Administered by:
Once again Graphene is attacking /e/OS publicly with misleading or totally false claims.
That is so counter-productive and gives them a lot of discredit (but we know the problem is not Graphene, but his leader who is hiding behind various Graphene accounts and posts)
/e/OS is not a security-hardened OS, we're focusing on Privacy improvements. But we still take security seriously, even doing some urgent OTA security updates: https://gitlab.e.foundation/e/os/releases/-/releases/v3.0.4-t
Not good timing for your lies @GrapheneOS
Je viens de passer mon vieux Galaxy S8 en 3.0.4-S.
C'est la dernière version d'eOS pour AOSP 12.
Est-il prévu de faire monter ce bon vieil S8 en version 13 (ou plus !) ?
@gael @GrapheneOS I don't know about the urgent part. /e/OS is very rarely updated.
I bought a CMF Phone 1 to test how does it feel like, and if it worth buying a Fairphone 6 as my main device, and even the official ROMs are very far from each other in release date.
Android devices need to get updates every single month by adding the respective month's security patch, but so far, that's not the case.
I understand that community builds don't get released frequently, as the list of devices is very long, but this is an officially supported phone, sold on the Murena website, and yet, it doesn't get monthly support.
Not to mention that the hardware isn't properly tested, as the display and the fingerprint sensor aren't calibrated on the OS level. The display was even reported in the forum that it's oversaturated, many releases ago. Again, you sell this phone with this experience officially.
Aside from the Graphen OS team's claims, I experience from first hand that support requires much higher standards than how Murena operates right now. I hope that you consider forwarding my criticism to the maintainers.
@etnevelarts Here's the post we made in response to an article with inaccurate claims about /e/OS and also GrapheneOS, which was heavily promoting buying an /e/OS device:
He's responding to it by making his own inaccurate claims and also personally targeting our founder as he has repeatedly done before. He knows about the ongoing harassment towards our founder including from his community. Duval makes sure to personally target him and direct more harassment towards him.
@etnevelarts We responded directly to what Duval posted here at https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private/21 which is meant to be read after our original thread. This includes a link to a third party privacy and security researcher, Mike Kuketz, pointing our many of the same things about /e/OS lagging far behind on browser and OS updates. He also found they're tracking users with unique identifiers in their update client. His evaluation also shows other problematic invasive services. What we've said is accurate.
@etnevelarts The reason we're posting about /e/OS is because they've repeatedly misled people about GrapheneOS and are doing false marketing that's harmful to us. What we've posted is accurate and verifiable information.
Duval's personal accounts along with the /e/OS and Murena accounts have repeatedly responded to the accurate info we've provided with misinformation about GrapheneOS. Duval has also repeatedly engaged in personal attacks on our founder including direct support of harassment.
> even doing some urgent OTA security updates
> This /e/OS 3.0.4 version includes the Android security patches available as of June 2025.
June security patches incorporated more than 1 month later though.
@BucciaBuccia There are many privacy and security patches in Android 16 which were not backported to older Android releases in June 2025. /e/OS is missing nearly all the Moderate and Low severity Android Open Source Project patches for June 2025. /e/OS is also missing a huge number of Critical and High severity patches for drivers and firmware across devices. They're missing those patches even on Pixels, but also other devices. AOSP patches are not the only Android security patches at all.
@BucciaBuccia Android Security Bulletins list a subset of the overall Android security patches which are split into 2 sections of the bulletin. /e/OS ships the first half with AOSP patches with significant delays. They largely don't ship the second half of the patches with driver and firmware patches. As people can see for themselves, those bulletins only list High and Critical severity patches. They're the subset Google decided to backport to older Android, not the full set of patches.
@BucciaBuccia Google backports most of the High/Critical severity patches to older Android versions. It often happens a month or two later. Full set of privacy and security patches is available through the stable releases of Android which come out each month. /e/OS is based on an older release receiving partial backports. /e/OS typically has 1-2 months of delay for the AOSP subset but that's only part of it. They largely don't ship the other half or additional SoC/OEM patches not listed there.
@BucciaBuccia @GrapheneOS So? Do you think it's technically possible to deploy security fixes to 200+ devices for hundred thousands users in a few hours? We do monthly updates. Don't ask us to do better than all others in the industry that would be a ridiculous posture, and it is not our business.
Also please stop thinking that you are at 0-risk with up to date security updates. There are many publicly unknown security exploits to get into your phone if you are targeted.
Bullshits.
@gael @BucciaBuccia @GrapheneOS
This is not the point.
If you are unable to provide security updates, don't claim to protect your users privacy. That's all.
And nobody especially not GrapheneOS claimed to be at no risk. That's an absurd strawmen argument.
@gael @BucciaBuccia @GrapheneOS
@gael just blocked me, wtf.
@Datenproletarier Same, I couldn’t respond few minutes after his reply.
@gael what it a publicly unknown exploit? Why is it ok to be vulnerable to known exploits?
@gael @GrapheneOS It is kind of ironic to use that as an example of keeping your browser up to date when it's not even the correct release.
> Chromium 138.0.7204.97 was a June 30th release for Windows, not Android. The Android tag for June 30th was 138.0.7204.63.
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html
https://chromereleases.googleblog.com/2025/06/chrome-for-android-update_30.html
@gael Last updated: 9 June 2025, I will just leave this here!
https://eylenburg.github.io/android_comparison.htm
If you think anything is factually incorrect, please let him know.
@gael @GrapheneOS Une guerre entre Grapheneos et vous serait la pire chose qui puisse arriver au monde libre sur les smartphones. Il y a largement de la place pour les deux options, un peu comme linux mint, ubuntu, fedora, etc dans l'univers de linux
@karazicos @gael @GrapheneOS keep in mind that GrapheneOS was only responding to an article and misinformation by /e/OS. GrapheneOS has a lot of very legitimate issues with /e/OS, many of which are outlined here https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private/21
@karazicos GrapheneOS has only posted accurate and verifiable information about /e/OS in respond to inaccurate claims. You should read the thread he's responding to. Duval's response makes further inaccurate claims which we've also responded to. Duval is also once again personally attacking our founder, which is clearly meant to contribute to further harassment his community is participating in towards them. His followers are referencing Kiwi Farms harassment content, which he has no issue with.
@karazicos All we did is post this information in response to content marketing /e/OS with inaccurate claims:
We only posted this due to an article with inaccurate information promoting /e/OS, including inaccurate claims about GrapheneOS.
We posted https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private/21 in response to Duval's inaccurate claims about us above and his personal attacks on our founder backed up by his followers harassing him, which come after he has previously done it more egregiously.
@karazicos Continued misinformation from /e/OS will result in continued accurate and verifiable information from GrapheneOS.
People can also get the same information about /e/OS we're providing from the content we're referencing from other privacy and security researchers including Mike Kuketz and the founder of DivestOS.
People don't need to take our word for it. What we're saying can be verified and there are third party, neutral experts including Mike Kuketz and many others publishing it.
@gael @GrapheneOS Haters gonna hate. Just keep up the good work you do! 