I'd like Heraclius's (7th c. Byzantine emperor?) post to get addressed. The other thread where he asked it got locked down since there was concern it might get political.

So staying political free, please address this concern. Is grapheneos able to guard against it:

With open source projects like Graphene, the Feds don't need to pressure Graphene, they can simply fork it into their own honeypot like the FBI and AFP did with ArcaneOS. Governments rely on the security of projects like GrapheneOS and Signal for their own operations, so why would they want them to be compromised? It's probably in their own interests to finance forks with backdoors for their targets and use the real thing in their own projects.

Thank you.

    Your title "Feds forking to penetrate" doesn't make sense.

    Forking an open source project means taking a copy of our code and adding to it.

    If anyone wants to do that, it's perfectly fine to do that, as long as the license is respected.

    The reason why I think your concern doesn't make sense or why you misunderstood that statement is because you're asking how GrapheneOS "guards" against it. The question is, guards against what?

    It sounds like you think that someone forking GrapheneOS and making their own version of it can somehow affect the code in the actual GrapheneOS project, which isn't the case.

      • [deleted]

      CodexAG I don't know what to address.
      As stated in the quote, there is nothing stopping anyone from forking GrapheneOS maliciously.

      matchboxbananasynergy ok thanks. Seems to make sense. Heraclius, if you're here, does that alleviate your concern?

      I thought it was a good point to get clarification on...

      This is a legit concern and is most likely already in the happening, there is a grapheneOS fork going around here in w Europe (forgot to the name) which is most likely a fed operation or at least I suspect it since some dealers involved in the arcaneOS / Anon phone are again reselling these phones.

        Hathaway_Noa I'm hoping the majority of people have good practice and flash GOS themselves, so there should be nothing to worry about.

        Hathaway_Noa This doesn't make sense as a "concern".

        If you're getting GrapheneOS (or what you think to be GrapheneOS) from unofficial sources, that's on you, or the person doing that.

        Time and time again we've recommended that people buy a Pixel and use the installer on the website.

        Even if you don't do that, we offer multiple ways to confirm you're running legit GrapheneOS.

        The "threat" posed in OP just isn't a thing, they misunderstood what it means to fork a project.

        • Edited

        I'm agree with @matchboxbananasynergy, an open-source project can't prevent the creation of malicious forks and can't prevent unsuspecting people from using them, so if someone decides to install an unofficial GrapheneOS fork from an unofficial repository/website, then it's their responsibility.

        It reminds me a bit of a time when I saw people complaining on forums that they had installed malware / trojans because they had downloaded files from unofficial sources and the files were compromised / wormed.