[HN Gopher] GrapheneOS migrates server infrastructure from France
___________________________________________________________________
GrapheneOS migrates server infrastructure from France
https://xcancel.com/GrapheneOS/status/1991604700882563267
Author : 01-_-
Score : 157 points
Date : 2025-11-24 18:48 UTC (4 hours ago)
(HTM) web link (www.privacyguides.org)
(TXT) w3m dump (www.privacyguides.org)
| Bender wrote:
| They should consider making their primary site a .onion and then
| have clear-web portals in many countries that serve as a
| secondary class site _or cache_. The physical location of the
| primary site should be unknown.
| anonymousiam wrote:
| It's a sad fact that there's just no way for GrapheneOS to win
| this fight. The intelligence agencies of every world government
| are on one side, and a relatively poor organization that
| produces less restricted cell phone software is on the other.
| immibis wrote:
| And mostly (but not entirely) neutral judges are the
| arbitrators.
| hacker_homie wrote:
| We can only use technical solutions to this problem for so
| long.
|
| The real issue is that the public wants a right to digital
| privacy.
|
| The state would not like you to have that because they are lazy
| and want to be able to look at your messages.
|
| Because they have convinced themselves that messages are a
| crime.
|
| This is a political problem not a technical one.
| ranger_danger wrote:
| > The real issue is that the public wants a right to digital
| privacy.
|
| Legitimate question, is there any concrete evidence that the
| majority of the public actually does want this?
| whatshisface wrote:
| https://www.pewresearch.org/internet/2023/10/18/how-
| american...
|
| 80% are concerned.
| 9dev wrote:
| There is not. In fact, many users will gladly give away any
| notion of privacy whatsoever in exchange for a Candy Crush
| lootbox.
| serial_dev wrote:
| I want digital privacy... but a lootbox is a lootbox.
| doubled112 wrote:
| As long as the cost/benefit calculation is high enough on
| your side, you're fine with it?
| blitzar wrote:
| I have felt great pity for Snowden all these years, his
| personal sacrifice was all for nothing, a short news
| cycle later and nobody cared.
| izacus wrote:
| I wonder what an actual referendum on Chat Control would
| actually say as well.
| immibis wrote:
| It's amazing to me that everyone even slightly disliked by the
| ruling class isn't doing this. Like remember when Nintendo took
| down a bunch of Switch emulators... from GitHub? Why were they
| primarily on GitHub?
| undeveloper wrote:
| _Technically_ emulators are not against the law, piracy is
| against the law. And given that open source projects are all
| on github, it makes sense for them to just be on github
|
| That said, there are many forks of the projects DMCA'd still
| floating around.
| gruez wrote:
| How does this increase security? The actual code is distributed
| over github and is digitally signed. Same goes for the
| installers/updates. Attempts to replace the contents would be
| easily detected, and would won't do much, aside from maybe
| compromising someone installing in that short time frame.
| Moreover darknet sites have an identity problem. It's easy to
| validate that "grapheneos.org" is the official site, not least
| because there's no grapheneos.com or similar. If you're using a
| hidden service you'll get an address like
| graphenenlhxh74dsi1kk1k8se0wutcc2v4f7bnohqe8zxbkfk8z3wp8.onion.
| How do you know whether that's the official site, or
| graphenenlhxr1uvl0i8oiuzx587fpgcesik0apij5axd1a0xbdvj5eg.onion?
| ChrisArchitect wrote:
| [dupe] https://news.ycombinator.com/item?id=45999024
| dang wrote:
| Related ongoing thread:
|
| _France threatens GrapheneOS with arrests / server seizure for
| refusing backdoors_ -
| https://news.ycombinator.com/item?id=46035977 - Nov 2025 (244
| comments)
|
| Recent and related:
|
| _France is taking state actions against GrapheneOS?_ -
| https://news.ycombinator.com/item?id=45999024 - Nov 2025 (108
| comments)
| mmooss wrote:
| I understand the concerns and anger of GrapheneOS's leadership,
| but the hyper-escalation tactic doesn't do what they hope:
|
| First, it sends a message of inexperience in business,
| negotiation, and conflict resolution: 'I'm going to take my ball
| and leave' - it looks like an emotional overreaction without
| strategic thinking. These days you sometimes see powerful parties
| making similar threats - e.g., Uber threatening to leave certain
| markets. But those people have significant power and their tactic
| is really to demonstrate that in order to shift their negotiating
| position; usually they don't actually decamp, and GrapheneOS has
| relatively little power so that tactic doesn't apply.
|
| As importantly, it sends the message that GrapheneOS can be
| pushed around and manipulated: A slight hint of a threat and they
| flee. Others will take note, and many will think the same of
| other FOSS projects, large and small - they are easily
| intimidated and dismissed.
|
| Another reason people don't use these tactics is that they have
| other important interests besides the one under immediate threat.
| A requirement of anyone with significant investments that can't
| be easily abandoned - which is everyone doing anything of value -
| is to navigate in a way that upholds all those interests. You
| don't burn down the house to kill a rat. It can be hard and
| requires careful, deliberate thought and strategy.
|
| One unmentioned interest that might appeal to GrapheneOS's
| leadership is the freedoms of people in France to create FOSS,
| and to individual privacy and security.
| elric wrote:
| Exiting France when they feel like the freedoms of their
| software and their contributors are in danger seems like a
| perfectly reasonable response.
|
| GrapheneOS is an open source project. They hand out great
| software for free. They have no obligations to do this. And
| they certainly have no obligation to try to "negotiate" with
| obviously hostile governments. They have nothing to gain from
| this.
|
| > You don't burn down the house to kill a rat.
|
| I don't see how this analogy applies here. France is the house.
| mmooss wrote:
| This is the second time people responded to a post about
| GrapheneOS strategy with an argument about obligations. It's
| hard to even explain how vastly different those issues are. I
| didn't say anything about GrapheneOS's obligations; I talked
| about strategy and tactics to serve their goals.
|
| If you do want to talk about obligations - yes, we all have
| obligations to our communities, societies, etc., whether we
| like it or not, whether we deny it or not. GrapheneOS has
| obligations to the open source community, to freedom, to
| their users and developers, etc. Defining those obligations
| is very difficult and I won't try, but if none of us have
| those obligations then who does? There's nobody else coming
| to the rescue, there is no authority that will take care of
| it for you (like parents caring for irresponsible children) -
| it's just you and me.
| delichon wrote:
| > I talked about strategy and tactics to serve their goals.
|
| I am skeptical that there is any lesser step that they can
| take consistent with their goal of an uncompromised OS. Or
| that France would be satisfied with anything less than
| access. Security is not a side feature of GrapheneOS that
| they can compromise on, it's their core mission. It's like
| telling Frodo to see the sights in Mordor, but stay away
| from Mount Doom.
| elric wrote:
| > I talked about strategy and tactics to serve their goals
|
| Putting their project or contributors at risk does not
| serve their goals. You seem to be expecting a lot from a
| bunch of volunteer contributors.
| mcv wrote:
| I don't know. It's making the news, and if GrapheneOS is the
| only one protesting this, what are iPhone and Android already
| complying with? Perhaps I should also switch to GrapheneOS.
|
| And moving your servers out of jurisdictions that threaten them
| is not hyper-escalation; that's just being responsible.
| mmooss wrote:
| > It's making the news, and if GrapheneOS is the only one
| protesting this, what are iPhone and Android already
| complying with? Perhaps I should also switch to GrapheneOS.
|
| That is a (minor) upside, imho.
| TheCraiggers wrote:
| > it sends the message that GrapheneOS can be pushed around and
| manipulated: A slight hint of a threat and they flee.
|
| Somehow I doubt France thinks they "won". What they wanted was
| a back door into the OS. Not only did they not get that but
| they lost what little bargaining power they had when gOS left
| France.
|
| > it sends a message of inexperience in business, negotiation
|
| You don't negotiate with terrorists. Obviously France isn't a
| terror organization but the point is the same: you don't play
| their game. You play your own.
|
| Leaving the country is exactly that.
| eloisant wrote:
| If you want my opinion GrapheneOS isn't on the radar of the
| French government at all, so they don't think they "won" or
| "lost". It's kind of a "I don't think about you at all" Mad
| Men Meme.
|
| It's just a few cops who said "I don't like that we can't
| crack it", and a journalist who asked the prosecutor who got
| Durov arrested and she said "well sure if they break the law
| we could sue them".
|
| The only party that is getting hurt about this whole thing is
| their French hosting company, OVH, who tried to calm down the
| situation and talk to explain him that they can still safely
| use OVH.
|
| https://mastodon.social/@_bapt_/115585566888497543
| StopDisinfo910 wrote:
| > Somehow I doubt France thinks they "won". What they wanted
| was a back door into the OS.
|
| There is absolutely nothing pointing to France wanting a
| backdoor in GOS. The only thing we have is one prosecutor
| quoted in a far right journal saying she wouldn't hesitate to
| charge them if they are linked to organised crimes and refuse
| to cooperate.
|
| When France wants a backdoor in an open source project, they
| do it like every modern country with an intelligence service,
| sneakily.
| blitzar wrote:
| When France wants a backdoor in an open source project,
| they do it like every modern country with an intelligence
| service, the borrow either the CIA's or Mossads.
| t3rra wrote:
| Ok, Johanna Brousse
| Klonoar wrote:
| Exactly what ball do you think they're taking and leaving?
| palata wrote:
| I am genuinely not sure you understand what GrapheneOS is doing
| here. They were using French servers (OVH) for some
| infrastucture, and they are moving away from that because they
| are pissed at France.
|
| They don't make GrapheneOS unavailable to French users, they
| just change "cloud provider".
|
| There is no negotiation or conflict resolution there: they
| don't feel safe using a French provider, so they move to a non-
| French provider, period.
| anvuong wrote:
| > self-advertised as uncompromising privacy focused OS
|
| > didn't even compromise even a bit (negotiation is already a
| compromise) against a country who is notorious for advocating
| for privacy-invasive policies in recent years
|
| > get lectured by yc high-horse rider on the obligation blah
| blah, even when by and large this move doesn't materially
| affect the end-users in any substantial way
|
| I used 4chan style because most of the times 4chan commenters
| have more sense than yc these days. Many people here do live in
| glass houses.
| echelon_musk wrote:
| https://en.wikipedia.org/wiki/Posting_style
| ranger_danger wrote:
| For what it's worth, Micay has a long history of accusing other
| people of slandering the project without providing any evidence
| or rebuttals.
|
| When asked for details, he gets defensive and accusatory, then
| creates multiple sockpuppet accounts to argue the same points
| over and over.
| neilv wrote:
| "Just because you're paranoid, doesn't mean they aren't out to
| get you."
| protimewaster wrote:
| I was going to say something along these lines.
|
| There was a post on the GrapheneOS forums a while back, from
| Micay, claiming that a well-known YouTuber who had
| backtracked on recommending GrapheneOS (because of Micay's
| behavior, according to the YouTuber) had probably actually
| backtracked because the YouTuber was financially involved
| with a competing project. My initial reaction to the post
| was, "Oh, I guess this is that paranoia I've heard about with
| Micay." My thought was reenforced when it was further
| claimed, in that thread, that the YouTuber was active in a
| forum well known for online bullying of people they don't
| like. The whole thing definitely sounded paranoid.
|
| In the thread, though, there was in fact linked paperwork
| where the YouTuber had registered the company in question,
| and also links to a verified account on the forums in
| question (using the YouTuber's real name).
|
| So, yeah, just because you're paranoid, doesn't mean they're
| not out to get you.
| jasonvorhe wrote:
| Most people rather trust some newspaper or magazine instead
| of investing 10 minutes into researching on their own only
| to then start sockpuppeting for the conclusions of the
| author who probably didn't do their due diligence in
| writing the piece in the first place.
| neilv wrote:
| "Sockpuppeting" has connotations that don't apply here,
| and it's an important term for other pressing purposes,
| so we don't want to dilute it. Does "parroting" express
| your intent well enough?
| jasonvorhe wrote:
| I was struggling with the term myself being a non-native
| speaker. I appreciate your suggestion, it's a much better
| fit. Thanks!
| neilv wrote:
| Yeah, I think it's fair to say that Micay knows a million
| times more about this technical and application space, and
| the political and business dynamics around it, than most
| HNers.
|
| And I also believe that he's actually been personally
| targeted for harassment, from multiple directions, over the
| years.
|
| So he's learned and earned some... vigilance.
|
| And overall, I suspect that GrapheneOS is much better for
| the vigilant mindset.
|
| I donated money partly with this in mind.
|
| I don't know whether the project has a PR expert working
| with them already, but if not, that would be a nice pairing
| with the very smart and vigilant people on the team.
| palata wrote:
| I read about this when I first discovered GrapheneOS, and it
| looked like it. And it may be partially correct.
|
| But on the other hand, I have read a lot of "drama" between
| e.g. /e/OS and GrapheneOS, and more often than not, it looked
| like GrapheneOS was criticising _actual limitations_ of /e/OS
| and /e/OS (a mix of the community and official comms) seemed to
| be the one being unfair.
|
| GrapheneOS generally is pretty direct at saying stuff like
| "their approach is strictly less secure" or "they are often
| worse than Stock Android", and I understand that this is not
| good publicity for Murena. But I am yet to see one of these
| claims to be wrong: all I can say is that the tone is very
| direct and could offend the /e/OS people, even if the claims
| are true.
|
| On the other hand, instead of just acknowledging and trying to
| explain why /e/OS may be a good choice (e.g. if you happen to
| own a phone that is not a Pixel and that is well supported by
| /e/OS), I have seen actually wrong claims from /e/OS against
| GrapheneOS (sometimes downright technically wrong about
| security/privacy). And while GrapheneOS is quite exemplary with
| their support (if your phone is supported, then it's best in
| class), I have run /e/OS on a couple of phones and I have seen
| by myself that some of the security updates were 3 years old
| while the Stock Android was actually up-to-date.
|
| So yeah... I get that it's a sensitive topic, but I feel like
| there is more a long history of people accusing GrapheneOS of
| accusing people, and I'm not anymore convinced that this is
| actually true.
| iamnothere wrote:
| This is likewise my experience. It's true that Micay is
| prickly and unwilling to prioritize social grace over
| technical accuracy, but that's kind of what I'd like to see
| for a project like this.
| amatecha wrote:
| Also cross-posted on Mastodon
| https://grapheneos.social/@GrapheneOS/115595997701449168
| Lariscus wrote:
| This looks hugely blown out of proportion. The project founder
| has a well documented history of what I would consider a
| persecution complex. Once again he has provided no substantial
| evidence. The only thing they provided are some, admittedly
| borderline libelous, news articles. Unless they provide some more
| concrete information about these supposed attempts of getting a
| backdoor installed into the system, I will consider this as just
| another day of GrapheneOS drama.
| dijit wrote:
| I mean, _maybe_?
|
| Multiple accounts have said the same thing in this thread, and
| I'll be honest here: given the Jia Tan situation, it could be
| true (in the way that he's being pushed by external forces). It
| could it be character assassination... Or it could be totally
| valid: idk.
|
| But what I do know is that nobody is providing any citations.
|
| I also know that progress depends on the tyranny of
| unreasonable people.
| aunty_helen wrote:
| Don't you need that sort of paranoia to go out and create a
| privacy focused mobile OS?
| jjgreen wrote:
| A world-weary cynicism suffices.
| idle_zealot wrote:
| I expect that most cynics would just keep their heads down
| and use iOS or something. The intense idealism needed to
| motivate something like Graphene is compatible with
| paranoia, but not with weariness.
| bigbadfeline wrote:
| > The intense idealism needed to motivate something like
| Graphene
|
| Yes, the intense idealism of the brainwashed and
| oblivious prompted the realistic Graphene creators to do
| something themselves instead of waiting for other
| realistic folks who happen to be few and far between.
| concinds wrote:
| The evidence is not "news articles", but the contents of those
| articles where a high-ranking prosecutor threatened to go after
| GrapheneOS "if they don't cooperate with the law".
|
| No matter your feelings about the creator, I think this was
| entirely the rational choice.
|
| France is pro-Chat Control. For about a year now there's been
| an anti-drug trafficking fervor among legislators and
| government, in which they've pushed for encryption backdoors
| (separate from Chat Control at the EU level) and recently
| threatened GrapheneOS. The country is politically unstable so
| future politics are hard to predict, but anti-encryption
| politicians stand a good chance of winning the next election.
| Any rational project would move out.
| Lariscus wrote:
| I don't disagree about leaving France over their position on
| chat control or legislation.
|
| I disagree about them essentially spreading misinformation
| about what actually happened. One prosecutor, that probably
| doesn't even know what GrapheneOS is, making boisterous
| claims to the press, is not the same as being contacted by
| the state about adding a backdoors.
| jasonvorhe wrote:
| I don't get what you're saying.
|
| Interviewed cop says they'll go after them if they don't
| cooperate, which would mean a) requesting assistance to law
| enforcement via means such as backdoors and server seizures
| and b) resulting in legal steps against the organization
| and its members by France. Who in their right mind wouldn't
| take this a threat? After Wikileaks, the Telegram CEO,
| pushes for chat control and other authoritarian techniques?
|
| Sure, the cop might be a nobody in the grand scheme of
| things but they're representing a government agency
| publicly so they're probably not babbling out nonsense in a
| bar somewhere, being overheard by a reporter.
| sunshine-o wrote:
| What happened to the founder of Telegram should be enough to
| discourage any of them to travel in France.
|
| Especially since I guess they do not have the same kind of
| money and influence to fight it back.
| rgblambda wrote:
| A European Arrest Warrant would make the entire EU off
| limits. Which makes me think they haven't thought this
| through and are just overreacting, as many on this thread
| suspect.
|
| If the GrapheneOS maintainers were being advised by a lawyer,
| they'd surely know that if French Authorities wanted them
| arrested and they were standing on a street corner in
| Stockholm, they could just as easily be picked up by police
| as if they were in a cafe in Paris. Making the whole France
| travel ban just a load of theatrics.
| gruez wrote:
| >The project founder has a well documented history of what I
| would consider a persecution complex.
|
| Source?
| richbell wrote:
| Not a "source" but one such incident is https://www.reddit.co
| m/r/PrivacyGuides/comments/13s7mv3/why_...
| aborsy wrote:
| Canada is liberal and a better option for hosting privacy
| projects than EU.
|
| Every few months a bad proposal comes out of somewhere in EU. The
| details of this case don't matter, the tendency is big government
| control.
| bluGill wrote:
| There is no place in the world where there are not bad
| proposals all the time. Some places are worse than others, but
| everyplace has problems and needs to be watched.
| palata wrote:
| EU is not a country. There are many different countries in the
| EU.
| tracker1 wrote:
| I'm not sure... they've added some pretty repressive language
| controls themselves already. Let alone proposed legislation.
|
| https://www.eff.org/deeplinks/2025/07/canadas-bill-c-2-opens...
___________________________________________________________________
(page generated 2025-11-24 23:00 UTC)