Response to dishonest attacks on the GrapheneOS project by Robert Braxman

koyu · 20 Feb

I want to express my full support for GrapheneOS as a project and my complete disdain for Robert Braxman’s fabrications and misleading claims regarding privacy and security.

GrapheneOS is one of the most important projects in the realm of digital privacy and security. It is built by experts who understand the complex nature of modern security threats, and it consistently delivers robust, well-researched, and transparent solutions for users seeking true privacy. The developers behind GrapheneOS prioritize actual security over marketing gimmicks and have proven their commitment to transparency and open-source principles time and time again.

On the other hand, Robert Braxman has built a following by spreading misinformation and promoting products that offer a false sense of security. His business model relies on fear-mongering and preying on those who are less technically inclined, misleading them into purchasing devices and services that are, in reality, insecure. His attacks on open-source projects like GrapheneOS, Signal, and other legitimate privacy tools are not only baseless but actively harmful to the privacy community.

I was subscribed to his YouTube channel for a while and initially thought he had useful insights. However, after revisiting his content, it became abundantly clear that he is an absolute prick, constantly distorting facts and misleading his audience. His key tactic is taking real concerns about privacy and security and mixing them with wild, inaccurate claims. He portrays himself as a privacy expert while demonstrating a deep misunderstanding of the very concepts he discusses. His fear-driven narratives about AI and surveillance push people towards his insecure products, making them less safe rather than more secure.

His recent misinformation about client-side scanning and GrapheneOS is yet another example of his consistent pattern of deceit. Instead of presenting facts, he distorts reality to fit his agenda, attacking those who actually work to improve privacy and security for everyone. The fact that he has partnered with individuals like Dominic Gingras—who has a long history of profiting from selling insecure devices under false pretenses—only further exposes the level of deception at play.

Braxman’s harm extends beyond technical misinformation. His support for harassment campaigns, including content from Kiwi Farms and other toxic sources, shows a complete lack of ethics. No legitimate privacy advocate would engage in such behavior. The damage he does to the privacy community by spreading false claims and attacking trustworthy projects cannot be overstated.

I strongly encourage anyone who values privacy and security to do their own research and listen to real experts. GrapheneOS has a solid track record of transparency, rigorous security practices, and commitment to user privacy. Braxman, on the other hand, has proven time and again that he is nothing more than a grifter looking to exploit fear for profit.

The privacy community must reject misinformation and support projects that truly advance security. GrapheneOS is a vital tool for those who care about digital privacy, and it deserves our full backing against baseless attacks from individuals like Braxman.

Xtreix · 20 Feb

koyu And Rob Braxman is far from the only scam artist with a loyal following, in fact, a large part of the mainstream media, blogs, press, social networks, etc. is infected with misinformation and nonsense about security and privacy. Finding good sources takes research and hard work.

Eejns · 20 Feb

Xtreix Fully agree. Unfortunately, trying to combat misinformation is a losing battle. It's quick and easy to think up misinformation and spread it around. It takes time to produce well-researched and verified information. By the time you've refuted the misinformation, they're already on to the next thing.

I don't know what the solution is. This is all to say I feel for the GOS team. I'm sure it sucks hard to put so much work into something and have someone else tear into it for no good reason.

BaronAfanas · 20 Feb

ejns You did well enough in this thread that I unfollowed Braxman on YouTube.

Ddrtweakllc · 20 Feb

Who are considered as reliable security & privacy experts?

Xtreix · 20 Feb

ejns Well, Mark Twain said that while lies can go around the world, truth is busy tying its shoes, so yes, it's complicated, especially as long as it's been going on. That said, I don't want to think that it's a losing battle, at least keep trying, get well informed and don't fall for scams.

drtweakllc Who are considered as reliable security & privacy experts?

In no particular order, I can mention Daniel Micay, Bruce Schneier, Brian Krebs, Moxie, Jason A. Donenfeld, Tavis Ormandy, Madaidan, Josh from Side of Burritos, Wladimir Palant, David Weston etc.

Here some good sources :

https://github.com/beerisgood
https://netrunner.academy/
https://palant.info/

HH7oUt · 20 Feb

I think such misinformation about GOS warrants either the first or both actions below:

No comment
Lawsuit

If a fictional living person Bob is delusional to a point of accusing someone that they killed Bob, while Bob is very much alive and making such insane accusations, then there is no need to respond to Bob due to the rest of people recognizing Bob is wrong. The same way GOS does not need to defend itself against ridiculous accusations because insanity of such accusations is too obvious. Be pro-active, not re-active.

raccoondad · 20 Feb

GrapheneOS "It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users."

Everyone has been saying its actually 1984 big brother digital data harvesting that checks all your nudes and uploads it to your Google Drive.

As much as I dislike data harvesting and similar practices, its also scary how much people lie on the practice... I feel like everyone is trying to sell you your privacy even when their products solve an issue that doesn't exist

raccoondad · 20 Feb

GrapheneOS "That would greatly violate people's privacy in multiple ways and false positives would still exist."

Thank you for bringing this up! I work with a chat service that uses PhotoDNA to scan user uploaded photos. As far as I understand, because of false positives, if our image scanner ever catches something, we need to verify the report by hand before sending it to the NCMEC.

It makes no sense for the NCMEC to push PhotoDNA onto everyone's devices for offline scanning reports.

NCMEC is fairly closed off all things considered. As I said, working with them requires me to work with a separate child abuse prevention organization. I really doubt they would want millions of reports from offline devices with an API that could easily be exploitable.

This is why I imagine reports only start coming in AFTER its been uploaded to a google service like Drive or YouTube.

raccoondad · 20 Feb

GrapheneOS reading up on brax.me

"Hope that the server doesn't store the encryption key."

Are they really saying that the 'end to end' encrypted chat uses a key exchange that exposes the private key to the server....alright then

Very bad shit, I agree. Thank you GOS <3

Nnull · 20 Feb

Well I 100% agree that Robert Braxman is a scam artist but damn you lossed me in the last part.

GrapheneOS · 20 Feb

null Don't know what you're referring to.

AlanZ · 20 Feb

Xtreix
Also:

Matthew Daniel Green
Joanna Rutkowska
Ivan Krstić
Patrick Wardle

Aardaebert · 20 Feb

Sad that the team must make Statements for such clowns. Cant believe that people really believe the BS.

Bburningpaper27 · 21 Feb

It doesn't have to be the intention of marketing their own product as a disguise; it could be intended to be the face or the influencer of online privacy, so whatever happens, people go to his channel for whatever purpose it may be.

Ggrayway2 · 21 Feb

GrapheneOS I guess it's Daniel speaking for GrapheneOS.

We the people who support and love the GrapheneOS project understand that you are tired of all this harassment.

Some people don't like the truth because it can reveal all the lies they're spreading around them.

As of today, GrapheneOS is the only serious hardening project based on AOSP after the retirement of the one-man behind DivestOS.

Michael Bazzell a former FBI agent believe that GrapheneOS is the optimal operating system for a mobile device, so do I.

In the Android support matrix from the leak of April 2024, Cellebrite the world leader in mobile phone data extraction specifically mentionned GrapheneOS and we know what it means.

You don't need to give a response to Braxman. Use your precious time to focus on GrapheneOS and the people you love.

By waisting your time with them, you are also worsening your health time after time and you don't want that, you don't need it.

Eejns · 21 Feb

Xtreix Don't get me wrong - I certainly believe it's a fight worth fighting. Users like us amplifying the trustworthy sources is likely a big piece of the puzzle.

Of your list, I only know of Daniel Micay and Brian Krebs - I'll give the others a look as well!

Tthat_guy · 21 Feb

Xtreix In no particular order, I can mention Daniel Micay, Bruce Schneier, Brian Krebs, Moxie, Jason A. Donenfeld, Tavis Ormandy, Madaidan, Josh from Side of Burritos, Wladimir Palant, David Weston etc.

What do we think about Nadim Kobeissi? I feel like legit but he has been critical of Signal: https://xcancel.com/kaepora/status/1810613043685888399#m

ayaen · 21 Feb

The people who are getting worked up about the possible detrimental effects this kind of "reaction" posts can have to
the image of GrapheneOS: well yes the ones responding will get tired and yes they can spend their time in better ways.
But guess why they are the ones who have to write these responses time and again for all the misinformation going on?
Guess?

It is because we, the peanut gallery aren't doing anything ourselves except wring our hands when the team actually posts a rebuttal.

"Daniel Daniel - Legal action, your health... yada-yada" is not helping anyone. Certainly not him.

It has been our experience that leaving people to spread their misinformation doesn't help. If Mr. Braxman is seen
as having the last word in any public space of discourse(or rather that cesspool called X) then your imagined gains
in mental health and developer productivity actually don't exist. It means just more people consume their discourse
and move on. Or worse bring those same talking points to our various community media. People like you who already
probably are using GrapheneOS are different from those who aren't. Hell, I can't really tell whether i would have fallen for
Mr. Braxmans lies years back. It is easy to forget our own naivety and imagine everyone knows the best. It is also easy to
be complacent and forget that Mr. Braxman still posts video 'cause[drum rolls....]
people still consume them.
He has 560k subscribers, upwards of 30k views on his latest videos. That's more views than subscribers to the very sober, professional YouTube channel Side Of Burritos run by a friend of GrapheneOS.
That is an awful lot of impact for someone like Mr. Braxman.

If you really want the project to stop posting these, then I suggest to those of you who can do your due diligence
and take them misinformation posts apart in your own time. It does not help when the man has to do all these posts and
we watch and patronizingly give him advise on the problem while not doing much.

Xtreix · 21 Feb

that_guy I didn't know Nadim Kobeissi and I honestly don't really have an opinion on the debate because I don't use the desktop version of Signal and don't recommend it.

Now, I'd say Molly and SimpleX are doing better, for me the days when Signal was necessarily number 1 are over, but it's still a very solid choice especially for the general public.