Administered by:
A false narrative is being pushed about GrapheneOS claiming we're ending operations in France due to the actions of 2 newspapers. That's completely wrong. If both newspapers and the overall French media had taken our side instead of extreme bias against us, we'd still be leaving.
We're ending operations in France and ending our use of French companies (mainly OVH) to provide services because of direct quotes by law enforcement in dozens of French news publications. Their inaccurate claims about GrapheneOS and thinly veiled threats were our sign to leave.
French law enforcement hijacked the servers of companies selling secure phones multiple times and is comparing us with those companies. They've made it clear they expect access to phones and will go after us if we do not cooperate. Cooperating with that means adding a backdoor.
We were already moving away from OVH over time. We didn't have authoritative DNS or update mirrors on it anymore prior to this. We were only going to be using it for our website/network service instances which are tiny servers with only static content and reverse proxies.
We couldn't see any of the specific claims from French law enforcement until the news stories were published. French law enforcement are wrongly conflating GrapheneOS with products using portions of our code. Claims about our features, distribution and marketing are inaccurate.
French law enforcement brought up SkyECC and Encrochat, two companies they went after with arrests and server seizures. They made it very clear they'll go after us similarly if they're able to conjure a good enough justification and we don't cooperate by providing device access.
Thinly veiled threats from law enforcement are quoted in several of the news article including https://archive.is/UrlvK. We don't store user data and cannot bypass brute force protection for encryption. Cooperating to provide device access means one thing: encryption backdoors.
@GrapheneOS do you still recommend to French citizens to use GrapheneOS?
@Martin_Pigeon @GrapheneOS especially for French Citizen, as their threat won't work before a court of law.
They remove server to prevent hijack attempt by autority by taking over the server with OVH help
@GrapheneOS hi there
Where are these dozens of news please? I've only seen two
@GrapheneOS Thank you for your struggle
@GrapheneOS I hope it's a bit of an excessive interpretation (and would be clearly illegal in french law) this day. But being someone aware of the dynamic of french politic, I would recommand that you (effectively) have the means to avoid persecution from our police, and protect your french users.
[I hope USA is also out of your choice for sensitive infrastructure]
@webshinra having your server seized by the French police without warning isn't unheard, if not the standard procedure so you cant "wipe it clean of proofs" before ? @GrapheneOS
@webshinra Our sensitive infrastructure for builds and signing are local machines within our physical control. Nearly all our internal communications are done via end-to-end encrypted Matrix chat rooms, but we do have an email server for at least initiating external communications prior to moving the important ones to Matrix. Our email server is hosted on OVH in Canada along with Matrix, Mastodon, our forum and attestation service. These 5 are the rest of what we plan to move away from OVH.
@GrapheneOS
The other false narrative is that a "secure" backdoor can exist. It's been proven false, over and over.
@TheGreatLlama @GrapheneOS the only semi viable way to do it is to be forced to give the authorities a firmware signing key. thats still open to corruption and abuse
@Bredroll @TheGreatLlama GrapheneOS isn't capable of signing firmware for the secure element. The secure element also won't accept a valid signed firmware update with a greater version code until the Owner user successfully unlocks. That's the insider attack resistance feature which is one of our hardware requirements listed at https://grapheneos.org/faq#future-devices. Google first implemented brute force protection with a secure element on the Pixel 2 and added insider attack resistance to prevent exactly that.
@Bredroll @GrapheneOS
I don't see that as viable at all, for exactly the reasons in your last sentence. Not remotely viable.
@TheGreatLlama @GrapheneOS its an idea not ironclad, its possible to defeat with escalating difficulty ranging from intimidation to rubber hosepipe. bootloader signing keys these days for other devices have a habit of being stolen too. GrapheneOSs approach, making it of limited value to target the OS vendor is smart, which is why the govt are hostile to it.
@Bredroll @GrapheneOS
Yeah, I prefer a device that probably isn't going to have backdoor keys up for sale on the darkweb. Honestly, the authorities hating Graphene is the best endorsement I can think of.
@GrapheneOS Evil authorities spreading half-truths to generate confusion.
It looks like the French government is going in the same direction as the American government
| 
| 
| 
@GrapheneOS@grapheneos.social What the flying f- is this? GrapheneOS isn't specifically marketted towards criminals at all, how is SkyECC and EncroChat comparable???
@GrapheneOS dont you think you might be better off putting out a singular PR statement and moving your stuff without continuing to post about it? i get that it's been stressful but it'd probably have better optics than repeating the same things every couple of days
@xyhhx French law enforcement is continuing to contact news agencies about it. They're continuing to publish news stories about it. We want our responses to that to be actively spread around too and that means continuing to post about it. Social media content is nearly dead a couple days later. Few people keep seeing it anymore.
News agencies will not publish our statements in full or at all. Many people are misrepresenting our statements. We want people to see it directly from us instead.
@GrapheneOS maybe it'd be something @josephcox would write about, or some other high profile outlets
@GrapheneOS i'll boost these posts, then, to help spread the word
@GrapheneOS also if you need a hand with any server stuff i could use some work 
@GrapheneOS Why don't you sue them now?
@2babcc We aren't going to operate in France or travel to France so filing a lawsuit in France doesn't make much sense. Who would we sue? The lawsuits we could win most easily would be against /e/ and Murena for years of libel about GrapheneOS. Filing a lawsuit against a state agency as a foreign non-profit is probably not going to turn out well. We can't expect fair treatment in France's courts regardless.
@GrapheneOS Hire a lawyer in France to sue them instead of being there.
@GrapheneOS But that is really meaningless. You can't wake someone who's pretending to be asleep.
@GrapheneOS Also if they demand from you backdoors and not from other Android OS distributions or Apple that means that these products do have backdoors and so, some French journalist should ask this to the French authorities! And make it public and open that in the country of the French Revolution where royalty was send to the guillotone ALL mobile phones are backdoored except the ones carrying GrapheneOS! Quelque chose comme le petit village d’ Asterix le Gaulois!
Apple is allowed in china that is a very questionable company in many ways from outword appearance's they seem secure and legit but there are areas that are questionable.
@tinkerer @GrapheneOS
i say all of that to say google is no better in alot of ways the clearest difference is theres more open saurce with google such as aosp so there is verifiability to a point on alot of areas graphene benefits from of which makes graphene os that much more trust worthy add to the way they handled things like the security preview releases that was a legit trust worthy move giving people the option not forcing the releases down peoples throats without it being open.
In china you either cooperate or you have issues and get banned apple does not seem to have issues.
@LearnToLivePrivate @GrapheneOS And in France it seems too and the plan looks like the whole West to resemble to China’s model in the bad things at least.
@LearnToLivePrivate @GrapheneOS The West by attacking civil liberties and rights is commiting suicide. When this happens we will be wiped out by China, because we will have destroyed our only moral and real advantage. Civil liberties and freedom have cultivated the spirit of innovation and enterpreneurship that made the West excel. In a constant state of surveillance induced fear there is no innovation.
@GrapheneOS This is ridiculous. Short sighted, and frightening for all law abiding citizens who want to protect their privacy.
@GrapheneOS French enforcement are spinless, they are too afraid to go after google to break the hardware they prefer hit an open source software.
It's what coward do.
@GrapheneOS I can't understand why they are attacking you like this. It seems like an own-goal by the French government. GrapheneOS is the best option for protecting French citizens from being spied on 24/7 by foreign (American) corporations. It's already well-known that these corporations share data with the US government with very little oversight. Why would the French government not support freeing their own citizens from constant surveillance by Apple and Google (i.e. Find My Phone, etc.)?
@GrapheneOS Do you think Germany is better?
@elenlaw Yes, it's much better than this.
@GrapheneOS remember chat control? Germany voted against it only under the pressure.
Danger can be anywhere, now that politicians aimed at destruction of people's privacy.
@elenlaw @GrapheneOS There is not only one party. It's too hard to balance price, speed and freedom when choosing server location.
@elenlaw GrapheneOS privacy and security does not depend on server infrastructure but we still don't want our servers being hijacked by a state. We don't want them taking over our website or especially gaining access to our mail server used for external communications. Our internal communications are through end-to-end encrypted Matrix chat rooms, not email, so those are safe from surveillance through access to our servers. France is now a special case along with Spain, nowhere else yet.
@elenlaw We aren't going to put servers in a country like China in the first place but what we mean is that France and Spain are actively attacking GrapheneOS and are therefore special cases. We can avoid servers in the UK in the future too due to their hostility towards encryption, but so far they aren't attacking GrapheneOS. Our concern is having servers in countries or with providers based in countries where the state is actively hostile towards us. We don't even make an E2EE messaging app...
@GrapheneOS Do you have servers in Asia?
@2babcc We have authoritative DNS nodes in Singapore, Tokyo and Mumbai along with a website/network service node in Singapore. Once we see more traffic going to the Tokyo and Mumbai nodes, we could put web servers there too. There are no plans for additional locations in Asia in the near future. It would be nice to have an update mirror in Singapore but we it would be extremely expensive without sponsorship.
@GrapheneOS wanted to try this OS so bad but it's all controversial and random fights about nothing with y'all. Shame, hopefully a battery alternative (maybe Linux based) is developed soon.
@Dielectric_Boogaloo Privacy and security are controversial. French law enforcement feels threatened by a handful of devices they can't break into with commercial malware. That's why these recent events in France are happening.
Many other groups feel threatened by GrapheneOS, especially companies selling phony privacy products making people much worse off than an iPhone.
GrapheneOS is a Linux-based OS. That's not a positive thing but rather the pragmatic reality of general purpose devices.
@GrapheneOS
France, j'avais une très haute opinion de toi, mais avec ce SNAFU, cela a changé.
@BauBauS France's people are very strongly against Chat Control and similar government actions but unfortunately the government does it anyway.