Dear European friends, our leaders are tightening the screws. If we don't make our voices heard this is only going to get worse.
Oh, yeah, and he calls himself DuRove now. Hats off for that one, but I hope he rots in prison for advancing the Russian agenda.
How is Nicusor Dan a puppet of the EU? More than Calin Georgescu? The guy who actively tried to stage a coup? More than George Simion? Granted, there's no PROOF he's a Russian puppet, but he's a far right twat that has views friendly to Russia.
How is Maia Sandu and PES a puppet of the EU? And... let's look at BEP. Voronin, Russia friendly ex President, he was very against Moldova trying to get closer to the West. And Dodon? The guy who is being indicted for treason, who's a friend of Plahotniuc (he stole 1 billion dollars from banks and fled the country)? Yeah, sure, puppets of the EU, vs corrupt fucking puppets of Russia.
I know it's easy to look at this stuff from the outside and say, oh, yeah, the EU is interfering in elections, but there's a lot of history here that you obviously don't have. I like Maia Sandu more than Nicusor Dan (his positions on gay rights were disgusting a while back, he now just stopped talking about them), but compared to the obviousness of the Russian support for their opposition, I think the fact that the EU supports them is just insignificant.
The Kyiv Independent article is a good summary.
https://kyivindependent.com/opinion-examining-telegram-found...
That said, would be good to rely on no central authority and use Matrix instead; or at least put OTR/Ratchet on top of Telegram with custom clients.
TG does not seem hostile to third party clients the same way Whatsapp/Signal are.
It would otherwise serve the USA for people to prefer Signal over TG (due to jurisdiction).
Basically everything in the KI story has been verified. Durov admitted that he kept his Russian passport, he admitted that he was essentially lying about his Russian exile and regularly and freely traveled there, he hasn’t denied spending the week before Telegram was reinstated in St Petersburg which would be a no-brainer if he wasn’t really there.
As for choice of app — it again depends on your adversary. Telegram’s non-standard and home-brewed protocol has had every crypto expert asking “why? If not to…”
Lookup the name Vladimir Vedeneev and try and figure out why he’s signing Russian contracts as Telegram’s CFO and why his company GlobalNet has bragged about being the first to do DPI on backbone infrastructure while his other company Electrotelecom has FSB contracts for surveillance software.
Like, in Europe we already live in a completely safe society in historical and geographic terms, what more do you fucking want? Security is beyond a laughable excuse for things like chat control. Power tripping elitists will never be happy until they have the entire population under 24/7 camera surveillance and can read every thought in our heads as it occurs. If you make crime impossible, you make free will impossible.
AFAIK, you're not allowed to live in a cabin in the woods in Europe.
The problem is the libertarians that want to burn it all down and build a corpo-state.
I hope that's not what you think libertarianism is about. I'm sure there are libertarians who DO feel that way, but it's not a core tenet to personally isolate and live off the land.
Libertarianism sees not left vs right, but instead the people against the government. Libertarians focus on personal liberty and solving problems together, voluntarily, as individuals cooperating. A libertarian would say, for example, that if I think a bridge should be built, then I should either build it myself or convince other people to help me out voluntarily - but not use government to force people to help (via taxes, etc).
Libertarians are against force/coercion, and see government as the ultimate expression of force.
There are some loony libertarians, as there are of any political party, but most of us have pretty ordinary and mainstream beliefs and priorities.
"Like, in Europe we already live in a completely safe society in historical and geographic terms"
Russia. Putin.
At one time the US thought we could end the Cold War by waving a bigger stick. But Proud Prophet [1] was an extremely elaborate war game played out in the 80s that demonstrated that literally every single aggressive strategy, regardless of how innocuous, invariably spiraled rapidly towards nuclear war and the depopulation of the Northern Hemisphere.
This led the US to sharply scale back rhetoric against the USSR, drop ideas of successfully fighting a nuclear war, and a sharp shift towards de-escalation and away from strong-arming. 7 years later the first McDonalds would open in the USSR. The next year, the USSR would collapse.
Oh, look at that. A fresh account just to make this comment. What a coincidence.
For people not to get killed, abused, and exploited? You don't sound like a "libertarian" you sound like an anarchist.
You know who has a large part of the population under global 24/7 surveillance right now? Google, Facebook, Microsoft.
Why not? Have you used Telegram? Before Durov’s arrest there was open drug trade everywhere, afterwards they started to actively ban groups.
But I agree with you for the authoritarian logics in Europe (even America) with Chat Control and other actions like the French gov. just did....
LQDN: "Dans ces articles, la cheffe de la section cybercriminalité du parquet de Paris – à l'origine de l'arrestation de Pavel Durov – menace également les développeurs·es de GrapheneOs. Interviewée, elle prévient qu'elle ne s'« empêchera pas de poursuivre les éditeurs, si des liens sont découverts avec une organisation criminelle et qu’ils ne coopèrent pas avec la justice »."
In the (very short) linked article: No mention of arrest, server seizure or backdoor, and a more nuanced take. Loosely translated summary: Some users have a legitimate need to protect their communications. IF we find links with criminal organizations AND there is no cooperation, then we might take action. They're specifically taking the approach of a case by case hack of single phones which might cost up to a million euros. Is this an issue if there's a warrant?
This seems blown out of proportion?
Le Parisien has 2 articles about this, not only one, and https://archive.is/UrlvK is one of the places they talk about going after us if we don't cooperate with providing them access to devices. It's not possible for us to provide an update which bypasses the throttling for brute force protection so what they're asking isn't even helping them break into specific devices but helping them compromise security for everyone in anticipation of rare cases of criminals using devices. https://news.ycombinator.com/item?id=46038241 explains lack of technical ability to compromise security after the fact. Titan M2 is specifically designed with insider attack resistance so that Google making an update disabling the brute force protection won't be accepted by the secure element without the Owner user successfully unlocking first. We don't have the signing key for the Titan M2 firmware anyway. This is part of our required hardware-based security features which we're working on providing in a Pixel alternative with a major Android OEM working with us right now. We talked to them about the France situation already and it does not negatively impact our partnership. It may be a good idea to speed up an official announcement with them to counter the narrative being pushed by France's law enforcement agencies now.
No, they haven’t.
You are letting your paranoia talk by widely amplifying the content of two newspapers articles in media affiliated with the far right.
I’m quite surprised by your reactions to be fair because both SkyECC and Encrochat were actually affiliated with organised crimes. As far as I know, GrapheneOS isn’t.
You are unable to any legal recourse because none of your rights have been violated (yet).
> "Mais ça ne nous empêchera pas de poursuivre les éditeurs, si des liens sont découverts avec une organisation criminelle et qu’ils ne coopèrent pas avec la justice."
> “But that won't stop us from prosecuting publishers if links to a criminal organization are discovered and they fail to cooperate with the justice system.” (DeepL)
I understand this can be seen as more threatening even if the whole quote softens this a bit.
I'm all for assuming the worst, but not to the point of putting words in someone's mouth.
The reality is that the west got very comfortable with a world where any and all communication can be trivially wire tapped.
Telephony, messaging, and even the internet - these were not only abused, but abused on such a scale that virtually no data could ever be safe from the eye of the state. Even printed media would leak it's location, etched in microscopic ink.
We, unceramoniously and rapidly, yanked this power out from underneath them. For the first time in a very long time, it is possible to have communication which cannot be surveilled.
Knowing what we know about how governments work, are we shocked that there is push back to this? Frankly, the only reason we aren't seeing more abuse is because the big dogs still permit absolute serveillance. I'm sure at the behest of the state.
Projects like grapheneos and signal represent an existential threat to the current model of citizen serveillance and crime solving. Starving dogs will bite.
Unless you're saying 'compelled to use their private keys to publish an update' or something along those lines, in which case I would say the original headline is correct.
In the case of Telegram, it was about providing meta data when subpoenaed and moderating the unencrypted part of the application.
There is little reason to believe it is about anything else here.
Edit: Happy to hear what the people downvoting actually disagree about as usual. At the moment I have read a ton of mud thrown of France here - including someone from GrapheneOS implying they won’t hire from France unless someone relocate which must one of the most hilarious take I have ever read coming from someone from North America - with very little actually substantial shared, which, to be fair, seems to be becoming the norm here.
Loi no 2001-1062 du 15 novembre 2001 relative à la sécurité quotidienne, article 30 (Law #2001-1062 of 15 November 2001 on Community Safety) allows a judge or prosecutor to compel any qualified person to decrypt or surrender keys to make available any information encountered in the course of an investigation. Failure to comply incurs three years of jail time and a fine of €45,000; if the compliance would have prevented or mitigated a crime, the penalty increases to five years of jail time and €75,000.[22]
This law says a judge can compel a key owner to decrypt something as part of an investigation.
This doesn’t in any way creating backdoor in encryption setup nor does it cover developer of encrypted system.
Did you go fishing for any law supporting your point and hoped that brandishing one which looked vaguely similar to what you were looking for would work? Because it sure looks like you did.
Aside from that, people can use a strong diceware passphrase on GrapheneOS due to us massively raising the character limit from 16 to 128. This is far more usable on GrapheneOS because people can combine it with fingerprint+PIN secondary unlock instead of fingerprint-only secondary unlock. 5 attempts are allowed for fingerprint unlock and the 2nd factor PIN being entered incorrectly counts towards that so even a random 4 digit one works well. That's convenient to use with the passphrase only having to be entered 48h after the last successful passphrase unlock and after reboot.
We also won't do it and cannot be forced to do it under Canadian laws. France's laws are going to be as relevant to us as North Korean laws once we've finished replaced our OVH servers in Beauharnois, Canada with a Canadian provider. France could currently force OVH to mess with our static website or mail server but we haven't done anything illegal so it would be outrageous and a diplomatic incident due to violating Canadian sovereignty during a time period when foreign server hosting companies being subject to foreign law is already in a recent news cycle. We're not waiting around for them to hijack our website though.
Some authority compels me to give them signing keys so now they can push anything they want, to any device they want?
https://news.ycombinator.com/item?id=46038241
It does appear to be what they want from us, but it's not possible to bypass the Weaver disk encryption throttling via compromised OS updates or even secure element updates. It's fully not possible to bypass the security of a strong passphrase, which we encourage via optional 2-factor authentication support for fingerprint+PIN as the main way people unlock to make using a passphrase as the primary lock method after booting or 48h timeout much more convenient.
Been a happy user of Graphene since the Copperhead days. Thanks for all the work you do. I know you've endured a ton of shit.
https://web.archive.org/web/20221124085649/https://www.washi...
It was very unfree in the 16th century, what led to the French revolution, which was a nightmare, then military dictatorship. The 20th century was not much better and never forget France collaborated very quickly with the third Reich. Then De Gaulle has some sort of soft military dictatorship with a secret police and a total control of the media.
Today their police is very aggressive, their justice system highly politicized. And as always a dominating bureaucracy.
The state is getting more and more aggressive as drugs and violence are rampant.
It is by far the country in Europe I had the worst interactions with the police.
There are a lot of beautiful things to see there but today I try to avoid it for business and leisure.
The thread linked is much more balanced than the title given
Par for the course on hacker news.
Or is GrapheneOS the only one built securely enough to need to be leaned upon?
Either way, makes Google and Apple look bad and/or incompetent and GrapheneOS look like some kind of beacon of user protection / privacy rights / other things that are the opposite of the direction the world seems to be moving.
I don't know whether it is safe to assume. But if they are complying with Australian law, specifically the Assistance and Access Bill (2018) [0], then they must write an undetectable backdoor for the Australia government if asked (that's the assistance the bill's name refers to), and push it any phone the government demands (that's the access bit).
The only way to avoid this as far as I can tell is to run a free open source distribution. Unlike the paid systems such Windows and iPhone, the free distributions do not have the "billing relationship" their customers the proprietary companies are so fond of. It's that billing relationship that allows them to target only the devices owned by a specific individual.
The Australian's must do that targeting because that law demands they don't introduce a systemic weakness into every phone. Any sort of backdoor is considered a systemic weakness. I dunno what laws other countries operate under, or how well they follow the laws they do have, but I'd be surprised if Australia wasn't following its own laws. That means if your device runs a true open source distro that doesn't track it's users, in Australia its truly your device.
[0] https://www.homeaffairs.gov.au/about-us/our-portfolios/natio...
The situation with Android security updates means that such a distro is either not based on Android (and likely less useful), or there are months-long delays to security updates for the non-GPL components.
Similarly, non-Google versions of Android can't run important apps that require attestation, including the Australian government app myGov.
https://grapheneos.org/articles/attestation-compatibility-gu...
And I am an Android user since the first G1 phone.
I'm not claiming to know of any foul play, but it has happened several times, enough for me to notice. If it was related to time of the month, it wouldn't be as consistent. It might be that you need specific combination of phone, configuration and network provider for this to happen. Maybe I've been p0wnd, but I've noticed this behavior since at least the Nexus line.
> In 2015 and 2016, Apple Inc. received and objected to or challenged at least 11 orders issued by United States district courts under the All Writs Act of 1789.
https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...
This year, Apple took the UK to court and announced that they would strip encryption features from UK users before they would give in to UK demands for an encryption back door before the UK backed down.
If Graphene has the money to do so, they should fight it out in the courts.
And it's not because they're hiding your data. See their disclosure report for data requests.
Probably has something to do with it, but GrapheneOS doesn't have the money or resources that Google/Apple/etc has to lobby/bribe/delay/obfuscate/navigate/drawout/etc such attempts.
My country has this: https://www.schneier.com/blog/archives/2024/09/australia-thr...
Which kinda ruins it for everyone.
Additionally, I would assume/guess that if it's some kind of coordinated campaign involving media then there is no law to compel GrapheneOS to do this. If they're was a law then that would be the pressure, as opposed to media articles.
What that then implies is a campaign to convince the public a law is necessary, ie. they're already laying the ground work for support for the next version of a Chat Control bill.
1. Apple can and does comply with subpoenas for user information that it has access to. This includes tons of data from your phone unless you're enrolled in Advanced Data Protection, because Apple stores your data encrypted at rest but retains the ability to decrypt it so that users who lose their device/credentials can still restore their data.
2. Apple has refused on multiple occasions, publicly, to take advantage of their position in the supply chain to insert malicious code that expands the data they have access to. This would be things like shipping an updated iOS that lets them fetch end-to-end encrypted data off of a suspect's device.
When we are talking about data stored on a company server, you have no choice when you are served a valid warrant.
That's why Apple went all in on the concept of keeping sensitive data off their servers as much as possible.
For instance, Apple Maps never stored the driving routes you take on Apple's servers, but does remember them on your device.
Apple refused “to write new software that would let the government bypass these devices' security and unlock” suspects’ phones [1].
> not sure exactly what happened after that
Cupertino got a lot of vitriol and limited support for its efforts.
[1] https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...
It was always kind of assumed that they could, by eg signing a malicious OS update without PIN code retry limits, so the FBI could brute force it at their leisure, or something similar.
They successfully argued in court that being forced to insert code the government wanted would be equivalent to compelled speech, in violation of the first amendment.
As the Feds often do, they dropped the case instead of allowing it to set a precedent they didn't want.
This isn't true, they never "successfully argued in court". There was never any judgement, and no precedent. They resisted a court order briefly before the FBI withdrew the request after finding another way into the device.
Since there is longstanding legal precedent that corporations are people and code is speech, forcing a corporation to insert code that the US government demands is a violation of the first amendment.
It's safe to assume that software provided by every large, publicly-traded, for-profit technology company incorporated in the USA cooperates extensively with US intelligence agencies, and therefore by extension, the "Five Eyes" alliance, at a minimum if not also the "Nine Eyes" and "Fourteen Eyes" alliances [4].
[1] Slide 6: https://www.eff.org/files/2013/11/21/20131022-monde-prism_ap...
[2] https://www.reuters.com/business/media-telecom/us-court-mass...
Businesses that don't generally cease operating in said country. LavaBit was a highly visible instance of a business shuttering itself instead of complying with such lawful orders.
https://www.pcmag.com/news/nordvpn-actually-we-do-comply-wit...
The simple truth is that if a VPN provider hasn't been shut down by authorities after more than a year (like VPNLabs was), then they are basically guaranteed to be giving out your data to authorities at this point. The legal situation in most western countries does not allow complete online privacy for normal, law-abiding citizens.
Are there any VPN providers that claim they'll take the metamorphic bullet for their clients? I feel like you're setting up unrealistically high expectations where a VPN is like "we don't log or sell your data!", and you retort with "yeah but what if you get a secret court order or the government threatens your family?". I think nordvpn's response is consistent with what reasonable people's expectations are. Otherwise you can apply this logic to all sorts of interactions and find it quickly breaks down, eg. talking to a friend:
>"do promise you won't tell anyone?"
>"yes"
>"yeah but what if government subpoenas you, and grants you immunity so you can't plead the fifth?"
https://translate.google.com/translate?tl=en&hl=en&u=https:/...
Additional context:
https://grapheneos.social/deck/@GrapheneOS/11557599710445618... https://grapheneos.social/@GrapheneOS/115583866253016416 https://grapheneos.social/@LaQuadrature@mamot.fr/11558177594... https://grapheneos.social/@GrapheneOS/115589833471347871 https://grapheneos.social/@GrapheneOS/115594002434998739
Following the propaganda of the ministry of interior, several articles were published in press about GrapheneOS, which is described as a solution for criminals because it allows to hide things.
La Quadrature du Net [similar to the FSF with regard to defending users' rights] argues that the purpose is of course not cybercrime, but to secure and protect the privacy of its users.
The head of the anticybercrime brigade of Paris threatens of suing the developers of GrapheneOS if connections with organized crime were to be found.
The government has repeatedly tried to extend cyber-surveillance previously. They are trying to use a law designed to fight drug traffickers in order to enforce backdoors in services that use cryptography, such as Signal or WhatsApp, without any success for the moment.
---
So, it's a threat before having a proof. They also mention the arrest of Pavel Durov, who was arrested because Telegram failed to answer legal requests, which was then constructed as complicity with criminals using Telegram, but that's obviously a very different case.
But of course, if they succeed in forcing backdoors, criminals will just use other ways to communicate (doesn't matter if they are legal or not because, well, they are criminals...) or tricks; for instance, back in the day when (analog) phone calls could be wiretapped, they were already using code words. They could use e.g. steganography tomorrow.
But we will be left with backdoors that are an unacceptable compromise on security and privacy. This is a recipe for dystopia considering that far-right parties are getting stronger in Europe, including France.
But - valid point regarding having the US government intervene.
This would seem to be a weakness, if your goal is using American clout to persecute malware manufacturers: https://www.securityweek.com/apple-suddenly-drops-nso-group-...
Obviously, because the ones with power make the laws.
---
All social relationships should be consensual.
This means based on _fully-informed_ consent which can be revoked at any time.
This already marks employment as exploitative because one side of the negotiation has more information and therefore more bargaining power. Not to mention having more money gives them more power in a myriad of other ways (can spend more on vetting you, can spend more on advertising the position than you can on advertising your skills). Just imagine if people actually had more power than corporations - you'd put up an ad listing your skills, companies would contact you with offers and you'd interview them.
Citizenship is also exploitative because you didn't willingly sign a contract exchanging money (taxes) for services (protection, healthcare, roads, ...), in most countries you can't even choose which services you want to pay for. And if you stop paying, they'll send people with guns to attack you. This sounds overdramatic (because it's so normalized) until you realize from first principles that is exactly what it is.
_If democracy is supposed to mean people rule themselves, than politicians should be servants which can be fired at any time._ In fact, in a real democracy, people would vote on important laws directly and only outsource the voting to their servants about laws which don't affect them much, or they'd simply abstain.
---
Power should come from the majority.
This should naturally be true because all real-world power comes from violence and more people can apply more violence (or threaten it, when violence is sufficiently probable to be effective, it usually does not need to be applied, the other side surrenders).
But people who are driven to power have been very good at putting together hierarchical power structures where at each level the power differential is sufficiently small that the lower side does not need to revolt against the upper side. But when you look at the ends, the power differential is huge.
Not just dictators, "presidents" or presidents but "owners" and "executives" too.
You don't truly own something you can't physically defend. When you as a worker finish a product, you literally have it in your hands. You could hand it over to a salesman and you'd both agree on how to split the money from selling it. But instead, you hand it over to the company (by proxy its owner) which sells it and gives you your monthly wage irrespective of how much the product made. The company being free to fire you or stop making the product obviously makes more money then you - it's an exploitative relationship.
But why do you hand it over? Because if you don't, they'll tell the state and it'll send people with guns to attack you.
---
Bottom line is if people had equal bargaining power ("equality"), then if they chose to temporarily give "power" to someone in one area, they'd obviously take away their "power" is some other area. Why? Because they'd know if they didn't, the more powerful person would use this power differential to get even more power, and so on, starting the runaway loop we have here now.
If someone claims to be "representing" me (whatever the fuck that means)...
...even more so if they are "representing" me alongside millions of others, i.e. in a very abstract sense (what do a million people have in common? everything and nothing)...
...and especially if the "representation" is concluded in "winning" a ritual bureaucratic gauntlet which gives you the right to send organized murderers after exactly the people whom you fail to "represent"...
...then it sure sounds like we all deserve instant access to a real-time sub-second, molecular-level feed of your entire present existence before it's anywhere near a fair bargain and not a totalizing coercive arrangement.
Granted, this sounds a little unfeasible from a technical or security perspective.
Although if the global media capacity was redirected to doing primarily this, instead of inventing ever fancier narratives to distract people from paying attention to the circumstances of their own lives, it just might be able to handle the full surveillance of a few thousand global volunteers: the real exemplary humans who set the real standards in real dialog with the entirety of sovereign society. Governance by inverse big brother. Sure gonna be cheaper than all the effort that goes into convincing every subsequent generation that "democracy" is what's going on...
Alternatively, that entire exercise can be sidestepped by Dunbar-compliant representation, i.e. let's introduce a pervasive social norm that dictates the following: (1) nobody has the right to represent more than their 100 closest people in the world (2) representation doesn't stack to form multi-tiered institutions - representatives only connect horizontally in a territory-spanning mesh. so if N * 100 people vibe with your idea you'll have to either split your personality N-wise (doesn't go very far with current theories of mind) or give N-1 people the right to their own interpretation of your idea to communicate with 100 others.
[to the tune of https://www.youtube.com/watch?v=Xk4QLlV-WLQ :]
I think they tried that about 100 years ago and it worked well enough for organized metasubversive parasites to core it and wear its husk for the better part of a century. Maybe if it was started less overtly in the first place it would've worked better. But cosplaying German Idealistm to your pet serfs cosplaying worker's council doesn't really leave space for a whole lot of subtlety. If you're interested in the workings of power this is commendable, there is much to learn from just the last 150years (which are relatively well documented). They're such a cause-and-effect pinball; but like and subscribing to any of those ideologies just lets the ghost of the ball drag you along. Kinda sad that they're one of the things the Net died into, no?
One solution is to say that no country should be so large anyway. And I'd like that, creating such huge power structures (hierarchical or not) is dangerous. But realistically, sometimes they are needed for defense. A lot of power structures are shaped by the necessity of organized defense (and can then be used for organized attack).
We have tons of different systems for accumulating power all over the world. Corporate structures, democracy vs autocracy, etc. In each of those societies, we see different types of leaders on a sliding scale of savoriness.
My point is that clearly there are some forms of governance which result in more savory people and so you can argue that it's the systems that define the outcomes rather than any "law of nature".
[0]: This is not a figure of speech - many anti-social traits which result in NPD, ASPD and their subclinical versions[1] are genetic. There is literal evolutionary pressure to exploit others.
[1]: Meaning the trait is sufficiently pronounced to be harmful to others but not enough to be harmful to the person having it so it's not diagnosed as a disorder.
Note that having their personal device when doing government work should be prohibited (that is you can't have it in your pocket when working). As is using your personal device for anything government (other than a formula check your government device call/text - employees should be regularly tested that they report any government communication that doesn't follow the formula)
This would be an intelligence bonanza.
Better: mandatory, encrypted logging. Officials maintain the keys. When they leave office or are subpoenaed, they have the means to grant access. (If they can send and read their messages, they have the keys.)
This is how NARA in the U.S. is supposed to work.
And ideally an illustration to those in power why backdoors are never a good thing. They won't care if it's not happening to them. But if their devices are suddenly incredibly insecure due to their backdoors, they might just rethink the concept entirely.
A hypothesis I would have bought until seeing our current White House's opsec.
If you're wanting to do it with all citizens, why not start with public officials? It's no worse than your desired end state
We're not. But within the scope of technical aids to a solution, there are better and worse options.
But obviously, if you work for the military there is information that needs to be kept secure…
Last time I checked, politicians and cops are private citizens...
Wherever you stand on this, I can't understand the justification for this "one rule for thee" position.
Also, they are paid by the people to work for the people, so during the exercise of their functions they could in theory be contractually obliged to use a company phone
In fact private citizenship combined with government is the origin of corruption. Think about it, as a government official your incentive should be to preserve order, fairness and honor. As a private citizen your goal is to optimize the amount of money you make via business or employment through whatever means possible. That means exploiting loopholes and possibly when no one is looking, breaking the law.
The incentives are orthoganol and it does make sense to have a different set of rights and rules for government officials and private citizens. The minute you take the attitudes of private business/citizens into the world of government you get people creating rules that are corrupt.
Ok.
I'm interested in why you think this is the goal of citizens (but not of government).
To be clear: I don't believe this should be the goal of government. I don't really understand why this should be the goal of citizens. I've emphasised the term "should" here, which is a somewhat odd moral term in general, but if we're applying a "should" to government to differentiate them from private citizens, there needs to be a symmetrical. Optimizing individual wealth is certainly an emergent goal of specific individuals, but I can't think of a reason to broadly apply a moral "should" to this goal. If we're optimising for positive outcomes at a system/global/community level (which is generally the intent of wanting a functional government), then encouraging citizens to hoard wealth has not tended to be (positively) contributory to such outcomes.
But you cannot deny that you as an individual are HEAVILY influenced by the system can culture you live in. Status is equated to those who have the most money. Regardless of yourself as an individual, in aggregate this is how people behave and a good basic universal model that predicts behavior. But additionally outside of culture, the logistical reality of the society we live in is that money is the basis of survival. All of our morals and philosophies are thrown out the window the minute when we are poor or if we have no money and we do need money to buy food to eat. So money and business is not only a status thing but it forms the basis of survival as well.
This is not about your beliefs or morality. This is about the practical reality. In addition to this, capitalism so far is the the only known effective system to create modern economies of scale. We tried to make things fair, ideal and utopian with communism, but, practically speaking, we haven't seen it work.
Elected government official doesn't own or have perpetual interest. All he can do is plunder as fast as he can in his unowned fiefdom before it passes on to the next guy. Fully private government would have incentive at least to preserve the value of the "Kingdom" if nothing else for his own children and because he sees the Kingdom as his own and destroying it for short term gain would be irrational.
But in a democracy where you are one government official among many many other officials, one small corruption change that benefits yourself individually hardly effects the overall government. It is rational for you to do small damage to the overall government and gain a reward that benefits you disproportionally. It is the MOST logical action.
But then every government official acting rationally in aggregate causes the overall government to become extremely corrupt and that is the tragedy of the commons. Rational action in aggregate becomes irrational. Government needs to be separate from private business.
I guess it's because it's so culturally ingrained that it's hard to separate. The chase for money and business is entirely cultural. Money is paper and it's all fantasy stuff and the reason why we value it is solely because of culture. Government ideally needs to be seperate from this culture and have a more militaristic based honor structure where the incentive is to guard the citizenry. Government needs it's own cultural values. Easier said than done, practically every government official IS a private citizen and they all face the same misaligned incentives.
You may be confusing the civilian/military distinction with private citizens versus public officials. (A delineation American cops fuck with.)
Replying here to this seemingly flagged/dead comment (not sure why it was flagged - a very reasonable question).
I fully support higher scrutiny of public officials & cops, but this frankly isn't that. First & foremost, the problems you're describing are systemic, not individual. Monitoring a cop's phone isn't going to reduce police violence if the system isn't accountable - this is essentially the "bad apple" argument. The entire system needs drastic reform: backdoors won't solve any real problems here.
Secondly, independently of the levels of reform needed, at an individual level we're talking workplace conduct, reporting, protocols & transparency -vs- dystopian privacy invasion. There's a very broad spectrum here long before we reach the need for extremes.
Lastly, you need to look at the systems doing the monitoring of politicians' & cops' phones in this hypothetical scenario: if those systems contain the same systemic corruptions (which they inevitably do), the entire argument for oversight is moot.
It would make it even easier to hack them, blackmail them, snoop on top secret information. The list goes on.
No, the correct answer is - no backdoors because crypto, because security, because of theft, because of France, or any other government or Uncle Sam.
If they want to protect the children, hunt crime, catch drug dealers, they are going to have to learn criminology.
Politicians are routinely ordered to surrender their communication to justice to audit what they do. Missing texts from Von Der Leyen is at the heart of Pfizer-gate after all.
I don’t really know what to think about this to be honest. I don’t think it’s entirely black and white and I find it surprisingly easy to play devil advocate.
Remember that the US government has an insane level of access to private communications via all the post 9/11 laws, how cosy it is with the main tech companies and we know they do a lot of these spying unofficially and with little oversight since Snowden.
Meanwhile, France is struggling with an unprecedented level of organised crime activity with the amount of violent crimes reaching worrying level. We are talking murders involving automatic weapons in broad daylight in the middle of the streets of France second largest city. Two weeks ago, the young brother of a famous anti-drug activist was murdered by a hitman while shopping.
There has been a huge increase in the quantity of cocaine being smuggled from South America triggering intense gang competition for the control of deal points and the mean in place to tackle the issue increasingly look vastly undersized. Limiting the discussion to it being authoritarian measure is refusing to acknowledge the very real challenge police currently face.
The standard of conduct we need (and are failing) to hold politicians and cops to is actual security and responsibility. Some of the most powerful politicians in the world are leaking private conversations, and no one is holding them accountable. Police are paying private corporations (notably Flock) to build giant monolithic datasets from stalking private citizens, yet neither party is held to any standard whatsoever.
Do better policing (and that doesn't include trying to backdoor devices), but backdoors aren't the answer.
1 - Law enforcement have actual information about the probable contents of your phone (like an incriminating filename will do). They can reasonably expect to get a warrant and access to your stuff.
2 - They don't know what's there at all, and have no probable indication of the contents, and in this case they cannot expect access because they would just be going fishing.
Having said that - backdoors are bad.
Yes, really, that’s the argument.
`What would you like me to wrap the global surveillance in?'
Protecting user privacy delivers close to 0 shareholder value, being friendly with nations wins you billions of dollars in contracts, regulatory protection, and friendly courts, it's a win-win for big companies and surveillance states to be friendly with each other.
Monopolies are easy to influence as they don't even have to care about the optics.
Who believes that their Apple-Google device doesn't phone home to Five Eyes directly or indirectly. Who would care or be surprised if they announced publicly that they did?
But with that being said both Apple and Google store a lot of data about you, and they are willing to "cooperate" with the government, and they did hand over data in various of cases Apple included [1]. For some reason, people think of as the "privacy company".
btw, big tech also get harassed for similar requests: The UK, for example, is still pressuring Apple to build an encryption backdoor [2].
[1] https://www.apple.com/legal/transparency/ [2] https://www.eff.org/deeplinks/2025/10/uk-still-trying-backdo...
And who's buying them? Generally, state actors, directly or indirectly. There is an entire ecosystem of Israeli "security" companies that exist to farm out these exploits. This is a big part of why Israel is such a key component of the American national security infrastructure. Israel is largely beyond the jurisdiction of American courts and any kind of direct scrutiny by the government.
It's a bit like how the US isn't (technically) allowed to spy on US citizens. How do they get around this? By farming out such activities to allied intelligence services, particularly Five Eyes members.
This entire ecosystem and marketplace just wouldn't exist if Android or iOS were fully backdoored.
It gives the police's view on narco-trafic crime, but also Graphene's take :
"Criminals and traffickers also use knives." This organization, which is not a company but a foundation, emphasizes that its solution is used by ordinary people who dislike how apps and operating systems handle their data. It adds that if criminals use Google Pixel phones and GrapheneOS, it’s because these solutions work well. But that doesn’t make them accomplices, they assure. "Criminals and traffickers also use knives, fast cars, and cash—things that are also widely used by honest citizens," its representatives note.
And GrapheneOS adds that it protects users from hackers and intrusions by the secret services of totalitarian states. "We consider privacy a human right, and we are concerned about projects like Chat Control (a European bill aimed at detecting child sexual abuse material in messaging services, but which has faced significant criticism) that the French government supports. The invasion of privacy enabled by such legislation would have alarming implications under an authoritarian-leaning government," it argues.
> "Particularité de GraphèneOS : on peut se le procurer autant sur le darknet que sur des sites grand public." ⇒ "A distinctive feature of GrapheneOS is that it can be obtained both on the darknet and on mainstream websites."
Quoting "both sides" (so to speak) doesn't automatically create a thoughtful dialog.
[0] https://archive.is/20251119082524/https://www.leparisien.fr/... (tr. "Google Pixel and GrapheneOS: drug traffickers' secret weapon for protecting their data from the police")
Q: Do they have a track-record of intellectual honesty?
Equivalencies are powerful, and dangerous if mis-handled.
E.g. this is worrying [from the article]: "A unique feature of GrapheneOS is that it can be obtained both on the dark web and on mainstream websites." Le Parisien is calling out GrapheneOS's availability on the "Dark Web" as significant, in the context of "Drug Trafficker's Secret Weapon". Banned books can also be acquired on the Dark Web, and banned books are not illegal, yet, in mainstream democracies. So Le Parisien's equivalency, here, is misleading.
now now comrade, if the book is banned, how is it that you are in possession of it? you're clearly breaking the rules. I do believe it is time for you to start counting trees
It is disconcerting, as it's unclear whether the rule-of-law still stands, given the anti-Constitutionality of the current US Administration -- especially around due-process.
The trend of Democratic Decline seems provably real, along with a rise in Authoritarianism.
this will be next step
London already did this
BTW As an outsider, this “knife” euphemism caught me off guard a while ago. When you read about these stories from London, it’s usually about machetes. It’s one of a number of euphemisms Brits use around the topic, making everything around the topic sound pretty mild if you’re not from there. Then you learn one more euphemism and think “oh wait, that guy/gal back then was talking about this? wtf?”
London has a knife crime problem in the important sense that any number of people being stabbed is a problem. However, it’s worth bearing in mind that cities like NYC have a slightly higher rate of fatal stabbings per capita. (Non-fatal robberies and assaults are tricky to compare across countries because of different data collection methodologies and different classifications.) Of course it would be good for fewer people to get stabbed, and knife crime is a serious problem for some specific communities, but the city as a whole is not experiencing the kind of knife crime epidemic that you might imagine if you get your news from alt right TikTok accounts.
I used to own many butterfly knifes in Middle School. Feels weird that you could be arrested for that in London
Swords aren't considered knives, they are considered (correctly) to be bladed, and thus to fall under the scope of various bits of legislation, like this: https://www.legislation.gov.uk/ukpga/2019/17/section/41
You're right that they say "knife or weapon". So they don't classify a knife as a sword
There is also no London specific governing body
This article is as absurdly biased as it could be! Of course they provided a quoted response from GrapheneOS devs: that's the only appeal to credibility they have.
A truly responsible journalist would explain to their audience what is actually at stake, not simply spout every available position as if it were equivalent.
But anyway yeah, in France (and in other countries too ) there is a media oligarchy.
Check the France problem: https://www.monde-diplomatique.fr/cartes/PPA https://www.monde-diplomatique.fr/IMG/png/poster_medias_fran...
Other countries with broken media ecosystem: - Australia: https://www.theguardian.com/commentisfree/2024/mar/17/the-br...
But also USA and Poland for example.
GrapheneOS and its systems are - you can walk through history and see that they're deliberately working on systems that defeat law enforcements efforts of collecting data from seized devices and tracking criminal networks.
This is a massive difference - even for knives and cars, you'd get into some hot water (or outright illegal behaviour) if you build them with express purpose to make them hard to find and track by law enforcement. Try making a company that focuses on cars that hide its license plates from the police and you'll see how far that will go.
This is one thing that GrapheneOS, Signal and others will need to at some point reckon with - the fact that they deliberately work at making law enforcements work harder and provide effective cover for criminals will get them into hot water. And I don't think population will stand at their side when they find that they've been helping CSAM traffickers hide their loot.
Having all that anti-governmental rhethoric won't end well for longerm survivability of these projects - which sucks for all of us.
Law enforcement is being lazy by trying to rely on mass surveillance rather than espionage tactics to catch criminals. Criminals learned long ago how to work around surveillance, so this doesn't really work on them. But it does subject the public citizen to undue scrutiny and violation of privacy, which history has shown is then used against the innocent. We don't need any more reminders of how popular authoritarianism has become. And it's often used to pin a crime on an innocent person (a common police controversy), or intimidate and harass them (see FBI).
> I don't think population will stand at their side when they find that they've been helping CSAM traffickers hide their loot.
This is just one of many examples of a false rhetoric used by politicians to manipulate the public into cow-towing to mass surveillance. We cannot stand for this and must fight it at every turn. "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
Which is not to excuse the fascist actions of the French government. I just don't like that quote.
They'll be targeted by the governments because of that perception.
Something designed to be private doesn't know the difference between a law enforcement officer trying to break into it and a criminal trying to break into it.
There is no special "anti-cop only code" that gets executed, any more than there are special "cop tools" that exist on some physical plane where criminals don't.
You can slam onto the downvote button all you want, but if you don't UNDERSTAND it, you can't FIGHT it effectively.
It's a typical left failing where you pretend to be too dumb to understand where the authoritarians are coming from to effectively fight it.
If we can't trust hosted services to protect our data, and we can't trust our own computers to preserve our data, the right to privacy simply doesn't exist.
You don't need to persuade me about it. You need to persuade your cops and governments that having your OS secure outweighs their wish to make crime fighting easy.
To actually do any crime with GrapheneOS you would also need at least a VPN and basic understanding of operational security. Just as you would need a lot more than just a knife and car to be a successful criminal.
A Pixel phone with GrapheneOS is not some magic device that let's you do crime without immunity, but that’s the story they want to sell you.
Once it became a big enough target it got taken down, and then quietly run by the police who collected everybody's messages for months before triggering a huge round of arrests, including quite a bit of major organized crime across Europe. The dangers of centralization. They'd love another EncroChat!
Doesn't apply so much to GrapheneOS of course since they're not in the messaging platform market, but it's definitely a cautionary tale.
Huh?
"Scared them shitless" in faux franglais.
Probably something like this would be close to the same colloquial meaning (I'm not familiar with any pants-shitting slang in French): EncroChat leur a foutu les jetons de ouf.
(closer to "scared the hell out of them")
Maybe consider replacing the redirecting url to the destination url? Not very good not being able to see the actual url linked imo.
Edit: I wonder why this is downvoted. The bureaucratic class holds enormous power in France, and has constantly acted against digital rights and privacy with impunity. The only institution that can somewhat restrain them is ECHR.
Already 15 years ago it was illegal to use Wi-Fi outside buildings in France. I still remember the old Nokias plastered with those warnings.
According to all the Annual Threat Assessment reports from the office of the Director of National Intelligence[1], the top four threats are
1. China
2. Russia
3. Iran
4. North Korea
There were three articles from newspapers (Le Figaro, Le Parisien) known for their rightist, pro-cops, opinions, and owned by billionaires (LVMH/Arnault, Dassault). In those articles, GrapheneOS is associated with bad actors purpotedly using it as a way to obfuscate their activities.
A comment was made by Johanna Brousse, Chief of French Cybercrime Unit, stating she would not refrain from pursuing the publishers if links were found with a criminal organization and they refused to cooperate with the justice system.
Another claim from a police investigator equates GrapheneOS usage to illegal activity.
@dang or other mods, could you change it?
Google Translated text:
> Two articles in Le Parisien yesterday, followed today by one in Le Figaro, have launched a shameful attack against GrapheneOS, a free and accessible open-source operating system for phones. At La Quadrature du Net, it's one of the tools we favor and regularly recommend for protecting against advertising tracking and spyware.
> Echoing the propaganda of the Ministry of the Interior, newspapers describe GrapheneOS as a "crime-related phone solution," and a police officer adds that its use is suspicious in itself because it indicates an "intention to conceal." By portraying GrapheneOS as a technology linked to drug trafficking, this attack aims to criminalize what is actually a secure privacy-preserving tool.
> In these articles, the head of the cybercrime section of the Paris prosecutor's office – who was behind the arrest of Pavel Durov – also threatens the developers of GrapheneOS. In an interview, she warns that she will "not hesitate to prosecute the publishers if links are discovered with a criminal organization and they do not cooperate with the justice system." https://archive.is/20251119110251/https://www.leparisien.fr/...
> The government regularly tries to link privacy technologies, particularly encryption, to criminal behavior in order to undermine them and justify surveillance policies. This was the case in the so-called "December 8th" case, where a police narrative was constructed around the (secure) digital practices of the accused to portray a "clandestine" and "conspiratorial" group. https://www.laquadrature.net/2023/06/05/affaire-du-8-decembr...
> Now, drug trafficking is being used to attack these technologies and justify the surveillance of communications. The so-called "Drug Trafficking" law was thus used as a pretext to try to legalize "backdoors" in encrypted applications like Signal or WhatsApp, without success. https://www.laquadrature.net/2025/03/18/le-gouvernement-pret...
> An article in Le Monde diplomatique from November extensively examines the history of the political exploitation of drug trafficking to justify security and surveillance policies. The police attack on GrapheneOS fits perfectly within this pattern. https://www.monde-diplomatique.fr/2025/11/BONELLI/68915
> In its response published yesterday, GrapheneOS points to the authoritarian tendencies of the French government, one of the most fervent supporters of the "ChatControl" regulation under discussion at the European level, one of whose goals is to put an end to end-to-end encryption. https://grapheneos.social/@GrapheneOS/115575997104456188
Additional context:
https://grapheneos.social/deck/@GrapheneOS/11557599710445618...
https://grapheneos.social/@GrapheneOS/115583866253016416
https://grapheneos.social/@LaQuadrature@mamot.fr/11558177594...
"This 27-year-old alleged trafficker is suspected of having run this drug telephone platform which, between 2023 and 2024 in Paris, collected a turnover of two million euros and is said to have caused three overdose deaths during chemsex parties."
https://archive.ph/20251124161701/https://www.leparisien.fr/...
(It'd be funny if French software was illegal to use in the EU for GDPR violations. )
Windows 11 moved all my files into the cloud without even asking me! I was livid--those are documents that I deliberately DID NOT WANT in the cloud! It's crazy what malice we have to put up with and navigate these days. It just keeps getting worse and more convoluted, too.
The latter has worked well because Germany is, to this day, occupied by the US & the UK. But the former has never worked out and is now bankrupting the EU!
yeah France doing France things. Like back when they forced Windows to store passwords in plaintext, with encryption outlawed. Sigh.
Your cell phone provider almost certainly will respond to a valid warrant and wire tap your non e2e encrypted phone call.
I'd be very surprised if the most common mode of remote communication in any time period was not subject to government interception in some format within a short time of becoming such. That includes physical mail, telegrams, landlines, cell phone calls, txt messages, emails, etc.
Referring to "how things used to be" is not in fact helping the case for privacy.
The goal should be, designing your infrastructure in such a way they simply cannot forward this traffic to law enforcement.
Yeah back then we just listened to the phone calls with scanners.
Built into the onslaught of demands of backdoors are two key ideas: A) That the backdoors will only be exploitable by the authorities and that B) they're even necessary to carry out their work in stopping trafficing.
I think most people know by now the first idea is preposterous. The second idea is too. The EU should focus on better police tools and tactics that detect and track the actual movement of goods.
Sadly, I don't think that that's true. I've been shocked by the lack of understanding there in groups of technical people who should know better. It's even worse in groups of non technical people. I'm afraid this is an ongoing battle, and every time ideas like this come up from government it's going to be an effort to inform the public.
This is a point that doesn't get raised very often: the actual crimes occur in "meat space", not electronically on a device. Haven't police and intelligence been solving crimes like that since 'the beginning'?
The coordination of a crime may be done electronically 'on device', but the actual crime occurs somewhere physical, generally with physical objects and the presence of the criminals themselves.
Why is it suddenly so much more difficult for law enforcement to do their jobs that the privacy of every member of the public needs to be able to be invaded?
Are police forces under-resourced to take on the "how it's always been" approach to fighting crime? Are law enforcement being subject to inapplicable software engineering rules of efficiency to save money? (Ie. Too much focus on the metrics, not the outcomes).
Don't police have great physical surveillance tools? Yes, it may cost more in having to physically surveil targets, but that seems (to me, and this is where the rift lies) that's a good compromise opposed to surveiling the entire populace.
Anyone can say anything in a piece of correspondence that they think is private. If it's made public it completely changes the context. A joke between friends, criminals or not, can look like conspiracy to X, Y, or Z. Research for a crime novel could appear like preparation for a Louvre heist. And even if it is, it's not a crime until it occurs, until that point it's not 'real', the thing suspected of being planned hasn't actually taken place until it takes place. Are we implementing pre-crime without the three psychics?
And one thing I know for sure is that law enforcement do not understand context. They're bred to find guilt, not innocence, and having a larger haystack they'll find plenty of hay they think look like needles. Gotta hit those metrics.
There's plenty of nuance missing from what I've written here, but I fairly strongly feel it's leaning towards reality rather than liberal fantasy.
So yes, their work is now harder and they're pushing back against that and trying to enact laws that return the previous state (or give them even more power).
> non-democratic country
My guess is there will be no debate... That said, we must acknowledge even having this debate is a positive step.
But really, the point GP was trying to make (IMO) is that all western democracies are very obviously sliding towards authoritarianism. They are building tools which, even _if_ they don't abuse them now, will be available to any future government and with time, the probability of one of them being non-democratic is 1.
> The FBI ran a sting operation in Europe where they created their own 'secure' phone and messaging platform. Their OS used portions of our code and was heavily marketed as being GrapheneOS or based on GrapheneOS.
So how do we know GrapheneOS itself isn't a honeypot? It's run by a mystery org and heavily marketed as being a secure platform.
https://en.wikipedia.org/wiki/Crypto_AG was a CIA front for 50 years.
Or, phrased differently, how much independent auditing is graphene OS subjected to?
No, it's run by a non-profit foundation whose records are public, along with their board of directors who are real people with a paper trail.
It's not some LLC shell company with a fictitious agent listed.
https://ised-isde.canada.ca/cc/lgcy/fdrlCrpDtls.html?p=0&cor...
They claim they are audited... by whom? When? Where are the results?
https://grapheneos.org/faq#audit
https://discuss.grapheneos.org/d/5527-who-has-audited-graphe...
> We've built relationships with security researchers and organizations interested in GrapheneOS or using it which results in a lot of this kind of collaboration.
When ChatControl will be in place, it'll only be a matter of time
The correct headline here would be ”GrapheneOS worried about France after negative press”
> Interviewed, she warns that she will “not stop pursuing publishers if links are discovered with a criminal organization and they [GrapheneOS] do not cooperate with justice.”
French law enforcement is conflating companies making products with GrapheneOS code with GrapheneOS itself. They're presenting it as if those companies are working with us and that we're responsible for their actions selling devices using our code. Most of those are using forks of GrapheneOS with features we don't have which are repeatedly incorrectly referred to as being GrapheneOS features. GrapheneOS users can read the many articles and see many references to non-existent features. They similarly refer to non-existent distribution methods and marketing which are actually about these products they're conflating with us. Since they're conflating products and actions by other people with ours, that makes their threats very concerning.
GrapheneOS doesn't even currently bundle an end-to-end encrypted messaging app as we don't have our own and leave choosing third party apps up to users. We plan to make an RCS app with MLS to replace people using Google Messages via sandboxed Google Play but that's no different than what Apple and Google are working towards providing earlier. Even if Chat Control was already the law, we don't have Signal or a similar app bundled with the OS and don't currently distribute a hardened build via our App Store despite plans for it. We do distribute the sandboxed Play Store and Accrescent via our App Store which have end-to-end encrypted messaging apps available...
VeraCrypt is French, too, iirc?
It seems unlikely that GrapheneOS is the same way, since it's free, but you never know - maybe it is made for drug lords, and giving it away to the rest of us is just for plausible deniability.
With the current evidence, its not ruled out that the french state is not doing anything at all.
