Comment by NoboruWataya
13 hours ago
> NB: Since I'm on GrapheneOS now I haven't looked back
Not to suggest GrapheneOS has become the new "standard" given it currently only supports Pixels, but I hear a lot more about GrapheneOS as the custom Android build than LineageOS, so I wonder if a lot of people have moved there from LineageOS.
The other reason for a decline in custom ROMs may just be that apps are becoming more and more locked down. Banking apps are getting stricter all the time, so even the ones that work with custom ROMs today aren't guaranteed to work tomorrow. And more people probably use Google Wallet than ever, which also rules out custom ROMs AFAIK.
I agree on the locked down part. Ever since I bought my first smartphone (HTC Desire) I've been flashing custom ROMs pretty much the day I bought it. In the beginning it was a hastle, then it became much easier. In 2021 and 2023 I bought a Xiaomi and it required registering before bootloader unlock was allowed. I didn't like I had to register, but did it anyway.
The real problem for me were the hard to come by blobs that needed flashing after certain updates. And the fact no official supported LineageOS build as available. That last one is mostly on my part for not checking before buying. But still, in the past pretty much any popular phone had one or more official builds supported on XDA. Nowadays you need to venture into Telegram groups scrolling over endless linear conversations of people asking the same issue over and over again. Maybe I'm just getting old, but what was wrong with using a (well structured) forum?
For me, I'm not that concerned with having contactless payments work. Although I did switch banks just to not have the Google Services/wallet requirement. That was short lived though, pretty much every contactless payment now only works with Google Wallet (ridiculous), I just gave up on it and pay by card instead.
I just want to get away from the fact Google Services is integrated into everything you do on your phone. The fact Google Wallet has access to not only the payments you make using NFC, but also the last x transactions on you bank account 'for fraud detection purposes' is quite insane if you ask me.
That's why I just run plain without Google Services (not even the sandboxed one by GrapheneOS) and accept the fact certain conveniences just isn't available for me.
I don't even miss rooting, which I mostly did in the past to have (non VPN based) add blocking on OS level. I just replaced most apps by their browser-based alterantives and use an add blocker there.
About 250k devices were getting GrapheneOS security updates two years ago[1], so it is approaching the number of official (and opt-in reported) installs of LineageOS.
[1]https://discuss.grapheneos.org/d/12281-how-many-grapheneos-u...
[flagged]
Can you give examples of what you consider "nasty attitude" on their part? All criticism of other project I've seen was either cold, clinical technical criticism, or defense against slander propagated in the media against GrapheneOS.
I haven't seen GrapheneOS folks going out of their way to attack anyone.
I'll bite.
GrapheneOS has a long history of brigading. They officially encourage it[0] and are now trying to make it a part of their OS[1].
But wait, they are just doing it to The Baddies, right? Setting aside the fact that they frequently claim targeted harassments against them, often with little[2][3] to no[4][5][6][7] evidence (the only heavily cited arguments from them are technical ones), they are using their fanbase for the good of humanity, right? Also, the link I presented earlier[0] doesn't seem that old.
Look no further: Daniel Micay(stinger), threatening another hardened browser Bromite of collaborating with his abuser (submitted one pull request), of stripping their ability to collaborate with him and... changing the license to prevent that, on an open-source project[8]. Don't take my words, the links are there. But honestly I can't think of any reason you have to go that far.
Another crashout on Mozilla's repo: https://web.archive.org/web/20240909072043/https://github.co... . Also notable are his insecurity claims against MicroG, to which one of the contributor replies:
> I'm a bit surprised by you pulling out this issue that was fixed 4 years ago and only affected apps which did not target SDK 23 or higher (which at the time was already a requirement for apps uploaded to Play Store). Your phrasing made me think there might be a new issue, but if this is what you were referring to, all good.
Again, I encourage you to read the entire thread and make up your own mind.
If you believe this behaviour comes from the bygone era before thestinger stepped down, here's a more recent incident: https://tech.michaelaltfield.net/2025/08/19/grapheneos-danie... GOS of course responded[9], but not without false claims: GOS accused the author of falsely claiming that he was a GOS contributor, but the author never said that, they instead said they "make a lot of contributions to many different open-source projects, especially security-related ones." (This was not edited after the fact; see [10]) Daniel Micay still manages/frequents many repos of GOS, including grapheneos.org[11], hardened_malloc[12], and os-issue-tracker[13]. You'll also see that the GitHub sponsor is registered to Daniel's account. I'm not saying there's anything wrong with this per se, it's just me showing that Daniel still has a substantial influence over the project and, judging from the tone of GOS' toots, he still writes the bulk of them as well. He did write most of the GOS-related comments here on HN under his account before he removed it and created a dedicated GOS account 20 days ago (as of writing).
And this leaves out many unverifiable (but consistent with the above) claims of coordinating attacks on their Matrix chat against projects they deem insecure and/or are a threat. You will have heard a lot of the phrase 'Kiwi Farms' regarding TechLore and Louis Rossmann, but although Louis does seem to have an account there, I couldn't find any activity remotely suggesting of GOS or Daniel over there. I couldn't find any evidence that TL is associated with KF. GrapheneOS also claims Louis "livestreamed" his private DMs, which I cannot corroborate; he may have deleted the livestream, but much more likely, it was simply recorded, judging by the format of the video. As for the supposed 'smear campaign', I think you can judge that by yourself. The videos are still up on YouTube.
What I can see from the above is that Daniel Micay (and by extension GOS) makes a lot of accusatory claims without much to back up, and oversteps his boundaries in order to silence opponents. For technical arguments at least there's a room for discussion, but for other stuff you're just have to take their word. I have never seen an open-source project this adversarial before, certainly not at this scale, and not for so long. They are the loudest on almost all of the issues they raise despite claiming the opposite, just look at their Mastodon timeline. This coupled with like-minded trolls acting autonomously (see [14], noting the commenter's reputation and the date of registration) makes their project untouchable by anyone else.
So there you go. Let's hope GOS actually has evidence to show this time around.
N.B. Inevitably somebody will associate me with organisations/communities I'm not part of. They're wrong. I am also one of the targets of Kw Farms; I don't want anything with it and wish it (and people in there) didn't exist. I use F-Droid, just like many other GrapheneOS users, but that doesn't make me involved in their community; I also use Accrescent. And I honestly find /e/ to be simply bad OS, not just from privacy perspective.
I am using GrapheneOS on a Pixel, which is not sold here, and therefore had to be imported with the specific intent of flashing GOS on it. I've been using it for the past 4-5 years, during which I had the (dis)pleasure of occasionally checking their social media to see updates. If you wonder how I seem to know a lot of their past behaviours, this is why.
[0]: https://web.archive.org/web/20260708165246/https://grapheneo...
[1]: https://web.archive.org/web/20260708165735/https://grapheneo...
[2]: https://grapheneos.social/@GrapheneOS/115698255379468128
[3]: https://grapheneos.social/@GrapheneOS/116835337586731444
[4]: https://grapheneos.social/@GrapheneOS/116664053488539588
[5]: https://grapheneos.social/@GrapheneOS/116302248111776763
[6]: https://grapheneos.social/@GrapheneOS/116296896211404265
[7]: https://discuss.grapheneos.org/d/24134-devices-lacking-stand... "Once again personally targeting our founder with fabricated stories and harassment from their community is what /e/OS has done before and continues doing."
[8]: https://github.com/bromite/bromite/issues/2141
[9]: https://grapheneos.social/@GrapheneOS/115056172025799459
[10]: https://web.archive.org/web/20250819151705/https://tech.mich...
[11]: https://github.com/GrapheneOS/grapheneos.org/graphs/contribu...
[12]: https://github.com/GrapheneOS/hardened_malloc/graphs/contrib...
[13]: https://github.com/GrapheneOS/os-issue-tracker/issues
[14]: https://www.ifixit.com/News/111634/why-the-fairphone-6-shoul...
[flagged]
Could you please share some examples?
I often see them being on point and highlighting important details. Majority of custom roms aren't taking security seriously, so I don't think there's anything wrong with calling them out on that.
[flagged]
2 replies →
[flagged]
[flagged]
[flagged]
> suspicious sponsors
GrapheneOS is entirely funded by donations. It doesn't accept strings attached sponsorships. We list companies sponsoring infrastructure for GrapheneOS on our website to encourage more companies to make donations and for transparency.
https://grapheneos.org/sponsors
Which of these companies do you claim is suspicious and what's the reasoning for that? Server sponsorships are how many Linux distributions including Alpine, Arch and Debian host their update mirrors and other infrastructure.
> force users into opaque hardware
Computer hardware and firmware is nearly universally closed source. The devices we currently support are among the most open including using Trusty OS for the TEE and secure core, OpenTitan as the basis for the secure element and littlekernel for the late stage boot chain on the main SoC.
GrapheneOS is coming to more devices but those devices need to meet our hardware security and requirements and provide the driver/firmware updates we need. We have a partnership with Motorola Mobility that's working towards new devices meeting our requirements with official GrapheneOS support.
> just the other day they were also promoting the usage of government sponsored VPNs
This is utter nonsense. Answering people's questions about how to use Tor on GrapheneOS is not promoting government sponsored VPNs. We don't even specifically promote Tor but rather explain how to use it. We also recommend people carefully consider using it to access the public internet via exit nodes since it makes people using it into targets and anyone can host an exit node.
Is this some kind of FUD?
Shady sponsors (if there is any) doesn't matter when transparency is in place. Want to reveal malicious intent? Provide a PoC.
Only hardware that supports bootloader relocking are Pixel devices. There are no others to consider development effort - plain simple. No, you can't use an unlocked device as a daily driver. Up to a minute out of your hands (or triggered reboot from public power outlet, due to outdated Lineage firmware) - and your bootloader is rewritten with one that collect your FDE secret and sends it to a remote server.
Opaque hardware? Which hardware are better and more transparent than Titan and upcoming OpenTitan? Bruteforce protection which considers current ambient temperature - what more do you need?
I can't say anything about VPN affiliation, but everything else is complete bollocks.
They're making inaccurate attacks on GrapheneOS to mislead people. We have sponsorships for our server infrastructure with those companies listed here:
https://grapheneos.org/sponsors
We also list the sponsors of specific servers in our server documentation:
https://grapheneos.org/articles/grapheneos-servers
Four of our sponsors are dedicated server companies and one is a VPN company sponsored 2 dedicated servers for us via one of their dedicated servers providers where they have a large discount on the hardware and traffic.
IPinfo is a well known GeoIP company. They provide open source projects including Alma Linux and GrapheneOS with free access to geolocation database downloads. We use it to implement GeoDNS on our self-hosted anycast DNS clusters. They get most of their GeoIP data from crawling the internet with over 1300 probes which makes it far more accurate than the more traditional options based on WHOIS and geofeeds.
What's sketchy about any of these companies? They also don't receive anything more than being listed on our site which we would do for transparency regardless.
GrapheneOS is entirely funded by donations but other donations by both companies and individuals are informal rather than official sponsorships. For example, Proton and Cape have both repeatedly made donations to GrapheneOS.
> Only hardware that supports bootloader relocking are Pixel devices
That's not quite right, but Pixels are the only devices providing all of the hardware requirements for GrapheneOS listed here:
https://grapheneos.org/faq#future-devices
GrapheneOS will also support future Motorola devices meeting all of these our requirements and providing official GrapheneOS support. Those will likely be available in under a year.
> I can't say anything about VPN affiliation, but everything else is complete bollocks.
Mullvad and Proton have both sponsored GrapheneOS with donations. All they wanted was us to say they donated to us which we would do for transparency anyway. We have no obligation to ever post about it again or to say anything positive about either company.
They're describing Tor as a government sponsored VPN and are claiming we promoted it because we answered people's questions about using it on GrapheneOS and have a small amount of documentation on using it. We don't specifically promote using Tor. We regularly caution people about the risk of making themselves into targets with it by accessing the public internet via exit nodes. Tor makes sense for some situations but we generally recommend using a traditional VPN for most people's use cases.
[flagged]