Discussion

Original GrapheneOS responses to WIRED fact checker

ChrisArchitect: Wired article:They Built a Legendary Privacy Tool. Now They're Sworn Enemies https://www.wired.com/story/they-built-privacy-tool-graphene... (https://archive.ph/pbJu9)

ekjhgkejhgk: I know that GrapheneOS has almost a cult following on HN, but I'll make two comments.1- GrapheneOS has a long history of long rants attacking people and projects. The leads will tell you that they're just correcting falsehoods etc, but a lot of companies/brands are target of falsehoods and don't bother to respond. I don't claim that GrapheneOS is wrong on anything they say, I'm just saying that these rants are a choice, and I see them as a red flag.2- I once interacted with GrapheneOS on mastodon and I said something like the above. Something along the lines of "you know regardless of whether or not you're factually correct, these public attacks on other people companies are really bad for your image". Within 2 or 3 exchanged tweets they were threatening me with legal action. To me being a litigious project/person is an even bigger red flag than above. I have never in my life met someone who both lightly threatens legal action AND is an upstanding person.Just my opinion, don't get upset over it.EDIT: I just want to spell it out AGAIN - I don't claim that anything on their post is factually wrong, I have no idea.

busterarm: Daniel Micay has a history of absolutely unhinged behavior online to the point that 2.5 years ago community backlash to his public behavior basically forced him to step down from leading the project.

gslepak: > Donaldson, now 42, is a self-taught hacker who never finished school, was briefly unhoused, and spent most of his twenties in a “positive hardcore punk band.” “It’s cool being smart,” he told me. “But if you can’t pay your bills, you’re a dumbass.”> The domain “Copperhead.co” was registered by Donaldson in 2014 and incorporated in 2015 under both Donaldson’s and Micay’s names. The idea was that shares would be split equally, with Donaldson as CEO and Micay as de facto chief technology officer. Their flagship productIt sounds to me like some "business" characters I know well. They "handle the business" while someone else does 99% of the actual work, then ask to split 50/50. This didn't work out for Donaldson, and now he spends his time harassing Micay? Is that the gist or am I misreading?

thenewnewguy: Do you have a link to the mastodon interaction where they threatened you with legal action?I ask because I'd be pretty disappointed in GrapheneOS over that kind of thing and it'd probably at least partially change my opinion of them, but it's better to validate these types of serious accusations and get the full context.

Avamander: That archive.ph link has a nasty captcha I can't seem to pass with regular Chrome nor Firefox. Is there a mirror of that mirror?

htx80nerd: Sir do you mean to tell me that the news media is lazy, and lies? I will not be having any of this far-right conspiracy talk. Good day to you.

Avamander: > They "handle the business" while someone else does 99% of the actual work, then ask to split 50/50.As a response, Micay decided to destroy the update signing keys for all the CopperheadOS devices out in the wild. Resulting in financial damages to Donaldson.Hardly a level-headed response, even if you disagree about the financial share of something.

Cortex5936: I love GrapheneOS and I use it daily for more than 2 years. However, and as Louis Rossmann pointed out in one of his videos, they really need to work on the "defensiveness" and "rants" of their communication. Even when they are 99% right most of the time, they sometimes don't come as mature and professional.

elpocko: > Even when they are 99% right most of the time, they sometimes don't come as mature and professional.People should be mature and professional all the time. It's not enough to be right 99% of the time, you also need to be nice and agreeable 100% of the time. Or else you can fuck right off with your free, gratis, useful software that you maintain, you insufferable dickhead.

DANmode: The keys got wiped for way spookier reasons than Micay wanting money.Intelligence wanted in, and Donaldson seemingly would have been happy to oblige.

Avamander: Are there any articles about that?

toaste_: When Louis Rossmann thinks your communication has a problem with going on rants, it must be pretty out there.

SV_BubbleTime: Wait… you mean a Condé Nast publication would outright lie I order to change a stock price or achieve a shared political goal!? Whhaaaa kind times are we living in!?

fph: One of the main criteria differentiate "rants" from "correcting falsehoods" is proper citing of sources. In the case of Grapheneos, unfortunately I often see very few sources in what they post online.(But, if you ignore the rants, that's a fantastic OS.)

margalabargala: "Financial damages".So what? Causing someone financial damages isn't illegal. Your boss causes you financial damages when they fire you. Your competitor causes you financial damages when they offer a discount.If Micay was a 50% owner, sounds like he didn't do anything illegal. Immature maybe, which simply puts him at parity with the other party involved.

kennywinker: > Immature maybeYeah, that’s the issue. I don’t want people who behave immaturely, impulsively, or vindictively, having a key role in something as important as my phone os. I want stability, maturity, and thoughtfulness.

exceptione: Understandable wishes, but you might have to put something from yourself into it if this is a pressing concern. Or you will be left to your own corporate devices.

Georgelemental: Personally, I like that they come across as a little paranoid. That's exactly the attitude I want in the people protecting my privacy and security. I hope the developers lie awake at night, unable to fall asleep because terrified that someone somewhere is plotting to attack and exploit them

busterarm: There's healthy paranoia and there's treating even casual commentary/criticism from anyone as an existential threat & coordinated attack...and responding to that with sustained, coordinated attack campaigns online. That's what Micay's history is.That's not healthy for any project.

TehCorwiz: Based on how discourse in the US has been perverted by inches and millions of mosquito bites they may not be wrong. Stamping out bad information fast and hard seems to be the only way to combat mass coordinated disinformation. Being polite just lets people play the "both sides have merit" game.

DANmode: From the story you’re commenting on:> From Wired:> We understand that Daniel's recollection was not that James wanted to know more information about how the signing keys were stored, but that he wanted direct access to them.> Did you suspect his request was tied to a deal he was brokering with a large defense contractor? Did you believe this would put the entirety of CopperheadOS’ user base at risk?> Yes and yes.

Avamander: It sounds much more like some vague values of CopperheadOS could have potentially been compromised. Values that might contain "Micay has full control over things he wants". Not that there was a risk of intelligence agency compromise. I'd even go so far and say that there would have been other ways to force that in the first place.Especially if he supposedly would have agreed to dual-signing as mentioned in the GOS response ("The company had the option to make separate builds signed with separate keys but never did.").Sounds like a cop-out after sabotage to make it easier to legally defend. Why not just say it directly if it actually was that? It's such an odd vague way of presenting it.

lostmsu: From a security-minded user perspective it makes sense to destroy keys when instead of a single entity I receive updates from I get another entity that is not equivalent, and half of my previous entity thinks that the other half is sus.

Cider9986: Louis has a Kiwifarms[1] account.[1] https://en.wikipedia.org/wiki/Kiwi_Farms

OsrsNeedsf2P: So do I. What's your point?

kiwiscum: Anyone who participates in a website that exists to coordinate the doxxing and harassment of people into committing suicide is the absolute lowest kind of bottomfeeder in society, no better than a common murderer, and anything they say is completely worthless. The open source emulation community lost an unbelievably talented individual because of people like you. In a just society you should be completely ostracized for admitting this, if not outright put in a cage on conspiracy charges.

user_7832: Could you share a link or something about this?> ...responding to that with sustained, coordinated attack campaigns online. That's what Micay's history is.For the rest, in general, I'm tempted to give grapheneOS the benefit of the doubt. Running any FOSS project is hard, running it against the (implicit) wishes of OEMs/Google (who throw in things like Play Integrity) is even harder, and doing it when 3 letter agencies at the US govt actively hate you is harder still.Being paranoid in responses to FUD campaigns isn't ideal, but save coordinated attacks, I'd say fairly understandable.

roughly: Graphene is not a consumer brand and they do not intend to be a consumer brand. They do one thing: make as secure a phone OS as they can. That’s it. If you’re expecting them to do anything in a friendly way, it ain’t gonna happen, that’s not who they are or what they do. That will absolutely limit their scope and reach, but it also allows them to focus on the one thing they’re trying to do without making compromises.For contrast, Signal is a very secure messenger which also wants to be user friendly so as to get the largest user base they can, which leads to all kinds of compromises - everything that’s come out that looks like a vulnerability in Signal originates in some feature or capability added to make the product more user friendly. Graphene will not make those trades.Neither approach is de facto right - they spring from fundamentally different philosophies on how to maximize user safety, and both have been extremely successful in their missions, but you’ve gotta recognize what you’re looking at when you look at Graphene.

ryandrake: > They do one thing: make as secure a phone OS as they can. That’s it. If you’re expecting them to do anything in a friendly way, it ain’t gonna happen, that’s not who they are or what they do.These things are not mutually exclusive:You can make a great technical product while being friendly. You can make a great technical product while not being friendly.You can make a compromised or flawed technical product while being friendly. You can make a compromised or flawed technical product while being unfriendly.This comes up pretty often in other HN threads, unrelated to Graphene. There's this weird personality type who insists that they aren't legally obligated to be friendly or nice or pleasant, therefore it's fine for them to be unfriendly or jerks or unpleasant.

1attice: Actually, you can't make a great product if you've alienated your allies, because all successes are intrinsically social, from the iPhone to Python to even the processor itself.Going it alone is that nineties libertarian romanticism, a persistent self-destructive tendency that in present market conditions is unsustainable

Pxtl: I just realized that Lineage and Graphene are two separate projects.

neonstatic: It's a personality type / disorder (pick your poison). There's no hope for change. Programming seems to attract such people, because they are fixated on being right and proving that they are right. I know a few more examples. My common sense policy is - if the software these types produce works for me, I will be using it, but I will never allow myself to be dependent on it. That kind of person will gladly burn their own house to the ground, with everyone in it, if that's what's required to prove their truths or maintain some kind of intellectual purity.

1attice: One common personality disorder I see a lot is psychologizing your interlocutors to invalidate them, thus insulating you from having to think you're wrong about somethingClassic OCPD behaviour

throw4847285: One common personality disorder I see is being extremely defensive when encountering any discussion of human psychology. This comes from a deep psychological fragility.Classic OAD (Obvious Asshole Disorder)

Avamander: A security-minded user should probably think about which is more likely, intelligence agency compromise or a disgruntled keyholder. Especially if the disgruntled one has personally demonstrated how disgruntled they can get with things. I find the latter immensely more likely without any real evidence of the former.

not_really: The point is, you are a terrible human if you subscribe to that trash. Wake the fuck up man, that shit is awful.

Avamander: > Something along the lines of "you know regardless of whether or not you're factually correct, these public attacks on other people companies are really bad for your image"Sometimes they aren't even factually correct and get a bit upset about it when called out.Anyways, I have gotten the same impression and these seem like red flags to me as well.Which is why I'd take everything in that response with a mountain of salt (and I'd pay attention to what they're not saying).

fsflover: > Sometimes they aren't even factually correct and get a bit upset about it when called out.Example: https://news.ycombinator.com/item?id=47248521

bwoah: There you go again.Example: https://news.ycombinator.com/item?id=47247016

Avamander: > Causing someone financial damages isn't illegal. [...] If Micay was a 50% owner, sounds like he didn't do anything illegal.IANAL but that does sound illegal to me.> Immature maybe, which simply puts him at parity with the other party involved.How is that parity, equal amount of immaturity? It's like burning down a house to prove some ideological point about real estate.

dmbche: If you own something you can do what you want with it including rendering it useless

amalcon: If you own all of it, yes. If you only own most of it, the minority owners do have some rights -- just fewer than you do.

dmbche: Sure!

johnnyApplePRNG: WIRED magazine is essentially one of the strongest extensions of the CIA's "great Wurlitzer" so I am not surprised to read this one bit.

neilv: Evidence?(I know one historical connection that looks suspicious, but it could be explained by the fact that prestigious social network graphs in the US tend to be incestuous, and a closely-connected world.)

maxo133: The fact that graphane is getting attacked speaks enough for it's relability. First in france now in Wired.I'm more concerned that Signal incorporated in US is having easy life.

user_7832: > I'm more concerned that Signal incorporated in US is having easy life.To add - ironically, it was Durov (Telegram founder) who got arrested in Paris.

neonstatic: I don't find it ironic at all. Zero trust for anything Russia related.

kelvinjps10: he is not pro-Putin, the Telegram team was forced to leave and it has been blocked several times in Russia.

fsflover: Yes, I don't like when anybody spreads falsehoods about any important free software. Do you?However your example is unrelated. Their arguments were rather reasonable and informative in the discussion you linked to. So I don't complain about that anymore.

9cb14c1ec0: Many people don't understand the degree to which you have to be a socially awkward weirdo to muck around with custom Android ROMs. It takes that level of dedication.

yaro330: Durov is about as anti-Putin and russia in general as one can get. He go fucked hard in russia and has been going extremely hard against the censorship in russia. TG is one of the few chat apps that can avoid russia's suppression measures, when everything else working over internet fails.

trueno: i think a lot of attention is rightly attributed to like, i dunno say tiktok/ig "influencing" and how that can send people who gain a lot of notoriety off the deep end. it absolutely has. but so do software projects.not enough people talk about how software projects also offer up a similar kind of atmosphere: you're suddenly hyperconnected with a whole bunch of humans you don't know and are receiving feedback from people outside of your immediate community. "hackers" for all the interesting ways they've contributed to computer science over the decades also have branches spawned from the original chronically-online, highly-opinionated and sort of antisocial and poorly adjusted sects of civilization. being the face of a project is like pouring rocket fuel on whatever predispositions you might have, and on more than one occasion we've seen people go from occasionally unhinged person to seriously unhinged.this comes with a lot of bad outcomes for quite a few people, primarily it always has some serious amplification qualities to egos and narcissism. and for genuinely good and kind people who are just trying to share their value/contributions and are suddenly jettisoned into spotlights, we often see them suddenly step back and discontinue work on a project entirely.we often see these departures and think solely "must be burn out" and don't put much more thought into what that means. but we don't do enough to frame how software projects just elevate people into a position that most people don't do a good job in mentally and socially, and how it deteriorates the pieces of them that make them feel like they're valuable members of a community/tribe. some have luck making their project communities their tribe, but that's obviously a risky step to take. for many who have a successful project, sometimes it starts as the most validation they've ever received and then they don't know how to reconcile with the exponentially-widened audience when negative reception starts pouring in.daniel micay is just one of like.. many in these sorts of projects i've seen who are simply unfit for the role. for many reasons, i don't think he's a pleasant person at all. i don't have any answers here. i also see this in homebrew scenes for gaming, it's like my least-favorite human petri dish of software development enjoyers. lot of oddball developers in that space and quite a lot of incredibly dramatic fallouts and theatrics that seem to come with the anonymous nature of not tacking your real name / identity to a project, and a consuming audience that has zero idea what goes into development so the negative feedback/demands that come in are in their own way unhinged.

busterarm: I'm well familiar with what you're talking about. I see it in the emulation space as well. Famously so with byuu/near.We have all of the parasocial behavior from bystanders as well. Cult mentalities and hero-worship. It's quite a strange phenomenon.

trueno: oh god yeah the emulation space is absurd.

freehorse: > Hardly a level-headed response, even if you disagree about the financial share of somethingAccording to the linked responses, the keys were not deleted because of disagreement over financial share, but over how the keys were to be used (in particular, in potentially dangerous security-wise ways), for which he did not want personal responsibility over (the keys belonged and used by him even before that project)

Avamander: > in particular, in potentially dangerous security-wise waysThe claims by him are very vague. As I said in my other reply, I find a personal disagreement and some value conflict much more likely. Especially if the person has personally repeatedly demonstrated how disgruntled they can get with things. I find that immensely more likely without any real evidence of some hinted intelligence agency involvement.

ysnp: Phantom Secure is directly named as one of the parties Donaldson was dealing with, with others being suspected:>Donaldson tried to make a deal with Phantom Secure, which ultimately didnt work out. Micay suspected other counterparties were linked to organized crime, but we cannot confirm those identities or ties on short notice. Donaldson began pursuing such deals before Micay left and continued afterward.https://discuss.grapheneos.org/d/34369-original-grapheneos-r...