Comment by palata
8 days ago
I have been a user of /e/OS for 5 years, and also of GOS and would like to share my opinion on this:
> it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS
What I have seen (and I am not involved in any of those projects) is that GOS does care a lot about security, has a higher quality in that regard than anything else, and tends to be blunt about "inferior" projects communicating about security.
Not that they couldn't improve their communication style, but usually when they call out technical limitations of other projects (e.g. /e/OS), they are right. And I mean the technical arguments. Then I have seen a bunch of drama, but to be fair I have seen those other communities show toxic behaviour towards GOS just as much as the opposite.
It feels like it is GOS vs "the others", because the others don't criticise each other, and GOS bluntly criticises when they see claims they find are wrong (I have seen claims by /e/OS going from misleading to downright wrong).
On my particular phone, after 5 years with /e/OS, the Fairphone updates were outdated by 4 years. In terms of security I would have been better with the Stock Android. It depends on the phone of course, because /e/OS tends to claim that they support everything and they just can't. Even on a phone that /e/OS supports well, GrapheneOS is superior, period.
But I agree, I could do without all the drama. I guess my point is that it goes both ways.
I'm also not involved with any mobile privacy/security project, unless OpenStreetMap data and self-hosting can be said to be such
> GOS does care a lot about security, has a higher quality in that regard than anything else, and tends to be blunt about "inferior" projects communicating about security.
Two remarks:
- There's a difference between "blunt" and hostile or misleading. GOS (owners) are often the latter two from what I read, where by misleading I mean distorting reality about whom you should be protecting from and recommending you should never use anything else to reach your goals (as opposed to GOS' goals)
- They also reply when privacy comes up in other projects, not just security, but they treat it as though it's essential for privacy. Not everyone is running from an intelligence agency or cellebrite border checkpoints, some people just want a phone with as many open components as possible or want to lie to Facebook about which contacts are on their device. You don't need a locked bootloader and be prevented from accessing your own data for that (can't access /data on your own device on any official GrapheneOS build; which is fine if that's what you want, but not everyone's goals are the same)
>Not everyone is running from an intelligence agency or cellebrite border checkpoints
OK, but would it be such a bad thing if most people's personal devices were pretty damn resilient to mercenary spyware by default? I really don't think the standards GrapheneOS are aspiring to are the problem with this picture.
Certainly not, but there's more goals than singular security from government agents at all cost
With the current mobile OS landscape, getting away from ubiquitous overseas dependencies, constant tracking, and closed-source mandatory apps is, to me, much more direct-impact than protecting against this extremely remote chance of having an exploit, customised to my software stack, finding its way onto my device somehow. I'd much rather have the freedom to do with my hardware what I wish
Some people will prefer one thing, and other people another. Neither is a bad choice if it fits your goals and you know the risks of each one. So what I'm saying (and seem to be repeating over and over and over in any graphene fanboy thread) is that it's a choice, not a one-size-fits-all, and not a foregone conclusion (as GOS authors pretend it is, which this subthread started with)
/e/OS/ was bad with updates for a long time (I had to switch 2022). IodéOS is very good at it, in my experience (I have used all three)
> /e/OS/ was bad with updates for a long time (I had to switch 2022).
In my case, it was a few months ago, so end of 2025.
I think it's just that they can't possibly support thousands of Android devices. I just don't like that they are not being very clear about it. You would think that buying a phone through Murena would guarantee some kind of support, but it actually doesn't.
iodéOS lags far behind on Android, Linux kernel, browser engine and other updates too. It's much less behind than /e/ and misleads users less but they still do. They set an inaccurate Android security patch level which misleads users just as /e/ does.
I didn't know. Do you have a link to one specific announcement where they mislead people about the patch level? It would help to start a conversation to change that.
I guess on /e/OS you can just run Google Maps in a browser if you really want Google Maps features (like searching for a restaurant). Organicmaps works fine if you just need to get from A to B. It does lack live traffic, but you'll have to live with fewer features if you really want to not use Google for most stuff.
> Organicmaps
I would suggest having a look at CoMaps, a recent fork of OrganicMaps :-).
The founder and CEO of /e/ and Murena openly spreads content from Kiwi Farms and neo-nazi sites. He directly engages in harassment towards the GrapheneOS team. Here's him supporting authoritarians smearing GrapheneOS by replying to threads about it linking to harassment content based on fabrications on a neo-nazi conspiracy site:
https://archive.is/SWXPJ https://archive.is/n4yTO
The communities of several projects including /e/ have heavily engaged in spreading misinformation about GrapheneOS including fabricated stories about our team. They've even taken it to the point of repeated swatting attacks aimed at killing our team members. There are relentless raids on the GrapheneOS community platforms including our chat rooms where Child Sex Abuse Material, gore and endless harassment towards our team members including fabricated stories and harassment content from Kiwi Farms and elsewhere is posted.
Extraordinary claims require extraordinary evidence.
I find it very hard to reconcile claims like "repeated swatting attacks aimed at killing our team members...Child Sex Abuse Material..." with the proof offered being a blog post that makes the fairly anodyne (especially read in light of this comment) case that you are an extremely paranoid person whose paranoia leads you to extreme judgements that may harm users. If you are the target of extreme attacks, it seems far more plausible to me that those originate from state actors and security adversaries, rather than from erstwhile allies also trying to build better mobile OSes.
Rather than reading this as "harassment", I would suggest you should try to take it as constructive feedback: You do not play well with others and your prickly interpersonal demeanor hampers the adoption of what is (by all accounts) technically strong software.
> Extraordinary claims require extraordinary evidence.
It's your claims which are extraordinarily and have been thoroughly debunked. You're directly engaging in bullying with baseless personal attacks. You make false accusations about us while you're actively engaging in those things.
> I find it very hard to reconcile claims like "repeated swatting attacks aimed at killing our team members...Child Sex Abuse Material..." with the proof offered being a blog post that makes the fairly anodyne (especially read in light of this comment) case that you are an extremely paranoid person whose paranoia leads you to extreme judgements that may harm users. If you are the target of extreme attacks, it seems far more plausible to me that those originate from state actors and security adversaries, rather than from erstwhile allies also trying to build better mobile OSes.
It's very easy to see that the site which was linked is a neo-nazi conspiracy site. Gaël Duval knew that when linking to it. Gaël Duval has repeatedly spread harassment and libel content from Kiwi Farms and elsewhere. He has linked to the same harassment content linked in the post. Both of those videos are from Kiwi Farmers and one of them participates on the site with an account in their real name which received identity verification. They openly use the site as their personal army and were the one to involve them.
Duval very clearly knows that he's directing his community to target our team with harassment by spreading fabricated stories about us. Anyone can take a look around the site which was linked and see a whole lot of the paranoia and delusion you falsely attribute to me with no basis. Duval is opportunistically spreading harassment content to benefit his for-profit business for the same reason he has heavily invested in spreading misinformation about GrapheneOS.
Duval is not an ally. He's a grifter selling phony privacy products with dramatically worse privacy and security than an iPhone. They're scamming people with false marketing for their products. The supposedly private speech-to-text service from Murena actually just sends user data to an OpenAI service vs. iOS and GrapheneOS doing it locally which is very representative of their overall approach to the apps, services and OS.
https://community.e.foundation/t/voice-to-text-feature-using...
https://discuss.grapheneos.org/d/24134-devices-lacking-stand...
GrapheneOS is the only open source privacy and security hardened mobile OS based on AOSP in practice. Products using privacywashing for marketing aren't in the same space. They're not allies but rather the misinformation they propagate and the attacks they make on our team are extremely harmful to us. They're the main adversaries. Companies like Microsoft tend to be very friendly to us and open to collaboration vs. these small companies building a business around false marketing who feel very threatened by us so they engage in spreading misinformation and personal attacks on us. Claiming that it's state sponsored is ridiculous. It has been ongoing since long before GrapheneOS had significant adoption and has always been primarily caused by companies who feel threatened by GrapheneOS trying to harm it. Multiple companies have engaged in it because it's very convenient for them to hop onto the existing bandwagon of fabrications/harassment started in 2018. The privacy and security industries are filled with charlatans and scams. We have good relationships with a bunch of legitimate privacy and security projects including QubesOS, secureblue, Molly, Accrescent and MANY others. It's these companies selling supposedly private/secure phones which are in reality not very private and extraordinarily insecure where nearly all the attacks originate from.
> Rather than reading this as "harassment", I would suggest you should try to take it as constructive feedback: You do not play well with others and your prickly interpersonal demeanor hampers the adoption of what is (by all accounts) technically strong software.
It's libelous harassment content based on fabricated stories. You're claiming it's not happening while directly engaging in it. You're making the ridiculous claim that it's from state actors while the actual perpetrators are plainly visible and include yourself. It's the community around /e/ and several other projects which are extraordinarily toxic and engaging in harassment. Our community and project doesn't do it. You folks cross-reference your libel, bullying and harassment content entirely based on making up stories, personal insults, etc. while claiming a bunch of fabrications referencing each other is evidence. Calling me paranoid, delusional, etc. with no basis is nothing more than sociopathic bullying. Hacker News moderators shouldn't be allowing it.
2 replies →