| |
| ▲ | nicman23 2 days ago | parent | next [-] | | that comparison you are pasting in multiple replies has lineageos without micro-g. | | |
| ▲ | icar 2 days ago | parent [-] | | MicroG is extremely insecure. Does nobody remember that they used to print your Google password in plain text in the logs? | | |
| ▲ | nicman23 2 days ago | parent [-] | | k but i do not care about an account that i do not have. i only use it for the gms or whatever is called now |
|
| |
| ▲ | throwaway-89876 2 days ago | parent | prev | next [-] | | [dead] | |
| ▲ | onli 2 days ago | parent | prev [-] | | [flagged] | | |
| ▲ | other8026 2 days ago | parent | next [-] | | The swatting attacks are public record, and can be confirmed through Toronto police records. > another hallucination by the Graphene developer I'm going to assume that by you saying "another" you mean that there were hallucinations before this one. What you are doing here is repeating baseless claims that they're crazy, which is complete nonsense. This is exactly the kind of problematic stuff that shows up on Kiwi Farms. Again, Rossmann has an account there and some of his videos seem to be made to appeal to Kiwi Farms users. | | |
| ▲ | bernoufakis 2 days ago | parent | next [-] | | Is having an account on Kiwifarms evidence that Rossmann is either directly or indirectly responsible for harassment against the GOS developer(s) ? | |
| ▲ | onli 2 days ago | parent | prev [-] | | [flagged] | | |
| ▲ | other8026 a day ago | parent | next [-] | | > You claim you know who did it. No. Nobody claimed to know the actual identity of the person. > Like the attacks he hallucinates from project They're not hallucinations. > I am confident in seeing signs of a mental disorder there and stating that publicly. Not a doctor, but is confident in their diagnosis of someone they don't actually know after watching some YouTube videos. > Complete Bullshit. I mean that these kinds of videos where he portrays people as crazy appeals to Kiwi Farmers. His verified account there, him participating there, and him making videos that do appeal to them all add up to me coming to the conclusion that they _SEEM_ to be made with the _intent_ to appeal to Kiwi Farms members. | | |
| ▲ | onli a day ago | parent [-] | | [flagged] | | |
| ▲ | mbananasynergy a day ago | parent | next [-] | | It is genuinely very strange that you're relying on people simply not clicking the link you're providing. The person who swatted Daniel spent days raiding our Matrix chat rooms, posting gore and CSAM. We know it was them who did it, because they bragged about it during their raids before we had made any public comments about it happening. We don't know who the person is, and neither does the police. The details we have about what was said during the calls was provided to Daniel via the police, especially since it happened 3 times, not just once. Thankfully after the first time the responders were somewhat aware of what was happening so it wasn't as scary. Your deflection is genuinely concerning. | |
| ▲ | bernoufakis a day ago | parent | prev [-] | | Do you happen to have a backup of the Matrix / Element export from Rossmann's video ?
It was Google drive link that seems to be unavailable now. | | |
| ▲ | onli a day ago | parent [-] | | Yes, I do. Surprised myself. Email me, address is in my HN profile. |
|
|
| |
| ▲ | mbananasynergy a day ago | parent | prev [-] | | >Complete Bullshit. Provide links to the videos, otherwise that is another evidenceless attack and just confirms your pattern. I assume you're not disputing that Rossmann has a verified Kiwi Farms account, that much is well documented. https://youtu.be/wgF92Wi8J7o The above video refers to a video by Destiny (https://youtu.be/ba383Zux0Mo) where he spends a bunch of time defending Kiwi Farms. Rossmann making a video about it and joking about "lolcows" is what has contributed to people at Kiwi Farms worshipping him, and his fan starting a thread about Daniel there where people tell him to kill himself. Stop defending this stuff and finding every opportunity you can to try and gaslight others - it's weird. |
|
| |
| ▲ | bernoufakis 2 days ago | parent | prev [-] | | Unfortunately I don't think they do. Disclaimer, I am a GrapheneOS user. I was introduced to GOS by Louis Rossmann initial 2 or 3 videos talking about giving them a FUTO grant, as well as praising GOS and showing how it easy it was to install, and how it gave back control to the user, and all the good things that GOS genuinely provides. I have (unfortunately) followed this saga and went down the rabbit hole since the very beginning. To my understanding based on publicly available data, the key "evidence" put forward by GOS developer(s) / community manager would be: 1. Louis Rossmann leaving the now pinned comment "Informative but unfortunate" on TechLore's video on the leadership of GOS. They claim this is Rossmann showing support for Techlore and his community to (allegedly) harassed the (at the time) lead developer of GOS. 2. Louis Rossmann having KiwiFarm account. Yes, KW is a cesspit. However, all of Rossmann's message on the board mostly focus on either addressing misconceptions about himself, or promoting right to repair and similar topic. This can be easily checked, and at no point there is any public evidence of him supporting harassment toward the GOS developers. 3. Louis Rossmann being acquainted with leadership of other de-googling Android OSes (CalyxOS mainly I think) and also giving them a FUTO grant. Essentially, "guilt by association". I know this because I have asked the community manager (goes by mbananasynergy on HN, and similar aliases on other platforms), and that is what they provided as "evidence" for Rossmann being guilty of harassing or promoting harassment against them (along with mentions of having 2 millions of USD worth of backing and ready to sue Rossmann, which has not materialized as far as know since ~1.5 years ago). I want to preface by saying that GOS is really a good software, I have been using it for 2 or 3 years since then, and no complaints on that side.
My biggest gripe however, is indeed with the leadership and management of the community. I created a new account instead of posting this with my main because the leadership is in my experience very abrasive, to say the least.
I have been banned without appeal from their Mastodon for leaving "thumbs up" smiley on : 1) messages suggesting the GOS devs to do an interview with Rossmann (as he did with other projects that received a FUTO grant) to further spread the word, or 2) messages suggesting to clear up the misunderstanding between the devs and Rossmann. Any disagreement on their official narrative, or contrary opinion (even in good faith) leads to bans if they are in control of the platform, and accusations of collaborating with groups that harass the developers. Even here, anything contrary to that narrative will receive the usual wall of text describing the poster as sockpuppets, harassers directed by Rossmann, Techlore, CalyxOS, or any other projects GOS developers are beefing with. I am disappointed by the situation, because I think GOS could have a larger presence and contribute to raising awareness about the importance of data security, but their leadership seems to be a considerable roadblock on that direction. | | |
| ▲ | gtsop 2 days ago | parent [-] | | This is a very interesting summary indeed, however I think matters are simpler and noone needs to dive that deep. Unfortunatelly, EVERYONE, from all parties, fire shots for the wrong reasons, which perverts the discussion. When you say to people to not use GOS because the lead dev is paranoid or the community is hostile you are throwing out the baby with the bathwater. The value GOS brings is undisputable. The quirkiness of the leadership is also undisputable. Let's decouple the two. If you wish for the community to get better, become yourself the better contact point amd generally focus on suggestion on that matter. Don't say to people to not use arguably the most secure android rom! I used to respect Rossmann a lot, but he fell in my eyes both for the LTT and the GOS incident. I have been watching LTT since a kid and I know that his has grown to be a jerk without looking at his private communications, but his competitors fired shots at him for the wrong reasons (honey case) and so did Rossmann, riding the wave. If you want to criticize someone for being a jerk do it, but do it for the right reasons, don't muddy the waters by injecting other stuff in the discussion. | | |
| ▲ | bernoufakis 2 days ago | parent [-] | | > When you say to people to not use GOS because the lead dev is paranoid or the community is hostile you are throwing out the baby with the bathwater. The value GOS brings is undisputable. The quirkiness of the leadership is also undisputable. Let's decouple the two. If you wish for the community to get better, become yourself the better contact point amd generally focus on suggestion on that matter. Don't say to people to not use arguably the most secure android rom! It's one thing to separate the artist from the art, but I think that analogy does not apply when it comes to e.g. an operating system which essentially handles all of your private data.
If anything, not being able to separate the art from the artist is the exact reason why GOS exists, the artist being "Google" and all their controversial practices.
(Edit: or a simpler analogy, would you trust the food (art) of a cook (artist) that threatens to ruin your life ?) The OOP is entitled to express his informed opinion and even provided what he based it upon.
As a user, I think that is important context when it comes to picking something as sensitive as an OS. > I used to respect Rossmann a lot, but he fell in my eyes both for the LTT and the GOS incident. I have been watching LTT since a kid and I know that his has grown to be a jerk without looking at his private communications, but his competitors fired shots at him for the wrong reasons (honey case) and so did Rossmann, riding the wave. I happen to have a similar background as far as LTT (weekly WAN show and what not) and Rossmann are concerned
As I mentioned before I (unfortunately) went into the GOS incident rabbit hole and overall still think Rossmann was principled.
As far as Rossmann's criticism of Linus about the LTT Honey case, perhaps he could have had a more nuanced approach, yes.
Regarding the BilletLabs cooling block, or the "Trust Me Bro", his criticism was substantive, and came from his own business background on dealing with customers (although you can argue that Rossmann has high standards).
I don't think Rossmann "fired shots for the wrong reasons", namely since LTT has publicly acknowledge the issues. > If you want to criticize someone for being a jerk do it, but do it for the right reasons, don't muddy the waters by injecting other stuff in the discussion. Just curious, but who is muddying waters, and how ? | | |
| ▲ | tholdem 2 days ago | parent | next [-] | | Your logic seems to fall apart here. > an operating system which essentially handles all of your private data. This is exactly why one should continue using GrapheneOS as it is by far the best, most secure and private option. If you do not agree with one project member about something that is not related to the technical features of the project, it does not matter, since you can not be targeted with any GOS updates. Same updates would have to go to all GOS users and as stated before, the previous project leader has a stellar reputation when it comes to their work and prior actions regarding users security and privacy. > the artist being "Google" and all their controversial practices You believing this is a problem, you should then be using an iPhone anyway. You are worrying GOS devs might push a malicious update, even when there are no proofs of that happening? What prevents the same from happening with other projects that are already inferior in every way? You are implying people should switch to less secure options because of this one thing that also applies to all other options? It does not make any sense and seems dishonest. | | |
| ▲ | bernoufakis a day ago | parent [-] | | > Your logic seems to fall apart here.
>> an operating system which essentially handles all of your private data. I will concede that my statement is not the most accurate.
However it is not a matter of logic, but description.
What I meant to say is that the OS is the substrate of all applications running on the phone, and all the relevant data.
Having privileged access to the OS opens the user to the most critical vulnerability. > This is exactly why one should continue using GrapheneOS as it is by far the best, most secure and private option.
Rationally speaking yes.
When the developer of the OS threatens to "public expose you" and accuses you of directing harassment / swatting against them without evidence however, a layman (that has no obligation to understand how GOS updates work) is justified in feeling unsafe or uncomfortable using said software.
A determined enough (hostile) developer could find a way to target him personally. Even if you personally feel it is unlikely, the probability is ultimately non-nil. The GOS x Rossmann matter was never a technical issue, it was about the (in my opinion) toxic approach of that lead GOS dev to Rossmann. A huge misunderstanding I dare say. But the damage was done and Rossmann is within his right to criticize his approach and stop using his software. > Same updates would have to go to all GOS users and as stated before,
This is a irrelevant point. Stuxnet was harmless to most systems, while still targeting very specific Iranian systems.
All GOS user, (me included) don't audit the code every time there is an update. > the previous project leader has a stellar reputation when it comes to their work and prior actions regarding users security and privacy.
Stellar reputation is quite the exaggeration. That lead GOS dev has an indeniable controversial and abrasive reputation.
Imagine the ingenuity and persitence that you perceive about his "work and prior actions regarding users security and privacy", and imagine it being deployed toward someone that dev does not deem as a "simple user", but a personal enemy / enemy of the project ?
Nobody would want to be on the receiving side of whatever such person is capable, and neither does Rossmann, understandably. > > the artist being "Google" and all their controversial practices
> You believing this is a problem, you should then be using an iPhone anyway. I will assume you are good faith, and just misread what I wrote.
My point was that in the same way we cannot trust Google software (at least privacy wise) because of the profit incentive of its leaders, another OS like Graphene OS can also inspire distrust if their leadership demonstrate hostile behavior (even if just toward a single specific user). > You are worrying GOS devs might push a malicious update.
Me personally, no. I am not worried. I know enough about software to know that it is unlikely. And I am a nobody.
Rossmann is, because he is a layman, and the lead dev was clearly hostile against him.
We don't get to deny his perspective. > even when there are no proofs of that happening ?
Not having proof of it never happening so far, is not a proof that it will never happen in the future. > What prevents the same from happening with other projects [...]
Nothing prevents it, and no one involved either in this discussion, nor in the original incident stated this. > You are implying people should switch to less secure options because of this one thing that also applies to all other options?
Again, nobody implied that. I personally never said it. My argument was that I found the leadership lacking, and to a certain extent, the community (examplified by this kind of "water carrying" arguments you have presented).
Even Rossmann himself never said it. He only made public his reasons for not mainly using GOS since the altercation, and still recommends it whenever he discuss phone privacy.
The grandparent however did bring up this issue with GOS leadership as a data point, which would still be good to have for prospective GOS users. > It does not make any sense and seems dishonest.
If anything, you moving the goal post with such strawmen arguments is what seems dishonest... |
| |
| ▲ | gtsop 2 days ago | parent | prev [-] | | > Just curious, but who is muddying waters, and how ? In the context of this whole rabbit hole, pretty much all of the parties. When you bring someone's dirt put in the public, not to support an argument but just to attack them because you don't like them, uou are muddying the waters. MegaLag did it for Linus Steve did for Linus Luis did for Linus Linus did for Steve Linus did for Luis Henry did for Daniel Luis did for Daniel And of course Daniel pretty much does for anyone :p These were not conversations based on logic, each had a reason to dislike the other and dag up dirt for clicks and for leverage. | | |
| ▲ | bernoufakis a day ago | parent [-] | | > When you bring someone's dirt put in the public, not to support an argument but just to attack them because you don't like them, uou are muddying the waters. To take the specific case of Rossmann, how is he muddying the water ? If anything, he is clarifying his position on stopping using GOS. It is important context, not "muddying the waters". You yourself say that:
> And of course Daniel pretty much does for anyone :p And Rossmann brought up the receipt to corroborate the GOS developer hostile behavior toward him, which was his argument.
And even if you take it further back to origin, the "Informative but unfortunate" comment, this was not targeting GOS's quality and claim of security. The argument in that specific case was the questionable behavior of the leadership, which you seem to agree was not a "conversation based on logic".
If some people can't be reasoned with, what is Rossmann supposed to do ? He "agreed to disagreed" and cut contact with the dev, kept the GOS situation under the lid as it was still a project he liked, but that was apparently not enough to keep that developer at bay ... | | |
| ▲ | a day ago | parent | next [-] | | [deleted] | |
| ▲ | gtsop a day ago | parent | prev [-] | | > If some people can't be reasoned with, what is Rossmann supposed to do ? Just stop interacting? When you have an argument with your colleague, do you go on twitter and post all your conversations and tell everyone how irrational he is? When you argue with a relative do you make an 1hour long video detailing how they missbehaved? Why did Luis felt the need to make content on his popular channel to expose someone with problematic behavior? Clicks. Money. And on top of that he is attacking his work which is actually very valuable. I don't care if Luis is on the right side of the argument. If he was chatting me up on the bus and told me about it, i would be glad to know. Attacking a person on public for money and leverage is bs. Edit: Especially in the case of Daniel, if you have made the conclusion that a person is trully paranoid, this is a clinical situation, do you expect to "fix" them by exposing them? Or are you throwing more gas to the fire? | | |
| ▲ | bernoufakis a day ago | parent [-] | | > > If some people can't be reasoned with, what is Rossmann supposed to do ? Just stop interacting? When you have an argument with your colleague, do you go on twitter and post all your conversations and tell everyone how irrational he is? When you argue with a relative do you make an 1hour long video detailing how they missbehaved? Why did Luis felt the need to make content on his popular channel to expose someone with problematic behavior? Rossmann did exactly in September 2022. If you actually bothered going through the document, would could see that they had an initial interaction that did not pan out. Rossmann wished Daniel best of luck and said he would not be further involved because of the disagreement. On his social media and other platforms, Daniel did not stop talking about how Rossmann was allegedly attacking (without any concrete evidence). Daniel himself contact Rossmann again out of the blue with borderline threats blackmail umprompted, as can be seen in Rossmann's video on "Why I deleted Graphene OS". Asking nicely did not work, and Daniel threatened to "publicly expose him", so he went public. What was he supposed to do ? > Clicks. Money. Rossmann channel is not making him money. It is not monetized. His business is about repairing Macbooks and data recovery. This drama does not generate him money. He does not get paid for people using CalyxOS etc... over Graphene OS. There is simply no incentive > And on top of that he is attacking his work which is actually very valuable. What "attack" ? Is a comment "Informative but unfortunate" on a video criticizing Daniel's behavior an attack ? Is giving the project a 40K USD grant no string attached an "attack" ? Is proposing an to do interviews to further promote the project an "attack" ? Is making videos to actually dispel misconceptions about GOS and praising how good it is on his channel and "attack" ? None of you who carry water for Daniel and his toxic behavior have any evidence of Rossmann directing attack at GOS, and even loss so Daniel himself. > I don't care if Luis is on the right side of the argument. If he was chatting me up on the bus and told me about it, i would be glad to know. Attacking a person on public for money and leverage is bs. Again, no evidence it is about money and leverage. > Edit: Especially in the case of Daniel, if you have made the conclusion that a person is trully paranoid, this is a clinical situation, do you expect to "fix" them by exposing them? Or are you throwing more gas to the fire? Keeping it private the first few time did not seem to work, might as well try.
If Daniel himself is beyond help, at least make it so other people know what kind of person they are entrusting they phone security and privacy to. By the way, I managed to find their archived conversation which are not available anymore in the video description. Curious about your opinion on it: <https://www.swisstransfer.com/d/d75ff782-4a7d-4497-b04e-edd1...> |
|
|
|
|
|
|
|
|
| |
| ▲ | bernoufakis 2 days ago | parent | next [-] | | I second this opinion, with some additional nuance. While I don't think the developers necessarily hallucinates being attacked (i.e. given the nature of the project, I would expect them to be persons of interest, be it from surveillance agencies, or even state actors), the main issue with Rossmann is their claim that he is either personally directing harassment against GOS, or colluding with and encouraging other communities to harass (mainly Kiwifarms, Techlore, CalyxOS, and other Android related FOSS projects).
This claim seems to originate then cascade from Rossmann leaving the comment "Informative, but unfortunate" on TechLore's video criticizing GOS's leadership.
This is taken as explicit support of TechLore community's / KiwiFarms alleged harrassement on the lead GOS developer, and this has somehow been cascaded and blown out of proportions, and considered by GOS developers as evidence of Rossmann's wrong doing against them. As mentioned somewhere else, I am using GrapheneOS since 2 or 3 years now, based on Rossmann recommendations.
The software is very good, pretty much native Android experience, but without the extra alleged Google snooping / root access.
Rossmann himself seemed to have stopped using it as his main device because of fear of retaliation given that the GOS devs could potentially target him. Better safe than sorry.
I still use it because I am not that high profile of a person, and generally will use throwaway when it comes to discussing anything GOS related at this point.
The overall leadership however, based on Rossmann's and later my personal interactions with them however, did leave a bad after taste. | | |
| ▲ | other8026 2 days ago | parent [-] | | > Rossmann himself seemed to have stopped using it as his main device because of fear of retaliation given that the GOS devs could potentially target him. But he didn't. It's clear in his later videos that he was still using GrapheneOS, I believe even for months after the video. > Better safe than sorry. People who are familiar with how GrapheneOS updates work wouldn't agree. No identifiers are sent to the update server, so targeted updates aren't possible that way. Also, update servers only host static files. If Rossmann was really that worried, all he'd have to do is use a VPN. But that was all just a huge dramatic act so his video would get more views, and possibly to entertain his fellow Kiwi Farms members. | | |
| ▲ | bornfreddy a day ago | parent | next [-] | | > > Better safe than sorry. > People who are familiar with how GrapheneOS updates work wouldn't agree. No identifiers are sent to the update server, so targeted updates aren't possible that way. Also, update servers only host static files... We are literally talking about an OS here. It has an almost total control over your phone - what does it matter if the updates can be targeted? The GOS could snoop on their users and turn into malware only if it figures out that this is Rossmann's phone. This is what is keeping me from installing GOS too. Interaction from the developers seems very aggressive towards the competing OSs, which doesn't inspire much trust. Who is reviewing the GOS changes? Are they really all benign? In the end you need to trust someone, but I'm not sure GOS is more trustworthy than LineageOS (which has a bigger community, more developers and /e/os building on top of them). Happy to be convinced otherwise. | | |
| ▲ | other8026 12 hours ago | parent [-] | | > The GOS could snoop on their users and turn into malware only if it figures out that this is Rossmann's phone. Well, yes, but not really. What you're saying could be true if the OS wasn't open source. It's not some small OS that nobody knows about. There are forks of the OS, there are other projects that selectively copy code/commits from GrapheneOS, there are security researchers who pay attention to its development. There are also people who reproduce and verify builds. It's just not possible for that kind of code to be snuck in there. This section of the website about whether GrapheneOS is audited is also helpful https://grapheneos.org/faq#audit > This is what is keeping me from installing GOS too. Interaction from the developers seems very aggressive towards the competing OSs, which doesn't inspire much trust. If you pay attention to what they're responding to, you'll find that a lot of that is in response to something they said, clarification about inaccuracies in news articles, etc. The official accounts are also followed by many of the OSes' users, so some posts are for them too if certain things are being talked about in the community. > In the end you need to trust someone, but I'm not sure GOS is more trustworthy than LineageOS (which has a bigger community, more developers and /e/os building on top of them). I personally prefer quality over quantity. GrapheneOS developers take a long time to develop new features, test them, rewrite them, and it goes on and on until they have a resulting feature that is very high quality. They also have to keep in mind how much they're adding/changing so features and changes can be ported quickly when there are new upstream releases. Updating quickly is very important for security. Leaving vulnerabilities unpatched for months is not acceptable for a project and users who value security. The same can't be said of LineageOS or /e/OS. They're slow to update, roll back security, etc. |
| |
| ▲ | bernoufakis a day ago | parent | prev [-] | | > But he didn't. It's clear in his later videos that he was still using Graphene OS, I believe even for months after the video. Emphasis on "seemed to have stopped using it as his main device". For all we know, he kept it as secondary device (its just that good) after removing anything he deemed critical.
Again, he never said "don't use GOS", or "GOS is not secure".
He said he was did not feel safe enough because of the hostility from the lead dev. > People who are familiar with how GrapheneOS updates work wouldn't agree. No identifiers are sent to the update server, so targeted updates aren't possible that way. Also, update servers only host static files. If Rossmann was really that worried, all he'd have to do is use a VPN. But that was all just a huge dramatic act so his video would get more views, and possibly to entertain his fellow Kiwi Farms members. Does it matter ? Rossmann is a layman when it comes to software.
What he perceives is that "lead GOS dev is hostile against me and has essentially full control over the project".
First, he is under no obligation to spend hours learning how GOS updates work and audit the code every release, whether or not some identifier is being tracked or not (and by the way, you can still get identified and tracked even if you use a VPN).
The damage was done once that lead GOS dev persist in toxic behavior, for the lack of a better word. > But that was all just a huge dramatic act so his video would get more views, and possibly to entertain his fellow Kiwi Farms members. Unsubstantiated claims. We cannot read his mind, and I have yet to see any evidence that would support these. | | |
| ▲ | Andromxda a day ago | parent [-] | | > you can still get identified and tracked even if you use a VPN Sure, but that requires additional data about the user, which the GrapheneOS update server doesn't get. Both the update client and the update server are open source, so you can verify any of what I'm saying. The server only sees the user's IP address, which device model they're requesting an update for, and which update channel (alpha/beta/stable) they are using. The HTTP headers, etc. for the request would be identical across any GrapheneOS device, as they use the exact same updater app. https://github.com/GrapheneOS/releases.grapheneos.org
https://github.com/GrapheneOS/platform_packages_apps_Updater > First, he is under no obligation to spend hours learning how GOS updates That literally takes a few minutes to look up, it's all really well documented on the official website. https://grapheneos.org/faq#default-connections But yes, I do believe that he's obliged to do some research before putting out such absurd claims entirely based on speculation with no technical knowledge or understanding. | | |
| ▲ | bernoufakis a day ago | parent [-] | | > That literally takes a few minutes to look up, it's all really well documented on the official website. https://grapheneos.org/faq#default-connections Again, that is beyond the point. The developer going rogue (for arbitrary reason) and turning the code malicious is not impossible. > That literally takes a few minutes to look up, it's all really well documented on the official website. https://grapheneos.org/faq#default-connections All of you who keep commenting "But it's so easy, just look it up" are lacking consideration and empathy. Other people don't think like you, they don't have to think like you. Just the documentation you have linked has so many technical terms, someone not familiar with networking and system design will barely make any sense of it. It is a also a matter of trust. After the developer express their hostility multiple time, even if someone was willing to go through it, what if the documentation is not forth coming ? It is within the devs control after all.
How does one even make sure that the software does what the documentation says it does ? etc... > But yes, I do believe that he's obliged to do some research before putting out such absurd claims entirely based on speculation with no technical knowledge or understanding. What "absurd" claim did he put out exactly ? His issue was never about the technical aspects of GOS. It was about the broken trust and the perception that using software from a hostile developer was a risk factor, hence his stopping using it (at least on his devices with sensitive info). | | |
| ▲ | Andromxda a day ago | parent [-] | | > Other people don't think like you, they don't have to think like you. I'm quite certain that there are more people than just me, who think that someone with close to two million subscribers on YouTube should fulfill due diligence by doing some basic research and at least read the extensive official documentation that's provided, before putting out a video with serious allegations and a very high potential of harming someone's reputation. I would go further and say that it was his intention of harming the project's reputation, but that's just my personal opinion. It's objectively clear though, that this is a very low quality video full of baseless speculation, and severely lacking any technical understanding and knowledge. > What "absurd" claim did he put out exactly ? His speculation about targeted malware in the OS. This is exactly the same as going to a restaurant, having an argument with the owner, and then claiming that they might be putting poison in the food, even though there's absolutely zero evidence or anything that might indicate that, solely because you had a disagreement with someone and now want to harm their reputation. | | |
| ▲ | bernoufakis a day ago | parent [-] | | > It's objectively clear though, that this is a very low quality video full of baseless speculation, and severely lacking any technical understanding and knowledge. "Baseless" could not be further away from the truth. You literally have the GOS developer messages coming in live while he rehashes frivolous accusations and threatening to exposing him.
To claim objectivity, when you seem to cherry pick the parts of the video that would (loosely) fit your narrative. Where is your evidence that Rossmann is in anyway associated to harassment campaign against the project ? > This is exactly the same as going to a restaurant, having an argument with the owner, and then claiming that they might be putting poison in the food, even though there's absolutely zero evidence or anything that might indicate that, solely because you had a disagreement with someone and now want to harm their reputation. Damn, so close, you were almost there. A more accurate analogy you could have come up with, had you actually critically listened to Rossmann's argument in his video.
Yes, it's like going to a restaurant and having a disagreement with the cook, for the latter to explicitly threaten to harm onto you.
At that point, is it that far fetched to think he might poison the food ? When you know he has full control over the kitchen ? You can disagree with Rossmann perception of the actual threat, but you should at least admit that it is not absurd for Rossmann to think that someone who demonstrated such irrational behavior might attempt to harm in through the means at their disposal, among which introducing malicious code. It might be unlikely given what we know about software dev, but it is not impossible, and for Rossmann, that is the only thing that matters at the end of the day. Moreover, the GOS dev himself clearly stated he would "publicly expose him" (At 2:14 in https://youtu.be/4To-F6W1NT0?t=134 "and there will be information published about your (Rossmann) attacks on me in support of an abusive person).
Why the double standard ? That GOS dev can go around dishing out "reputational harm" but his targets doing the same is not fair game ? At this point, Rossmann did him a service by publishing everything himself.
As far as any reputational harm is concerned, the GOS developer essentially brought it on himself. Could have dropped back when they had the fallout in September 2022, as per the chat logs (<https://www.swisstransfer.com/d/d75ff782-4a7d-4497-b04e-edd1...>) ... > I would go further and say that it was his intention of harming the project's reputation, but that's just my personal opinion. Sure, "harm the reputation of the project" when he was proactively giving them no string attached grants, spreading the word, and giving them an opportunities to tell their side of the story ... > I'm quite certain that there are more people than just me, who think that someone with close to two million subscribers on YouTube should fulfill due diligence by doing some basic research and at least read the extensive official documentation that's provided, before putting out a video with serious allegations and a very high potential of harming someone's reputation. Then in the first place, perhaps the cyber security geniuses who built a privacy and security oriented OS for smartphone could do the due diligence of gathering and presenting actual evidence of Rossmann implication in the alleged harassment campaign before before posting multiple accusatory statements across their socials media "with serious allegations and a very high potential of harming someone's reputation" ? | | |
| ▲ | other8026 13 hours ago | parent [-] | | >> It's objectively clear though, that this is a very low quality video full of baseless speculation, and severely lacking any technical understanding and knowledge.
>"Baseless" could not be further away from the truth. You yourself have even admitted that while it may not be true that he can be targeted, you make excuses for Rossmann saying he's a "layman when it comes to software". So, yes, it is baseless. > it's like going to a restaurant and having a disagreement with the cook, for the latter to explicitly threaten to harm onto you. At that point, is it that far fetched to think he might poison the food ? When you know he has full control over the kitchen ? This is a horrible metaphor because an open source project and the resulting OS is nothing like that. Better analogy would be that all the customers can watch the chef while they work, they all share the same food, and there are even cameras there for the world to see what the chef is doing in real time. > You can disagree with Rossmann perception of the actual threat, but you should at least admit that it is not absurd for Rossmann to think that someone who demonstrated such irrational behavior might attempt to harm in through the means at their disposal, among which introducing malicious code. If he had any integrity, he would have retracted that part of his video _at least_ when people pointed out that it wasn't true that he could be targeted. But as far as I know, he hasn't. > Then in the first place, perhaps the cyber security geniuses who built a privacy and security oriented OS for smartphone could do the due diligence of gathering and presenting actual evidence of Rossmann implication in the alleged harassment campaign before before posting multiple accusatory statements across their socials media "with serious allegations and a very high potential of harming someone's reputation" ? Anyone who thinks for even a moment can see what happened here. Someone tried to murder Daniel 3 times, he was upset about that and with Rossmann, he talked to Rossmann, Rossmann _records_ it as it's happening knowing full well what he was doing (which I'd argue is quite scummy), and releases the video complete with inaccuracies about the potential of being targeted. Not to mention he has a verified Kiwi Farms account, which anyone who knows the history of that site can draw their own conclusions. It's very easy to see what's all right out there in the open. | | |
| ▲ | Andromxda 12 hours ago | parent [-] | | Btw I reread all the emails exchanged by Rossmann and Micay (I had already read them back when they were released, but that was over 2 years ago), and I don't see how anything Daniel Micay said would be incorrect.
Moreover, I found it quite alarming, how Rossmann addressed exactly zero of Micay's actual points, and then tried to distract from the entire situation with manipulative tactics and by trying to discredit him through his baseless assumptions about Micay's mental health.
These leaked emails don't prove anything, other than Louis Rossmann being ignorant and manipulative. |
|
|
|
|
|
|
|
| |
| ▲ | gf000 2 days ago | parent | prev | next [-] | | Calyx has lackluster security practices, and even removes signature checking so they can sell microG as Google Play Store to apps. This is an objective statement, graphene OS is leagues ahead of anything on the market in terms of security, while calyx is basically just a custom ROM to tinker with. As for the personal aspect, the lead developer is definitely not the best representative of the project from a communication perspective as he might not have that kind of social skills (based on his posts). [1] But he (Micay) is an excellent security researcher, and has an excellent track record when it comes to prioritizing his users. There was a sponsorship in the beginning, where the legal entity, CopperheadOS tried to hijack the whole project. But Micay rather kill the project, than let the users' security suffer and revoked the signing keys. And I'm sure such a betrayal would cause anyone to lose a lot of faith in others' actions. > Give that person root Complete bullshit, what root?! And if anything, you are the one who are trying to discredit a project here, by sharing some dumb clickbait video. [1] I see that there is now a project manager doing most of the communication, which is an excellent solution! | | |
| ▲ | onli 2 days ago | parent [-] | | Do I have to explain what root is, or what are you not understanding about the concept of the software provider having complete control of the software on your phone and thus having root rights? Your CopperheadOS description is one perspective, one that does not look all that believable now after his mental illness became clear. I did not share the video, but I would and it is not clickbait. I will not further respond to you, I don't think this would lead to a fruitful discussion. Kindly think about what kind of trust is necessary to trust in the proper functioning of a device as personal as a modern phone, and think about attack scenarios that could occur when the main developer of your OS is not trustworthy in the slightest. | | |
| ▲ | other8026 2 days ago | parent [-] | | > after his mental illness became clear. Here you are again in yet another comment repeating these baseless claims about mental illness. > think about attack scenarios that could occur when the main developer of your OS is not trustworthy in the slightest. First of all, he's not the main developer. There are multiple developers. The other developers do most of the development work these days. But to say that the OS is untrustworthy is completely false. You say GrapheneOS's founder has a mental illness based on watching a video where someone turned malicious toward the project recorded a conversation where the founder was extremely upset after being swatted multiple times. The update client doesn't send identifiers when checking for updates, and the update servers only have static files saved to them. You're making stuff up here, and clearly trying to turn people off of using GrapheneOS by repeating baseless claims that the founder is crazy and fake worries of being targeted by them. |
|
| |
| ▲ | other8026 2 days ago | parent | prev | next [-] | | There's way much more to it than what you said here. > extremely hostile and threatened Rossman At the time, he was very upset. You know, because he was swatted multiple times. Of course he was upset when Rossmann showed his true colors and was trying to talk to him. Rossmann saw this as an opportunity and recorded it as it was happening. He tries to portray Daniel as crazy and people who attack the project and his friends on Kiwi Farms lap that stuff up. It's not true that he stopped using GrapheneOS, though. He continued using GrapheneOS for months after that video, which you can see by watching his later videos. > hallucinates Repeating baseless claims that he's crazy. > You have to be aware that you give that person root when you use Graphene. What? This is a very strange way to say it. Either way, it's literally impossible for someone on the GrapheneOS team to target someone like what was claimed in the video. GrapheneOS devices don't send identifiers when they contact the update server. The update servers also only host static files. > Calyx seems to be the best alternative right now without such a risk factor. The "risk factor" is completely false. It's all made up to attack GrapheneOS, making the founder look like a crazy person, then people are scared of using the OS. CalyxOS is not a hardened OS and rolls back security in some ways. It's not the next best alternative for people who care about these things. | | |
| ▲ | onli 2 days ago | parent [-] | | Nothing I said is baseless and contrary to you, I do provide sources. > Of course he was upset when Rossmann showed his true colors I saw the chats. You lie. Showing his true colors = not accepting that there is an evil conspiracy and asking for proof. You are completely brainwashed and I will not continue this discussion. If Calyx is not the next best alternative be invited to link to what you think is the best alternative. I still think it's Calyx. | | |
| ▲ | Klonoar a day ago | parent | next [-] | | …you haven’t provided any sources at all. | | |
| ▲ | bernoufakis a day ago | parent | next [-] | | The main source is the video, where you can see the GOS developer writing him live. For more context, there was a Google Drive link that is unfortunately not available anymore, but I found and uploaded it here: <https://www.swisstransfer.com/d/d75ff782-4a7d-4497-b04e-edd1...> It has they initial conversation and disagreement in September 2022, after the GOS developer in question accuses Rossmann of being complicit with harassment campaigns again said dev., because he also gave the same 40K USD FUTO grant to other similar project and had some interview with their developers. The second set of files are the text messages that feature in the video, after said GOS developer contacted Rossmann umprompted on May 2023 with the same type of accusation. Feel free to peruse and make you own opinion. | |
| ▲ | onli a day ago | parent | prev [-] | | I'm responding to it directly, the main source is the video linked in parent of this thread. Its description contains further links. I also did link to a relevant statement from the developer in a subthread here. All I said is sourced. | | |
| ▲ | Klonoar a day ago | parent [-] | | As best I can tell, you've done nothing more than brigade a thread with odd claims about the GOS developer, sourcing from an interaction with a known drama YouTuber/KiwiFarms associate. The people you've had respond to you in this thread, who likely have more intimate knowledge of what actually happened, have done a better job of breaking down this stuff - so I'll just defer to them. |
|
| |
| ▲ | other8026 2 days ago | parent | prev [-] | | > I do provide sources. You provided exactly 0 sources in all of the comments I've seen posted by you so far. > Showing his true colors = not accepting that there is an evil conspiracy and asking for proof. "Evil conspiracy"? You say that someone else is paranoid and yet you are saying things like this? It's kind of ironic. > You are completely brainwashed Okay. If you say so. | | |
| ▲ | bernoufakis a day ago | parent [-] | | The main source is the video, where you can see the GOS developer writing him live.
For more context, there was a Google Drive link that is unfortunately not available anymore, but I found and uploaded it here: <https://www.swisstransfer.com/d/d75ff782-4a7d-4497-b04e-edd1...> It has they initial conversation and disagreement in September 2022, after the GOS developer in question accuses Rossmann of being complicit with harassment campaigns again said dev., because he also gave the same 40K USD FUTO grant to other similar project and had some interview with their developers. The second set of files are the text messages that feature in the video, after said GOS developer contacted Rossmann umprompted on May 2023 with the same type of accusation. Feel free to peruse and make you own opinion. |
|
|
| |
| ▲ | gtsop 2 days ago | parent | prev [-] | | Can you elaborate on why this is a risk factor? What do you mean by saying we're giving him root? If a person is paranoid of being chased i would expect them to put even more effort into the security of the OS he develops, not to add backdoors. But please expand your own reasoning. | | |
| ▲ | bernoufakis 2 days ago | parent | next [-] | | To put it simply, the (at the time) lead developer of GOS and Rossmann had some disagreements. At the time, Rossmann was mainly using GOS, but due to what he perceived as hostile behavior from GOS toward him through their communication, he opted to stop using GOS (at least on his main device, as he claims). His rationale was that the behavior of said lead developer was not "rational" and "scary", and since the developer has not only edit access to GOS code but also update publishing infrastructure, Rossmann's data or himself could be targeted through malicious code pushed via an update, for example.
While GOS is opensource and malicious code or exploits could be detected by the community, he himself did not have confidence to audit the source code to make sure it was safe, hence his decision to stop using. By risk factor, I think the grandparent suggests that something similar could happen to someone else using GOS, the risk factor being essentially at the mercy of GOS developer, would they wish to harm said user. | | |
| ▲ | other8026 2 days ago | parent | next [-] | | > Rossmann's data or himself could be targeted through malicious code pushed via an update, for example. While GOS is opensource and malicious code or exploits could be detected by the community, he himself did not have confidence to audit the source code to make sure it was safe, hence his decision to stop using. This isn't even possible given how updates on GrapheneOS work. The update client doesn't send identifiers to the update server, and the update server only hosts static files. Rossmann either doesn't understand this, or he made it up to get more views, or possibly to entertain fellow Kiwi Farms members. To be honest, I don't think that he didn't understand that he couldn't be targeted. He continued using GrapheneOS for months after the video. As I understand it, it was clear in a few videos months after the initial video was published. | | |
| ▲ | bernoufakis a day ago | parent [-] | | > This isn't even possible given how updates on GrapheneOS work. The update client doesn't send identifiers to the update server, and the update server only hosts static files. > Rossmann either doesn't understand this, or he made it up to get more views, or possibly to entertain fellow Kiwi Farms members. Expecting a layman to know that is not reasonable. The argument is not about the GOS updates work in practice.
It is about the "perpection", from Rossmann's perspective that the lead dev of the OS is hostile against him.
Humans are not purely rational machines, and given the choice of either 1) spend hours auditing source code and updates pipelines (every release ?) and 2) stop using it for critical purpose, the latter is the easier choice, especially for a busy person like him. > To be honest, I don't think that he didn't understand that he couldn't be targeted. He continued using GrapheneOS for months after the video. As I understand it, it was clear in a few videos months after the initial video was published. For all we know, he is using it on his secondary device where he has removed what he deems critical.
Again, Rossmann NEVER said "don't use Graphene OS", or "Graphene OS lack security" or anything of the sort.
If anything, even after that video, he kept recommending GOS whenever he talked about privacy. His argument is that he did not feel safe knowing using software from a hostile developer; and that he can't be bothered / not qualified to audit the code well enough to make it worth it (which is reasonable if you ask me, and I dare say most people). Edit:
> Rossmann either doesn't understand this
Again, I agree with you here. He does not understand. He trusted the developer(s) to know what they are doing, but they broke that trust by being unreasonable, to say the least.
He is under no obligation to understand.
As for what you stated after that, I won't comment on it as I don't read minds, and pretty sure neither do you. | | |
| ▲ | other8026 13 hours ago | parent [-] | | There are a couple of comments in response to my own saying basically the same thing, so I'll do the same... Rossmann shouldn't be excused for making his harassment video about Daniel because he doesn't understand how things work. Anyone who bothers to think about it for a moment would understand that someone who had been swatted 3 times by a crazy person spamming community chat rooms with illegal content would be extremely upset. Someone tried to _murder him_ and was trying to destroy the project, and then this video comes out leaking a private chat, and Rossmann portrays him as crazy? Rossmann knew what was happening and then his first thought was to start recording? How is that justifiable? You confessed you are a Rossmann fan in another comment, but even a fan should be able to see what had gone on here... > Expecting a layman to know that is not reasonable. And you are defending the inaccuracy in his video saying he's afraid of being targeted when it's not even possible, and your excuse for him is that he doesn't understand. There is no excuse for his video in the first place, but to also add this falsehood that he even can be targeted is extremely damaging for a project prioritizing privacy and security. And yet even though I'm sure he knows this now, as far as I know he hasn't retracted what he said. I don't think he cares about accuracy. Among other things, he's a YouTuber and he got views and attention, so I guess he got what he wanted at the expense of someone else during an extremely trying time. I don't think that's justifiable, I think it's scummy. > If anything, even after that video, he kept recommending GOS whenever he talked about privacy. Doesn't excuse what he did. |
|
| |
| ▲ | gtsop 2 days ago | parent | prev [-] | | So rossmann literally feared of a patch that was like this getting into graphene if (user is rossmann) { // do bad things
}makes me think who is paranoid here. | | |
| ▲ | fph 2 days ago | parent | next [-] | | Note that this patch would have to be sent out to all users though, since I don't think there is an authentication mechanism that lets them send out different upgrades to different users. And if your whole business is a secure OS, it's a very risky proposition: you get caught doing this once, and your reputation is gone forever. | |
| ▲ | bernoufakis 2 days ago | parent | prev [-] | | Your example is a strawman, as a determined enough actor, especially a security expert(s) like GOS developers could pull it off and get such patch / exploit.
The probability is not zero.
It will probably not be obvious to spot, would be spread over multiple files of code that don't necessarily relate to each other at first glance, as many documented CVE illustrated (one that comes to mind given HN context is the XZ utils backdoor from last year for e.g.) Rossmann himself has no confidence to audit the code, so why take the risk ?
Good enough reason to be "paranoid", or at least feel uneasy about it if you ask me. | | |
| ▲ | gtsop 2 days ago | parent [-] | | Is it really a strawman? At some point, the code would need to identify rossmann. Please elaborate on the techniques required to do it and how it could be obfuscated. GOS doesn't use an account, so the code would have to perform very targeted heuristics in order to verify this is Luis' phone. It would have to compare his sim number against a known one, or dig into application data to find his logins and compare them against known emails. So the only way to not write `if (user is rossmann)` would be to send various diagnostics over the wire, to a service that contains these identifiers and perform the comparison onlinr, meaning he would introduce an imense security whole into everyone's phone, and everyone would see there is a home calling. So it's either a patch of if user == rossmann, or a home calling patch. | | |
| ▲ | bernoufakis a day ago | parent [-] | | > Is it really a strawman? At some point, the code would need to identify rossmann. Please elaborate on the techniques required to do it and how it could be obfuscated. I don't have to elaborate techniques. If a determined (and potentially mentally unstable) developer decides to leverage their full control over the OS to make it happen can. I don't have to elaborate on the techniques which might or might not exist yet.
Stuxnet only targeted specific Iranian systems, a needle in a hay stack, was spread did not harm random devices across the globe, and stayed mostly undetected. And this was done without "developer access" to the software itself.
Is it hard ? Yes. Is it likely (especially given the knowledge of how GOS works) ? Perhaps not. Is it impossible ? Definitely not. When the lead dev of the OS you use daily threatens to "publicly expose you" as a user, I won't blame said user to stop using the software. And even less, to provide such data point regarding the behavior of that developer. | | |
| ▲ | other8026 13 hours ago | parent [-] | | > mentally unstable It's not appropriate for you to be saying these things. > Stuxnet only targeted specific Iranian systems, a needle in a hay stack, was spread did not harm random devices across the globe, and stayed mostly undetected. And this was done without "developer access" to the software itself. Is it hard ? Yes. Is it likely (especially given the knowledge of how GOS works) ? Perhaps not. Is it impossible ? Definitely not. This makes no sense. GrapheneOS is an open source project and anyone can look at the changes made by the project. Even the OS is reproducible and people do check that, apparently, so GrapheneOS would be caught if they were making changes. Like I even found this repository just now after a quick search https://github.com/lucasbeiler/reproducible-builds-grapheneo... GrapheneOS isn't just some random OS that nobody has heard of. There are lots of eyes on it, so sneaking some backdoor into the OS would be very difficult and extremely stupid. One misstep and the project would be gone. Do you really think Rossmann is worth that? I don't. > When the lead dev of the OS you use daily threatens to "publicly expose you" as a user, I won't blame said user to stop using the software. And even less, to provide such data point regarding the behavior of that developer. I've already pointed out in other comments that he had no good reason to fear a targeted update. It's just not possible. He should know that by now, but as far as I know he has never retracted that part of his video. |
|
|
|
|
| |
| ▲ | onli 2 days ago | parent | prev [-] | | Well, he can do everything to your phone, software and data by pushing software updates. When there was a dispute in the former project copperhead he deleted the cryptographic keys, blocking software updates. Paranoia could result in just making the system more secure, but why not add a backdoor to find the spies in your userbases that communicate with the black suited men that secretly run our government? After all it is easy, they all play a specific game where they communicate via secret messages in chat. You just don't know what will happen is what I'm saying. The "he has root" is also a reference to ubuntus shuttleworth. | | |
| ▲ | gf000 2 days ago | parent | next [-] | | > when there was a dispute in the former project copperhead You mean who tried to hijack the project in a very questionable direction, harming their users, he rather lighted the project on fire then let the users' security be compromised? If anything, that is the greatest compliment you could give him. Also, this is fud that he can push any kind of code, like you can easily check any part of the pipeline. | | |
| ▲ | bernoufakis 2 days ago | parent [-] | | > You mean who tried to hijack the project in a very questionable direction, harming their users, he rather lighted the project on fire then let the users' security be compromised?
> If anything, that is the greatest compliment you could give him. On one hand, sure it can be a compliment.
On the other hand, it only increases the perception that he is could enact significant harm if he ever comes after you. > Also, this is fud that he can push any kind of code, like you can easily check any part of the pipeline. Who is "you" ? Neither Rossmann, neither me (software dev albeit not in cybersecurity), and even less so the average GOS user, and I would venture to guess that neither you can audit GOS code with enough confidence to declare that the risk of an exploit or backdoor being introduced is zero.
Open-source is not a guarantee that code or software is secure (for e.g. CVE in xz utils and many such cases). Edit: some clarifications. | | |
| ▲ | other8026 2 days ago | parent [-] | | > On the other hand, it only increases the perception that he is could enact significant harm if he ever comes after you. But that would be incorrect. It's not possible for anyone from the GrapheneOS project to target a GrapheneOS user that way. Look into how updates and the update servers work. > neither you can audit GOS code with enough confidence to declare that the risk of an exploit or backdoor being introduced is zero. The updater app is pretty easy to read through. I think a software developer would be able to understand it. The update servers' setups are also very easy to understand. It doesn't take a software developer genius to figure these things out. | | |
| ▲ | bernoufakis a day ago | parent [-] | | > But that would be incorrect. It's not possible for anyone from the GrapheneOS project to target a GrapheneOS user that way. Look into how updates and the update servers work. My point is that from Rossmann's perspective, being target of the lead GOS software dev hostile behavior as per his "Why I deleted Graphene OS" induces Rossmann's --> perception <-- that the GOS could go after him if he really wanted to.
First, everyone is busy and has their life, suggesting that his spend hours going through code and documentation he is not familiar with to make sure he is not target is moot. Most people don't read TOS, and same goes for Licences and docs of OSS.
Between doing that and stop using it as it's main device OS, the easier choice is the latter.
As a software dev myself, your expectation of layman being able to navigate something like a code review, or even an investigating an exploit is hardly reasonable. So it is not "incorrect". I am not even saying Rossmann could be targeted. I cannot even make this claim as I have not gone through the docs nor understand the build and update pipeline, which is kind of my point: I can't be bothered neither for GOS, nor for the most of the FOSS software I use. The majority of OSS user rely on the vague concept that motivated and honest people audit the code, but hardly anyone is going deep dive into how an arbitrary piece of software works. The main issue is the attitude of that GOS developer, whether they like it or not, taints the confidence in the project.
it does not matter if Rossmann can or cannot be targeted technically. The issue here is not technical but a reputation issue. > The updater app is pretty easy to read through. I think a software developer would be able to understand it. The update servers' setups are also very easy to understand. It doesn't take a software developer genius to figure these things out. Even then, it could be argued that the rules in place could be changed to introduce malicious exploit if the lead dev(s) were motivated enough.
Especially given GOS relatively top-down structure, relying essentially on a benevolent dictator.
Even if I made the effort, then ascertain there was no vector attack, now I have to stay on alert every commit / release version and spend as much time looking for a targeted exploit ? etc...
Update server setup might be clean, but an admin could SSH or gain access in some way or another and do rogue changes, were they determined enough.
The probability is not zero. Again, the problem is eroding the trust of the specific user (Rossmann in this case). | | |
| ▲ | other8026 13 hours ago | parent [-] | | There are a couple of comments in response to my own saying basically the same thing, so I'll do the same... Rossmann shouldn't be excused for making his harassment video about Daniel because he doesn't understand how things work. Anyone who bothers to think about it for a moment would understand that someone who had been swatted 3 times by a crazy person spamming community chat rooms with illegal content would be extremely upset. Someone tried to _murder him_ and was trying to destroy the project, and then this video comes out leaking a private chat, and Rossmann portrays him as crazy? Rossmann knew what was happening and then his first thought was to start recording? How is that justifiable? You confessed you are a Rossmann fan in another comment, but even a fan should be able to see what had gone on here... And you are defending the inaccuracy in his video saying he's afraid of being targeted when it's not even possible, and your excuse for him is that he doesn't understand. There is no excuse for his video in the first place, but to also add this falsehood that he even can be targeted is extremely damaging for a project prioritizing privacy and security. And yet even though I'm sure he knows this now, as far as I know he hasn't retracted what he said. I don't think he cares about accuracy. Among other things, he's a YouTuber and he got views and attention, so I guess he got what he wanted at the expense of someone else during an extremely trying time. I don't think that's justifiable, I think it's scummy. |
|
|
|
| |
| ▲ | gf000 a day ago | parent | prev | next [-] | | This is on a level of "5G causes autism" understanding of the topic. Maybe learn how reproducible builds and cryptographic signatures work. | | |
| ▲ | Andromxda a day ago | parent [-] | | > This is on a level of "5G causes autism" understanding of the topic That sums it up perfectly |
| |
| ▲ | other8026 2 days ago | parent | prev [-] | | Wow. Reading and responding to your comments in this thread, I can see you are very motivated to trash GrapheneOS and its founder. > Well, he can do everything to your phone, software and data by pushing software updates. Other developers are doing the bulk of development work these days, so this is nonsense. > Paranoia could result in just making the system more secure, but why not add a backdoor to find the spies in your userbases that communicate with the black suited men that secretly run our government? Again with the baseless claims that he's crazy. Your argument here is that "he is crazy, so maybe this happens too." It's nonsense. There are no backdoors, and if there ever were any backdoors, they would be found. GrapheneOS isn't some small project that nobody knows about. It's famous for being very secure, even famous people have said publicly that they use it or others should use it. Cellebrite cannot even hack into it. Backdoors wouldn't go unnoticed. This is also nonsense. | | |
|
|
|
