• Announcements

  • Response to dishonest attacks on the GrapheneOS project by Robert Braxman

I watched his video "Client Side Scanning" and it's terrible the harm he create on the privacy community.

People literally telling him thank you for a lie and how they are excited to buy his brax phone in the comments lol

All his marketing is on how big tech companies are bad and evil in everything they do. It's exactly what most of the people want to hear.

I don't think there is much to do right now to prevent him to spread fake news. If 500k subscribers want to swallow his words depiste the false information he's providing then it's up to them.

While you are angry because of him attacking the seriousness of the project and spreading fake news, he's enjoying his YouTube money and soon will sell his insecure phone to hundreds people if not thousands. This dude only care about making money, nothing less, nothing more.

That's why I'm telling you, it's not worth it. Let people find the truth themselves.If they want it, they will find it.

raccoondad Thank you for bringing this up! I work with a chat service that uses PhotoDNA to scan user uploaded photos. As far as I understand, because of false positives, if our image scanner ever catches something, we need to verify the report by hand before sending it to the NCMEC.

It makes no sense for the NCMEC to push PhotoDNA onto everyone's devices for offline scanning reports.

NCMEC is fairly closed off all things considered. As I said, working with them requires me to work with a separate child abuse prevention organization. I really doubt they would want millions of reports from offline devices with an API that could easily be exploitable.

This is why I imagine reports only start coming in AFTER its been uploaded to a google service like Drive or YouTube.

I am uncertain what you are trying to say here, but if you are an EU citizen you are probably familiar with the mandatory chat control provisions that was/are attempted to be added to the Child Sexual Abuse Reporting EU law, that mandates AI based client side scanning with automatic reporting on all end-to-end encrypted communication apps. Apple also voluntarily attempted to add something similar to iOS a few years ago, which also included scanning photos and videos stored locally on your device.

This is what @GrapheneOS was referring to as greatly violating people's privacy. It is very different from an internet website using PhotoDNA or similar. PhotoDNA is basically just a moderation tool, that helps automating the moderation that all websites are legally and ethically obligated to carry out anyway. PhotoDNA does not pose any threat to privacy, just as a human moderator reviewing all publicly uploaded content manually instead also wouldn't do.

But governments and even individual companies are trying to push these AI based CSAM scanners out to the individual devices, and start scanning content that actually is private, including content in private end-to-end encrypted chats, private end-to-end encrypted cloud storage, or even files stored locally on your device. These AI based scanning technologies are not just going to be used to scan content uploaded publicly to websites anymore. This is a huge threat to privacy, and a very real threat right now, which is why everyone are on their toes about this. Ironically it is even especially a threat to the privacy of the children these laws and technologies are supposed to protect, who now risk having their private sexual pictures sent to some random adult at some random government. There is also a huge worry about where it will stop. Governments weren't slow at starting to suggest other usages of this client side scanning, far beyond trying to detect online child abuse.

In the end, and what I think the GrapheneOS account was also trying to get at, is that it isn't the AI based scanning or even that it happens on your device that is the problem, it is automatic reporting of illegal content that is the problem. Blurring unwanted nudity in messages sent to you is a feature I think many would want to have. And Apple changed their mind and instead choose to use their AI scanning to warn children when they are about to send a naked picture of themselves to someone about the risks that might pose to them, so they can make a better informed choice. These applications have absolutely zero privacy risks, and also does not risk violating the rights of any group, including children's.

      GrapheneOS Braxman's attacks on GrapheneOS aren't limited to spreading technical misinformation. He regularly focuses on attacking the team behind it including supporting harassment content and fabricated stories about us. That includes Braxman supporting harassment from Kiwi Farms members.

      GrapheneOS

      I have seen Braxman quote n quote "spreading technical misinformation" about phone, GOS and other things. I'll more called it American snake oil salesman or tinfoil/boomer takes.

      But I never seen him harass anybody or maybe we have a really different definition of harassment. And It is hard to believe that Braxman is supporting harassment from KiwiFarms. I don't think Braxman even know what KiwiFarms is.

            null You're simply wrong and can be easily proven wrong. He has directly participated in the harassment towards our team after we debunked his fabrications about GrapheneOS. He spread harassment material from a Kiwi Farms user because of it. Whether or not he understands what Kiwi Farms is, he has seen their harassment content targeting us and chosen to spread it on multiple platforms.

              So when he said "SafetyCore does the client side scanning itself", is it false?

                Kira902 Braxman said GOS lied about it but what reason are there for GOS to lie about it? In the same article GOS also said the SafetyCore would not be included in the operating system. Lying about a software that won't be included in your operating system doesn't make sense

                  Well, Rob Braxman is a barely coherent mental midget. I am not surprised that he is drowning in a sea of confusion.

                  This guy could not be paid by a communist country. Never. xD

                  grayway2 absolutely agree with this comment.

                  Graphene do not need to react. Untill yesterday i don't know who is that brax guy ... The only thing i know is that some forensic guys are pissed cause oft graphene OS :) but they don't talk bad about graphene OS

                    Kira902 Braxman is fabricating a bunch of nonsense about what this component does. It does not implement client side scanning on behalf of a service. It has no way to report things to a service. It cannot detect illegal content, which is not part of what it implements. It has no way to detect CSAM. It does not have access to your data itself, which is plainly visible from the access it's granted in the app sandbox. It solely provides local ML models via an API for apps to send data to it. Everything it can be used to do could already be done by apps without it by simply shipping an ML model for local usage themselves. The app that's currently using it, Google Messages, solely uses it to provide local warnings and optionally blurring nudity with a dialog to view it. Aside from all this, closed source apps can still be inspected/reviewed since you still have the code which runs on the device and it's largely Java/Kotlin that's very easy to read from the compiled code. We regularly do that to determine how things work and implement alternatives to it or provide compatibility with it.

                      @Roger You can read about the failed takeover attempt on GrapheneOS in 2018 via https://grapheneos.org/history and https://grapheneos.org/history/copperheados. GrapheneOS is the original open source project we started in 2014 and there has never been a successful takeover on it. You're misinterpreting us withstanding an aggressive attempt at coercing us into turning over the project and our keys to a company as that succeeding. It did not succeed and that's why the project is still around. Most the attacks on GrapheneOS and harassment towards our team were originally started by these people and then others supporting them including Henry Fisher (Techlore) who was then supported by Louis Rossmann and his friends at Kiwi Farms. Braxman has regularly spread the fabricated stories and harassment material from these people as part of attacking us to promote his scam products.

                        GrapheneOS

                        Louis Rossmann and his friends at Kiwi Farms

                        You know that it's a very big accusation, right? Do you have any proof for these claims?

                            other8026 i just found it and I have to say: that's really bad! I think there should be some kind of warning on the forum to make people stay away from the FUTO products.

                              Some commenters in this thread think the project should comment less on non-technical issues with certain parties, while other commenters think the project should issue more such warnings. That seems like a delicate balance at best!

                                • c86

                                  • Post #50

                                  de0u

                                  Ya, when teaming takes hold it can get dicey. I certainly see both sides of desired responses.

                                  Personally, I prefer a more academic response - here's the claim/misinformation, here's what it does within Android/AOSP, here's how GOS handles it and why it may/not be an issue.

                                  Just keeps it clean for everyone to understand and helps users increase their knowledge base overall.

                                    de0u

                                    Yes I do understand what you mean but there is a lot of negative energy unfortunately around this subject.
                                    The whole Internet (Social media) is a big sh...t hole.

                                    I should say stay focused on this fantastic project and I hope that the DEV team will keep up the good work and find the inspiration they need.

                                      Before GrapheneOS (I'm still a super newbie at it), I watched his content and was wanting to buy one of his phones. After I saw the phone price tags alongside the cost of his other products/services, I decided to look elsewhere since it was out of my price range... I'm so glad I didn't buy any of his things LOL Instead, I invested in a Pixel phone and put GOS on instead. No regrets! Just a learning curve, but it's been a hobby challenge I like learning about. ^__^

                                      TL;DR: I seriously appreciate this post and am GrapheneOS all the way investing in a Pixel instead spending on these scams. lol

                                      ryrona

                                      "In the end, and what I think the GrapheneOS account was also trying to get at, is that it isn't the AI based scanning or even that it happens on your device that is the problem, it is automatic reporting of illegal content that is the problem"

                                      I was referring to the latter half, while what you said is all fair and good, I was talking about "and multiple false positives would exist" not the privacy violation part. I have a feeling NCMEC makes it hard to file reports outside of the standard tipline because of false positives and similar concerns

                                        Braxman is continuing to double down on dishonest rants about GrapheneOS and targeting our development team with fabricated stories and harassment content. We're working on a detailed article going into detail exposing his products/services as highly insecure and non-private scams along with exposing his content as being filled with blatant fabrications. His continued dishonest attacks on us are being archived and can also be talked about. This post we made about it is completely insignificant compared to what's on the way. He's participating in extreme Kiwi Farms harassment which is plainly visible on his social media accounts, mainly on his own privacy unfriendly social media site. It will all be dealt with via a detailed article about him which can be expanded to cover he business partners. Lots of progress is being made on the article and we'll continue improving it after publishing it.