cross-posted from: https://programming.dev/post/41272884
GrapheneOS is being heavily targeted by the French state because we provide highly secure devices and won’t include backdoors for law enforcement access. They’re conflating us with companies selling closed source products using portions of our code. Both French state media and corporate media are publishing many stories attacking the GrapheneOS project based on false and unsubstantiated claims from French law enforcement. They’ve made a clear threat to seize our servers and arrest our developers if we do not cooperate by adding backdoors. Due to this, we’re leaving France and leaving French service providers including OVH. We need substantial help from the community to push back against this across platforms. People malicious towards us are also using it as an opportunity to spread libel/harassment content targeting our team, raid our chat rooms and much more. /e/ and iodéOS are both based in France, and are both actively attacking GrapheneOS. /e/ receives substantial government funding. Both are extremely non-private and secure which is why France is targeting us while those get government funding. We need a lot more help than usual and we’re sending our the first ever notification to everyone on the server because this is a particularly bad situation. If people help us, it will enable us to focus more on development again including releasing experimental Pixel 10 releases very soon.
I’m not that well versed on anything Graphene, nor any related drama.
Trust is somewhat non-technical, personal, subjective and dependent on your threat model. You can greatly improve trust via technical means and processes, as well as distribute and communicate trust via technical means. In the end, you still need to trust one or more physical people.
Personally, my biggest issue with any software I use is future maintenance. Can I be certain this will keep working as I want it for the duration I want? Will I get security updates? There, the trust comes from the people and funding involved, seldom technology.
Yes for sure.
The thing is, GrapheneOS has a pretty stable development team. Their software is very reliable and trustworthy.
They were the the first to introduce a ton of things that improve user experience and make it more reliable (like the web installer).
GrapheneOS was also way more reliable over time, there was no downtime at all (except from maybe the CopperheadOS drama back then), unlike any alternative there basically.
So yeah this situation is just bad and it is insane how much good work a single person can do, but also how much a single person can mess up.