Comment by nunobrito

8 hours ago

[flagged]

> suspicious sponsors

GrapheneOS is entirely funded by donations. It doesn't accept strings attached sponsorships. We list companies sponsoring infrastructure for GrapheneOS on our website to encourage more companies to make donations and for transparency.

https://grapheneos.org/sponsors

Which of these companies do you claim is suspicious and what's the reasoning for that? Server sponsorships are how many Linux distributions including Alpine, Arch and Debian host their update mirrors and other infrastructure.

> force users into opaque hardware

Computer hardware and firmware is nearly universally closed source. The devices we currently support are among the most open including using Trusty OS for the TEE and secure core, OpenTitan as the basis for the secure element and littlekernel for the late stage boot chain on the main SoC.

GrapheneOS is coming to more devices but those devices need to meet our hardware security and requirements and provide the driver/firmware updates we need. We have a partnership with Motorola Mobility that's working towards new devices meeting our requirements with official GrapheneOS support.

> just the other day they were also promoting the usage of government sponsored VPNs

This is utter nonsense. Answering people's questions about how to use Tor on GrapheneOS is not promoting government sponsored VPNs. We don't even specifically promote Tor but rather explain how to use it. We also recommend people carefully consider using it to access the public internet via exit nodes since it makes people using it into targets and anyone can host an exit node.

Is this some kind of FUD?

Shady sponsors (if there is any) doesn't matter when transparency is in place. Want to reveal malicious intent? Provide a PoC.

Only hardware that supports bootloader relocking are Pixel devices. There are no others to consider development effort - plain simple. No, you can't use an unlocked device as a daily driver. Up to a minute out of your hands (or triggered reboot from public power outlet, due to outdated Lineage firmware) - and your bootloader is rewritten with one that collect your FDE secret and sends it to a remote server.

Opaque hardware? Which hardware are better and more transparent than Titan and upcoming OpenTitan? Bruteforce protection which considers current ambient temperature - what more do you need?

I can't say anything about VPN affiliation, but everything else is complete bollocks.

  • They're making inaccurate attacks on GrapheneOS to mislead people. We have sponsorships for our server infrastructure with those companies listed here:

    https://grapheneos.org/sponsors

    We also list the sponsors of specific servers in our server documentation:

    https://grapheneos.org/articles/grapheneos-servers

    Four of our sponsors are dedicated server companies and one is a VPN company sponsored 2 dedicated servers for us via one of their dedicated servers providers where they have a large discount on the hardware and traffic.

    IPinfo is a well known GeoIP company. They provide open source projects including Alma Linux and GrapheneOS with free access to geolocation database downloads. We use it to implement GeoDNS on our self-hosted anycast DNS clusters. They get most of their GeoIP data from crawling the internet with over 1300 probes which makes it far more accurate than the more traditional options based on WHOIS and geofeeds.

    What's sketchy about any of these companies? They also don't receive anything more than being listed on our site which we would do for transparency regardless.

    GrapheneOS is entirely funded by donations but other donations by both companies and individuals are informal rather than official sponsorships. For example, Proton and Cape have both repeatedly made donations to GrapheneOS.

    > Only hardware that supports bootloader relocking are Pixel devices

    That's not quite right, but Pixels are the only devices providing all of the hardware requirements for GrapheneOS listed here:

    https://grapheneos.org/faq#future-devices

    GrapheneOS will also support future Motorola devices meeting all of these our requirements and providing official GrapheneOS support. Those will likely be available in under a year.

    > I can't say anything about VPN affiliation, but everything else is complete bollocks.

    Mullvad and Proton have both sponsored GrapheneOS with donations. All they wanted was us to say they donated to us which we would do for transparency anyway. We have no obligation to ever post about it again or to say anything positive about either company.

    They're describing Tor as a government sponsored VPN and are claiming we promoted it because we answered people's questions about using it on GrapheneOS and have a small amount of documentation on using it. We don't specifically promote using Tor. We regularly caution people about the risk of making themselves into targets with it by accessing the public internet via exit nodes. Tor makes sense for some situations but we generally recommend using a traditional VPN for most people's use cases.