> They "handle the business" while someone else does 99% of the actual work, then ask to split 50/50.

As a response, Micay decided to destroy the update signing keys for all the CopperheadOS devices out in the wild. Resulting in financial damages to Donaldson.

Hardly a level-headed response, even if you disagree about the financial share of something.

My gut feel is that Micay is genuine, and obviously also very defensive.

At least some of the defensiveness is warranted. Maybe most of it. Regardless, it comes across in most GrapheneOS communications, and it's sometimes counterproductive.

A related issue, which I'm sure Micay can appreciate, is that users of GrapheneOS tend to be cautious, and increasingly will want to know why the project should be trusted, now that it is popular and on a lot of radars of adversaries.

(For example, hypothetical scenario that's plausible, given the incentives: State actor (e.g., RU, US, CN) or organized crime group long-con starts with a public harassment campaign of Micay. Followed by sleeper volunteers taking more control of the project, initially under the pretext of helping insulate Micay from harassment, and taking some of the load off. Later maybe even impersonating Micay. Now the threat actor has backdoors to a large number of especially privacy/security-conscious parties, including communications, 2FA, location, cryptocurrency wallets, internal networks where those people work, etc.)

I think it probably hasn't been compromised like that, but it's an obvious real possibility, and IMHO, until GrapheneOS is more transparent, some natural users of GrapheneOS are going to consider iPhone relatively "the devil you know".

Again, I think Micay is genuine, and I'm a fan of the project and appreciate it. And I hope the project understands that's compatible with critical thinking about infosec, and doesn't take personal offense at that.

(Source: Am long-time GrapheneOS user, and have donated.)

Personally, I like that they come across as a little paranoid. That's exactly the attitude I want in the people protecting my privacy and security. I hope the developers lie awake at night, unable to fall asleep because terrified that someone somewhere is plotting to attack and exploit them

When Louis Rossmann thinks your communication has a problem with going on rants, it must be pretty out there.

> However, and as Louis Rossmann pointed out in one of his videos, they really need to work on the "defensiveness" and "rants" of their communication

Not that I disagree but Louis Rossmann giving someone advice to tone down the rants is ironic.

Have you considered that the smooth-talking "mature" and "professional" people are more likely to sell your data to advertisers at the first opportunity?

It would be interesting if there were a state sponsored effort to discredit a project that helps some people keep their communications private.

Being "right" shouldn't excuse bad behavior, especially if you depend entirely on a community to survive, which we all do.

It's a personality type / disorder (pick your poison). There's no hope for change. Programming seems to attract such people, because they are fixated on being right and proving that they are right. I know a few more examples. My common sense policy is - if the software these types produce works for me, I will be using it, but I will never allow myself to be dependent on it. That kind of person will gladly burn their own house to the ground, with everyone in it, if that's what's required to prove their truths or maintain some kind of intellectual purity.

> I'm more concerned that Signal incorporated in US is having easy life.

To add - ironically, it was Durov (Telegram founder) who got arrested in Paris.

Evidence?

(I know one historical connection that looks suspicious, but it could be explained by the fact that prestigious social network graphs in the US tend to be incestuous, and a closely-connected world.)

Citation needed

That archive.ph link has a nasty captcha I can't seem to pass with regular Chrome nor Firefox. Is there a mirror of that mirror?

Graphene is not a consumer brand and they do not intend to be a consumer brand. They do one thing: make as secure a phone OS as they can. That’s it. If you’re expecting them to do anything in a friendly way, it ain’t gonna happen, that’s not who they are or what they do. That will absolutely limit their scope and reach, but it also allows them to focus on the one thing they’re trying to do without making compromises.

For contrast, Signal is a very secure messenger which also wants to be user friendly so as to get the largest user base they can, which leads to all kinds of compromises - everything that’s come out that looks like a vulnerability in Signal originates in some feature or capability added to make the product more user friendly. Graphene will not make those trades.

Neither approach is de facto right - they spring from fundamentally different philosophies on how to maximize user safety, and both have been extremely successful in their missions, but you’ve gotta recognize what you’re looking at when you look at Graphene.

> Something along the lines of "you know regardless of whether or not you're factually correct, these public attacks on other people companies are really bad for your image"

Sometimes they aren't even factually correct and get a bit upset about it when called out.

Anyways, I have gotten the same impression and these seem like red flags to me as well.

Which is why I'd take everything in that response with a mountain of salt (and I'd pay attention to what they're not saying).

More context on experiences with Micay[1]. Also went on long rant at Louis Rossmann[2] in an very knee-jerk tone, which led Rossmann to stop using it despite being a long-term advocate for GOS, due to trust issues. Likewise I don't doubt they're talented.

[1] https://news.ycombinator.com/item?id=36089104

[2] https://www.youtube.com/watch?v=4To-F6W1NT0

>I don't claim that anything on their post is factually wrong, I have no idea.

Then why are you blathering on like a cheap quantized model? Wouldn't silence be more prudent?

One of the main criteria to differentiate "rants" from "correcting falsehoods" is proper citing of sources. In the case of Grapheneos, unfortunately I often see very few sources in what they post online.

(But, if you ignore the rants, that's a fantastic OS.)

Do you have a link to the mastodon interaction where they threatened you with legal action?

I ask because I'd be pretty disappointed in GrapheneOS over that kind of thing and it'd probably at least partially change my opinion of them, but it's better to validate these types of serious accusations and get the full context.

"They have a long history of long rants attacking people and projects" in response to a long post...

You are very much saying that OP is an attack post.

Or at least implying the point that it is tonally dissonant to claim otherwise.

If you didn't believe it was wrong you would comment on the post but you are explicitly avoiding doing that.

Do you have links to #2

I'm a former Copperhead customer and GrapheneOS user.

Daniel Micay has a history of absolutely unhinged behavior online to the point that 2.5 years ago community backlash to his public behavior basically forced him to step down from leading the project.

Great project. It's hard for me to say if things have gotten better or worse since the change, but at the very least things had been quiet and drama-free for a few years. Finally.

Until today that is.

Is there a similarly bombastic take on Motorola somewhere?

#1 imo is the fact that some orgs are resilient to libel, and some are heavily affected. If someone is lying about your security protect in order to harm your reputation, I don't find it odd to respond with some zeal.

#2 on the other hand sounds unhinged, though no source is provided. Threatening legal action for broad criticism of project management is wild.