Comment by strcat
8 days ago
It's a misconception that GrapheneOS is focused on security over everything else. It's a privacy project and privacy depends on security so it heavily focuses on both. It also provides major privacy improvements on a technical level rather than only avoiding privacy invasive apps and services. Privacy involves a lot more than which apps and services are bundled with the OS, contrary to how most supposedly private phone options are marketed.
> Securitywise it's hard to argue against them, although GOS tends to sacrifice usability in favor of security, which leads to odd decisions.
GrapheneOS doesn't make any major usability sacrifices for security. Privacy or security features with usability compromises are either opt-in or opt-out.
> Worth noting however is that usage of GOS is also seen as a signal in and of itself for the authorities that you may have something unsavory to hide
GrapheneOS is far more widely used than most alternate mobile operating systems and there's a lack of basis to claim that it's widely seen in the way you're describing in a way that other operating systems are not. In fact, they're largely conflating other operating systems with GrapheneOS because it's the most widely talked about and known about. They're calling devices GrapheneOS devices which aren't running it. In many cases it's not even a fork of it.
> have said that the OS is popular with organized crime
This is completely unsubstantiated and not evidence has ever been provided. On the other hand, it's known that law enforcement in Europe has widely sold devices to organized crime which they marketed by claiming they were based on GrapheneOS:
https://darknetdiaries.com/episode/146/
Using portions of our code doesn't make something GrapheneOS and marketing is also a different thing than reality. Most of what's claimed to be GrapheneOS in this context is not GrapheneOS but rather trademark infringement by forks or even non-forks.
> /e/OS (and similar "non-LineageOS" ROMs really) instead focus more on de-Googling.
Nope, /e/ always connects to multiple Google services regardless of configuration and gives highly privileged access to them. GrapheneOS doesn't connect to Google servers by default and avoids giving privileged access to installed Google apps via our sandboxed Google Play compatibility layer.
> They're still generally security focused.
No, that's definitely not the case. /e/ has absolutely atrocious security and fails to provide even basic security patches and protections. This is also part of why it provides poor privacy due to lagging far behind on privacy patches in addition to security patches along with being missing important standard Android privacy and security protections due to being far behind and not having it all set up. /e/ doesn't provide comparable privacy features to GrapheneOS Storage Scopes, Contact Scopes, Sensors toggle and far more not only the security features. /e/ isn't just not a security hardened OS, it's also not a privacy hardened OS. LineageOS has better privacy and security than /e/. AOSP has better privacy and security than LineageOS.
> Because of this, they usually have better depreciation timelines
/e/ doesn't provide proper updates for any devices. Many of the devices they support aren't getting driver and firmware updates from them even when they're available. They lag far behind on kernel, Android, Chromium (including WebView) and other updates too. They support many devices without kernel, driver and firmware updates available but they're usually way behind even when they are. /e/ simply doesn't care about providing basic privacy and security so they continue having people buy and use highly non-private and insecure devices lacking basic patches.
> Finally, it's worth noting that the GOS community is absurdly toxic to anyone doing anything privacy-related that isn't under the banner of GOS. It's extremely maximalist, tends to get very upset at other projects whenever they get attention (see sibling reply to this, where they pretty much melted down because an outlet dared to recommend a Fair phone+/e/OS) and the projects official channels have generally encouraged this sort of behavior. It doesn't really damage the software itself, but it's worth considering.
No, completely backwards. The massive amount of false marketing, misinformation and harassment engaged in by the /e/ project and community is what's toxic. The founder and CEO of /e/ and Murena openly spreads content from Kiwi Farms and neo-nazi sites. He directly engages in harassment towards the GrapheneOS team. Here's him supporting authoritarians smearing GrapheneOS by replying to threads about it linking to harassment content based on fabrications on a neo-nazi conspiracy site:
https://archive.is/SWXPJ https://archive.is/n4yTO
The communities of several projects including /e/ have heavily engaged in spreading misinformation about GrapheneOS including fabricated stories about our team. They've even taken it to the point of repeated swatting attacks aimed at killing our team members. There are relentless raids on the GrapheneOS community platforms including our chat rooms where Child Sex Abuse Material, gore and endless harassment towards our team members including fabricated stories and harassment content from Kiwi Farms and elsewhere is posted.
People should review https://eylenburg.github.io/android_comparison.htm which is a third party maintained comparison between AOSP-based operating systems which addresses many of the misconceptions you have about how GrapheneOS compares to AOSP, /e/ and other operating systems. You're not at all correct about what's provided by /e/ which fails to keep up with basic updates or provide the standard protections.
We can provide large amounts of further examples of the founder and CEO of /e/ and Murena participating in this harassment.
The attacks towards us including your libelous claims about us here are what's absurdly toxic.
> It's extremely maximalist
It isn't but rather is very pragmatic and focused on usability, robustness and compatibility alongside the major focus on privacy. The focus on security is to protect privacy because it depends on it.
Given I don't disagree with you about GOS being the best on security, I think there's only one thing really worth mentioning:
> The attacks towards us including your libelous claims about us here are what's absurdly toxic.
I want to make this clear upfront: I have no connection to /e/, Calyx, DivestOS or whatever other projects you've had issues with over the years. If you've had trouble with them I find that very unfortunate for you, but they are entirely unrelated to this conclusion. I do not consider these claims to be libelous when they're fairly easy to check:
The reason I consider GOS' community to be extremely toxic and find official channels enabling this is for a few very simple reasons:
1. I've seen several incidents of GOS users coming into adjacent Android communities to start beef with those communities while giving off the attitude of zealots. For a concrete example, the F-Droid forums have a thread about Googles impending changes to letting users install their own software ( https://web.archive.org/web/20250903081432/https://forum.f-d... ). The original OP for this thread has a pointless attack on the F-Droid project, declaring GOS to be superior. Moderators eventually changed this to be more mild (but it's why the first replies are snarking on low-hanging fruit about GOS), but I've seen similar behavior in other places - there's a reason that a lot of Android communities generally respond with trepidation and annoyance whenever the project is brought up and it's because of this behavior from the userbase.
2. I can read the GrapheneOS forums; they're public. Nearly every issue I've seen people have with GOS on the forums is effectively met by a "you're holding it wrong". This sets a tone for the community that makes it come across as extremely hostile to potentially interested users.
3. In the same sense, it's trivial to notice that the official GrapheneOS account on this forum is a frequent participant in these discussions, generally backing up the hostility on the virtue of technical accuracy. This to me suggests endorsement of this attitude. (See a sibling to my initial comment where the official account makes a post on the GOS forums about an unrelated blog for daring to recommend a different ROM/phone combo. This to me is not indicative of healthy communications, but rather of an obsession to promote GrapheneOS at every corner.)
4. I remember, as a Bromite user, the futzing with the Vanadium license in order to prevent other Android Chromium forks from making use of it's patches for the crime of... considering a contribution from someone the GOS project has beef with. That to me is the most telling thing really. The goal with that license futzing was never to actually help advance privacy/security or anything like that. It was to try and force a different project to conform to GrapheneOS' demands over something extremely minor and GOS went ballistic and threatened license changes (which they eventually did) the moment the maintainer asked for a bit more information because "GOS doesn't like this person" isn't enough to immediately warrant kicking someone off a project. Cromite (the fork of Bromite, as Bromite's maintainer went AWOL) still doesn't include Vanadiums hardening patches because of this. It's fucking absurd.
4 is the big one for me. It is absolutely unacceptable, unbecoming and to put it plainly: toxic behavior from an official voice in the project. It's fucking rich and borderline hypocritical to talk about GOS' consistent upstreaming of Android hardening patches while making it impossible through a license change for other projects to share it's contributions.
(Here's a source for that btw; https://github.com/bromite/bromite/issues/2141 and https://github.com/bromite/bromite/pull/2102 for the original incident. csagan5 essentially got jumped with extreme hostility for something they couldn't have been aware of and was very reasonable about, and all they got in response was more threats and hostility.)