
2025-11-21T21:57:30Z
0 likes, 0 repeats
GrapheneOS building technology to protect privacy and security is completely legal. Our work is strongly protected by Canadian, European and American laws. A minuscule portion of our userbase are criminals and the claims being made by the French government about that are lies.
(DIR) Post #B0UI0yRzmTdyneiQ8e by GrapheneOS@grapheneos.social
2025-11-21T22:06:31Z
0 likes, 0 repeats
It's very likely a lot of the crime facilitated by ANOM wouldn't have happened without these governments providing criminals with a communications network they believed was completely secure. The way they wrapped it up doesn't absolve them of what they facilitated for years.
(DIR) Post #B0UI0zM0QERlbMv9RQ by GrapheneOS@grapheneos.social
2025-11-21T22:15:33Z
3 likes, 2 repeats
France's government and law enforcement wants you to believe GrapheneOS and Signal are somehow responsible for crime. French law enforcement operates with impunity and has extraordinarily levels of corruption and criminal behavior. They're the ones committing and enabling crime.
(DIR) Post #B0UI8pNvN2kp03YXuC by charlesp@mastodon.altearn.xyz
2025-11-21T23:00:18Z
0 likes, 0 repeats
@GrapheneOS I don't get where the podcast says ANOM was "heavily marketed as being GrapheneOS"At most it says ANOM was marketed as being a fork of GrapheneOS. And if that's a copyright infringement, then you are doing copyright infringement on Android (or AOSP) too.
(DIR) Post #B0UI8qztNMie06KNiy by GrapheneOS@grapheneos.social
2025-11-22T00:28:07Z
0 likes, 0 repeats
@charlesp The information we posted is not solely based on the podcast we linked. ANOM was heavily marketed by calling them GrapheneOS phones in their communications to potential customers. We obtained an ANOM phone and investigated whether it was based on GrapheneOS. It used some of our code but we consider it inaccurate to even call it a fork of GrapheneOS. They didn't even use our update client on the device we obtained, it was the LineageOS updater client with other code from there too.
(DIR) Post #B0UI8rwjqZn4wbrNRo by GrapheneOS@grapheneos.social
2025-11-22T00:29:41Z
0 likes, 0 repeats
@charlesp They definitely didn't make sure to say "based on" GrapheneOS throughout their communications. It was regularly just called GrapheneOS by the people they had marketing it. They hired criminals to market the devices to other criminals and many seemingly had little idea of what they were peddling. We had direct encounters / interactions with some of these people as part of trying to get companies to stop misusing our brand name. ANOM is NOT the only example of that at all.
(DIR) Post #B0UI8t11s6oiGCsJm4 by GrapheneOS@grapheneos.social
2025-11-22T00:30:55Z
1 likes, 0 repeats
@charlesp We avoid calling GrapheneOS Android. We make sure to say Android-based or AOSP-based. We do not comply with the enormous set of rules required to call it Android and have no interest in doing so as many of those rules go against our goals. GrapheneOS is not Android.
(DIR) Post #B0UIFvk885xOkLKUbY by skedarwarrior@techhub.social
2025-11-22T00:15:27Z
0 likes, 0 repeats
@GrapheneOS Not surprising, they must REALLY be pissed they can't hack into every device out there.I have heard the police cannot hack it.Makes me wonder how secure an actual linux distro like devuan or debian is.I wouldn't be surprised if they are more secure if that is the case.I mean, no offense, but you are based on android. Android feels like a minefield for security in it of itself.GrapheneOS is different because of removing the remote tracking and general surveillance crap and all that and hardening stuff too. :)
(DIR) Post #B0UIFx7uz8Zz2PT0K0 by GrapheneOS@grapheneos.social
2025-11-22T00:33:37Z
0 likes, 0 repeats
@skedarwarrior GrapheneOS is an actual Linux distribution, but it's a heavily privacy and security hardened one far more secure than a traditional desktop OS. AOSP itself is far more secure than a traditional desktop OS.> I wouldn't be surprised if they are more secure if that is the case.No, you have that completely backwards.> I mean, no offense, but you are based on android. Android feels like a minefield for security in it of itself.You're completely wrong and have it backwards.
(DIR) Post #B0UIFyDyu51WRVJMPY by GrapheneOS@grapheneos.social
2025-11-22T00:34:39Z
1 likes, 0 repeats
@skedarwarrior > GrapheneOS is different because of removing the remote tracking and general surveillance crap and all that and hardening stuff too. :)AOSP is much more private and secure than desktop operating system platforms including the ones based on Linux. Linux is also not a privacy or security focused project itself, and is actually quite poor at both. It's a massive monolithic kernel written in a memory unsafe language. It started as a rejection of a more secure architecture...
(DIR) Post #B0UIFyy48jt2kQsAF6 by skedarwarrior@techhub.social
2025-11-22T00:45:04Z
0 likes, 0 repeats
@GrapheneOS Memory unsafe? Isn't android made from java primarily, if so... I find that unlikely to be accurate.
(DIR) Post #B0UIFzcphAUqmrwimm by GrapheneOS@grapheneos.social
2025-11-22T00:55:54Z
1 likes, 0 repeats
@skedarwarrior Java/Kotlin are memory safe languages, as is Rust. The majority of new code added to Android is written in memory safe languages. Android is Linux and works fine with regular Linux kernels. The Linux kernel is one of the major security weaknesses of Android due to being a massive monolithic kernel with no internal isolation/sandboxing and lack of memory safe languages. Tiny mistakes in the Linux kernel result in severe vulnerabilities compromising the whole OS.
(DIR) Post #B0ULx9esZIHKDcAyXY by skedarwarrior@techhub.social
2025-11-22T01:38:22Z
1 likes, 0 repeats
@GrapheneOS Okay, but OpenBSD is mostly written in C and its one if not the most secure OS period. Btw, java has that unfixable log2shell bug that they kept struggling to fix. Someone found it on minecraft and it wreaked havoc on java apps for a while.I don't know if its been fixed yet though.
(DIR) Post #B0UMymg15IEpTY35W4 by GrapheneOS@grapheneos.social
2025-11-22T01:50:25Z
1 likes, 0 repeats
@skedarwarrior > Okay, but OpenBSD is mostly written in C and its one if not the most secure OS period. OpenBSD is definitely not the most secure OS and there are many ways it compares unfavorably to other desktop and server operating systems.You're making statements about these topics based on what you've read from non-experts on social media.> Btw, java has that unfixable log2shell bug that they kept struggling to fix. That's a poorly written third party library from Apache...
(DIR) Post #B0UN4IAdQ0LWbFzr5E by skedarwarrior@techhub.social
2025-11-22T01:52:30Z
1 likes, 0 repeats
@GrapheneOS So what would you consider a server operating system that is secure?Because OpenBSD has pledge and unveil in its xenocara layer
(DIR) Post #B0UNhFWRCNjlgDlrqy by GrapheneOS@grapheneos.social
2025-11-22T01:54:19Z
0 likes, 0 repeats
@skedarwarrior The library you're referring to (log4j) essentially had a takeover by other people and was turned into a huge mess. The original library wasn't nearly as bad. The creator of the library made a replacement for the original as a spiritual successor which didn't have any of these issues. The vulnerabilities in log4j had little to do specifically with Java and there are few languages which discourage the stuff they were doing which led to it. It's not a Java flaw but a bad library.
(DIR) Post #B0UNhGV3Z0E6iE8HL6 by skedarwarrior@techhub.social
2025-11-22T01:55:16Z
0 likes, 0 repeats
@GrapheneOS hmm, and the other question? What operating systems do you consider secure for servers
(DIR) Post #B0UNhHBF29yEp3ry5o by GrapheneOS@grapheneos.social
2025-11-22T01:57:05Z
0 likes, 0 repeats
@skedarwarrior We don't want to make recommendations when the mainstream options are all pretty bad. They could be dramatically better if people actually worked on it. It's another case where Apple ends up doing much better at security than the mainstream open source community due to lack of interest in serious privacy and security work from nearly the entire open source world. The answer should be a microkernel-based OS which actually provides modern exploit protections, verified boot, etc.
(DIR) Post #B0UNhHtuM5hR3aldiK by skedarwarrior@techhub.social
2025-11-22T01:59:16Z
1 likes, 0 repeats
@GrapheneOS So basically... all options suck on this?Hmm... well my options would have been OpenBSD or some devuan fork. or my other niche distro that removes lots of blobs and crap. Although perhaps its not easy to say what is best like you said before.
(DIR) Post #B0UT4jZs7RnlKIOYkq by lispi314@udongein.xyz
2025-11-22T02:17:01.376785Z
0 likes, 0 repeats
@GrapheneOS @skedarwarrior >> Okay, but OpenBSD is mostly written in C and its one if not the most secure OS period. > OpenBSD is definitely not the most secure OS and there are many ways it compares unfavorably to other desktop and server operating systems.I think this might be a reference to OpenBSD's "Only two remote holes in the default install, in a heck of a long time!", but the thing is that's a very qualified statement. It holds exclusively for the default install, its configuration immediately thereafter and the absence of additional programs & data.It mostly means that one's system is unlikely to immediately get pwn'd by bots while one is installing it while directly connected to the Internet. Useful, but not exactly a universal statement for future use.OpenBSD otherwise falls prey to basically every other problem that plagues the UNIX architecture & monolithic low-isolation kernels and have their own particular problems regarding updates.
(DIR) Post #B0UT4kIBShFNXj7wp6 by GrapheneOS@grapheneos.social
2025-11-22T02:54:07Z
1 likes, 0 repeats
@lispi314 @skedarwarrior OpenBSD is not counting many memory corruption bugs which are likely to be remotely exploitable and many other things, only the ones proven to be remotely exploitable. There's very little overall interest in actually trying to exploit already patched vulnerabilities and particularly low for OpenBSD rather than doing it as a novelty for old Linux kernel vulnerabilities or something similar. It's a close to meaningless claim since they're not counting most vulns...
(DIR) Post #B0UxDIeUat8P38Yabg by skedarwarrior@techhub.social
2025-11-22T02:21:20Z
0 likes, 0 repeats
@lispi314 @GrapheneOS There is one small thing that comes to mind, GrapheneOS just said something that makes me wonder about him.He said that mac does better job of security than say, open source operating systems. That and saying android is more secure reminds me of this person who has a github who basically praises android, windows and proprietary operating systems as being the most secure. Maladyin or something like that... this person anyhow with maladyin or w/e was roasted by the reddit community alot for their views. I can't say that I trust such views either...I very much hope GrapheneOS isn't leading me on here. Because there are some out there who would.EDIT: This is who I mean:https://madaidans-insecurities.github.io/linux.htmlthe person reddit dunked on for saying proprietary os is more secure kind of nonsense
(DIR) Post #B0UxDJZDC0VLt35t0y by GrapheneOS@grapheneos.social
2025-11-22T02:56:19Z
1 likes, 1 repeats
@skedarwarrior @lispi314 Basing your opinion on what non-experts say on social media, especially Reddit, is why you're so misinformed.This is a project account, not an individual's account, which is important to understand.Someone's statements not aligning with your preconceived bias and what's said in social media echo chambers of non-expert doesn't mean they are wrong.