| ▲ | roughly 4 hours ago |
| Graphene is not a consumer brand and they do not intend to be a consumer brand. They do one thing: make as secure a phone OS as they can. That’s it. If you’re expecting them to do anything in a friendly way, it ain’t gonna happen, that’s not who they are or what they do. That will absolutely limit their scope and reach, but it also allows them to focus on the one thing they’re trying to do without making compromises. For contrast, Signal is a very secure messenger which also wants to be user friendly so as to get the largest user base they can, which leads to all kinds of compromises - everything that’s come out that looks like a vulnerability in Signal originates in some feature or capability added to make the product more user friendly. Graphene will not make those trades. Neither approach is de facto right - they spring from fundamentally different philosophies on how to maximize user safety, and both have been extremely successful in their missions, but you’ve gotta recognize what you’re looking at when you look at Graphene. |
|
| ▲ | ryandrake 3 hours ago | parent | next [-] |
| > They do one thing: make as secure a phone OS as they can. That’s it. If you’re expecting them to do anything in a friendly way, it ain’t gonna happen, that’s not who they are or what they do. These things are not mutually exclusive: You can make a great technical product while being friendly. You can make a great technical product while not being friendly. You can make a compromised or flawed technical product while being friendly. You can make a compromised or flawed technical product while being unfriendly. This comes up pretty often in other HN threads, unrelated to Graphene. There's this weird personality type who insists that they aren't legally obligated to be friendly or nice or pleasant, therefore it's fine for them to be unfriendly or jerks or unpleasant. |
| |
| ▲ | HybridStatAnim8 28 minutes ago | parent | next [-] | | GrapheneOS needs to defend themselves. If there were less attacks, there would be more friendly interactions. They dont currently have much a choice in sounding neutral and objective, due to the attacks. | |
| ▲ | abnercoimbre 3 hours ago | parent | prev | next [-] | | As a community organizer for systems programmers: welcome to my world! I've finally made some headway after a decade, helped by the mass layoff apocalypse. (Turns out social skills help you stay solvent.) | |
| ▲ | 1attice 3 hours ago | parent | prev [-] | | Actually, you can't make a great product if you've alienated your allies, because all successes are intrinsically social, from the iPhone to Python to even the processor itself. Going it alone is that nineties libertarian romanticism, a persistent self-destructive tendency that in present market conditions is unsustainable | | |
|
|
| ▲ | HybridStatAnim8 30 minutes ago | parent | prev | next [-] |
| Well thats not true. There is little time to be friendly when they have to defend themselves so much. That doesnt mean they dont want to be. |
|
| ▲ | orblivion an hour ago | parent | prev | next [-] |
| It's not just about being friendly. If they have a bubble around them of employees, true believers, and people just afraid of speaking out that chills free expression of criticism, the truth has trouble getting out, which hurts trust. Still a user though. |
| |
| ▲ | HybridStatAnim8 26 minutes ago | parent [-] | | GrapheneOS is open to all criticism. The issue is what is called criticism is often actually an attack that is trying to be downplayed or disguised. | | |
| ▲ | orblivion 15 minutes ago | parent [-] | | Maybe true, but but the flip side is that sometimes what is called an attack is actually criticism. That's how it appears to a lot of us from the outside. |
|
|
|
| ▲ | fwipsy 4 hours ago | parent | prev | next [-] |
| If they were doing that one thing, they would not have posted this. It's fine not to market to consumers, but this raises additional concerns about the founder's judgement. Someone else claimed that they deleted update signing keys for copperhead devices. That's seriously concerning if true; possibly bad enough to switch away from grapheneOS. |
| |
| ▲ | microtonal an hour ago | parent | next [-] | | He deleted the signing keys because it looked like the other owner of Copperhead OS wanted to make the signing keys available to government agencies and/or criminal organizations. He deleted the signing keys to protect their users against malicious updates, which is the right thing to do and should increase trust in him and the project. It's worth actually reading the linked post. Relevant segment: In 2018, matters between Micay and Donaldson came to a head over Donaldson’s desire to pursue business deals with criminal organizations, and his attempts to compromise the security of CopperheadOS, including by proposing license enforcement and remote updating systems that would allow third-parties to have access to users’ phones. As part of this process, Donaldson began to demand that Micay provide Donaldson with the “signing keys” - i.e. the credentials required to verify the authenticity of releases of CopperheadOS. Donaldson advised that, in order to secure certain new business, potential customers required access to the Keys. The keys had been in continuous use by Micay, in his personal capacity, since before the incorporation of Copperhead. However, more importantly, any party with the keys could mark malicious software as “authentic”, and thereby infiltrate devices using CopperheadOS. Micay was unwilling to participate in that kind of security breach. Since Donaldson had control over certain infrastructure for the open source project, he would be able to incorporate (or hire others to incorporate) the privacy-damaging features described above for all future releases of CopperheadOS. Micay therefore deleted the keys permanently and severed ties with Copperhead and Donaldson. | | |
| ▲ | fwipsy 7 minutes ago | parent [-] | | Ah, thanks for setting me straight. That's reassuring. I think I would still have more respect and trust for GrapheneOS if they either didn't respond, or struck a more neutral tone; but that's more subjective. |
| |
| ▲ | HybridStatAnim8 24 minutes ago | parent | prev | next [-] | | Lol, no. Micay has never concealed this information, it has been publicly accessible on the GrapheneOS website for years. Deleting signing keys under threat of a hostile takeover is the mature thing to do. Would you rather them not have done that and compromise their users? Obviously not. | |
| ▲ | joyous_limes an hour ago | parent | prev [-] | | [dead] |
|
|
| ▲ | ekjhgkejhgk 37 minutes ago | parent | prev | next [-] |
| It's not about friendliness, it's about trust. Everybody else on this thread understood this. There's many examples of people being unfriendly and still coming across as someone of character, Linus Torvalds comes to mind. |
|
| ▲ | antonvs 3 hours ago | parent | prev [-] |
| I’d prefer that the people behind an OS I’m using on important devices be stable, for hopefully obvious reasons. |
| |
