• Announcements

  • Response to dishonest attacks on the GrapheneOS project by Robert Braxman

The people who are getting worked up about the possible detrimental effects this kind of "reaction" posts can have to
the image of GrapheneOS: well yes the ones responding will get tired and yes they can spend their time in better ways.
But guess why they are the ones who have to write these responses time and again for all the misinformation going on?
Guess?

It is because we, the peanut gallery aren't doing anything ourselves except wring our hands when the team actually posts a rebuttal.

"Daniel Daniel - Legal action, your health... yada-yada" is not helping anyone. Certainly not him.

It has been our experience that leaving people to spread their misinformation doesn't help. If Mr. Braxman is seen
as having the last word in any public space of discourse(or rather that cesspool called X) then your imagined gains
in mental health and developer productivity actually don't exist. It means just more people consume their discourse
and move on. Or worse bring those same talking points to our various community media. People like you who already
probably are using GrapheneOS are different from those who aren't. Hell, I can't really tell whether i would have fallen for
Mr. Braxmans lies years back. It is easy to forget our own naivety and imagine everyone knows the best. It is also easy to
be complacent and forget that Mr. Braxman still posts video 'cause[drum rolls....]
people still consume them.
He has 560k subscribers, upwards of 30k views on his latest videos. That's more views than subscribers to the very sober, professional YouTube channel Side Of Burritos run by a friend of GrapheneOS.
That is an awful lot of impact for someone like Mr. Braxman.

If you really want the project to stop posting these, then I suggest to those of you who can do your due diligence
and take them misinformation posts apart in your own time. It does not help when the man has to do all these posts and
we watch and patronizingly give him advise on the problem while not doing much.

that_guy I didn't know Nadim Kobeissi and I honestly don't really have an opinion on the debate because I don't use the desktop version of Signal and don't recommend it.

Now, I'd say Molly and SimpleX are doing better, for me the days when Signal was necessarily number 1 are over, but it's still a very solid choice especially for the general public.

    I watched his video "Client Side Scanning" and it's terrible the harm he create on the privacy community.

    People literally telling him thank you for a lie and how they are excited to buy his brax phone in the comments lol

    All his marketing is on how big tech companies are bad and evil in everything they do. It's exactly what most of the people want to hear.

    I don't think there is much to do right now to prevent him to spread fake news. If 500k subscribers want to swallow his words depiste the false information he's providing then it's up to them.

    While you are angry because of him attacking the seriousness of the project and spreading fake news, he's enjoying his YouTube money and soon will sell his insecure phone to hundreds people if not thousands. This dude only care about making money, nothing less, nothing more.

    That's why I'm telling you, it's not worth it. Let people find the truth themselves.If they want it, they will find it.

    raccoondad Thank you for bringing this up! I work with a chat service that uses PhotoDNA to scan user uploaded photos. As far as I understand, because of false positives, if our image scanner ever catches something, we need to verify the report by hand before sending it to the NCMEC.

    It makes no sense for the NCMEC to push PhotoDNA onto everyone's devices for offline scanning reports.

    NCMEC is fairly closed off all things considered. As I said, working with them requires me to work with a separate child abuse prevention organization. I really doubt they would want millions of reports from offline devices with an API that could easily be exploitable.

    This is why I imagine reports only start coming in AFTER its been uploaded to a google service like Drive or YouTube.

    I am uncertain what you are trying to say here, but if you are an EU citizen you are probably familiar with the mandatory chat control provisions that was/are attempted to be added to the Child Sexual Abuse Reporting EU law, that mandates AI based client side scanning with automatic reporting on all end-to-end encrypted communication apps. Apple also voluntarily attempted to add something similar to iOS a few years ago, which also included scanning photos and videos stored locally on your device.

    This is what @GrapheneOS was referring to as greatly violating people's privacy. It is very different from an internet website using PhotoDNA or similar. PhotoDNA is basically just a moderation tool, that helps automating the moderation that all websites are legally and ethically obligated to carry out anyway. PhotoDNA does not pose any threat to privacy, just as a human moderator reviewing all publicly uploaded content manually instead also wouldn't do.

    But governments and even individual companies are trying to push these AI based CSAM scanners out to the individual devices, and start scanning content that actually is private, including content in private end-to-end encrypted chats, private end-to-end encrypted cloud storage, or even files stored locally on your device. These AI based scanning technologies are not just going to be used to scan content uploaded publicly to websites anymore. This is a huge threat to privacy, and a very real threat right now, which is why everyone are on their toes about this. Ironically it is even especially a threat to the privacy of the children these laws and technologies are supposed to protect, who now risk having their private sexual pictures sent to some random adult at some random government. There is also a huge worry about where it will stop. Governments weren't slow at starting to suggest other usages of this client side scanning, far beyond trying to detect online child abuse.

    In the end, and what I think the GrapheneOS account was also trying to get at, is that it isn't the AI based scanning or even that it happens on your device that is the problem, it is automatic reporting of illegal content that is the problem. Blurring unwanted nudity in messages sent to you is a feature I think many would want to have. And Apple changed their mind and instead choose to use their AI scanning to warn children when they are about to send a naked picture of themselves to someone about the risks that might pose to them, so they can make a better informed choice. These applications have absolutely zero privacy risks, and also does not risk violating the rights of any group, including children's.

        GrapheneOS Braxman's attacks on GrapheneOS aren't limited to spreading technical misinformation. He regularly focuses on attacking the team behind it including supporting harassment content and fabricated stories about us. That includes Braxman supporting harassment from Kiwi Farms members.

        GrapheneOS

        I have seen Braxman quote n quote "spreading technical misinformation" about phone, GOS and other things. I'll more called it American snake oil salesman or tinfoil/boomer takes.

        But I never seen him harass anybody or maybe we have a really different definition of harassment. And It is hard to believe that Braxman is supporting harassment from KiwiFarms. I don't think Braxman even know what KiwiFarms is.

              null You're simply wrong and can be easily proven wrong. He has directly participated in the harassment towards our team after we debunked his fabrications about GrapheneOS. He spread harassment material from a Kiwi Farms user because of it. Whether or not he understands what Kiwi Farms is, he has seen their harassment content targeting us and chosen to spread it on multiple platforms.

                So when he said "SafetyCore does the client side scanning itself", is it false?

                  Kira902 Braxman said GOS lied about it but what reason are there for GOS to lie about it? In the same article GOS also said the SafetyCore would not be included in the operating system. Lying about a software that won't be included in your operating system doesn't make sense

                    Well, Rob Braxman is a barely coherent mental midget. I am not surprised that he is drowning in a sea of confusion.

                    This guy could not be paid by a communist country. Never. xD

                    grayway2 absolutely agree with this comment.

                    Graphene do not need to react. Untill yesterday i don't know who is that brax guy ... The only thing i know is that some forensic guys are pissed cause oft graphene OS :) but they don't talk bad about graphene OS

                      Kira902 Braxman is fabricating a bunch of nonsense about what this component does. It does not implement client side scanning on behalf of a service. It has no way to report things to a service. It cannot detect illegal content, which is not part of what it implements. It has no way to detect CSAM. It does not have access to your data itself, which is plainly visible from the access it's granted in the app sandbox. It solely provides local ML models via an API for apps to send data to it. Everything it can be used to do could already be done by apps without it by simply shipping an ML model for local usage themselves. The app that's currently using it, Google Messages, solely uses it to provide local warnings and optionally blurring nudity with a dialog to view it. Aside from all this, closed source apps can still be inspected/reviewed since you still have the code which runs on the device and it's largely Java/Kotlin that's very easy to read from the compiled code. We regularly do that to determine how things work and implement alternatives to it or provide compatibility with it.

                        @Roger You can read about the failed takeover attempt on GrapheneOS in 2018 via https://grapheneos.org/history and https://grapheneos.org/history/copperheados. GrapheneOS is the original open source project we started in 2014 and there has never been a successful takeover on it. You're misinterpreting us withstanding an aggressive attempt at coercing us into turning over the project and our keys to a company as that succeeding. It did not succeed and that's why the project is still around. Most the attacks on GrapheneOS and harassment towards our team were originally started by these people and then others supporting them including Henry Fisher (Techlore) who was then supported by Louis Rossmann and his friends at Kiwi Farms. Braxman has regularly spread the fabricated stories and harassment material from these people as part of attacking us to promote his scam products.

                          GrapheneOS

                          Louis Rossmann and his friends at Kiwi Farms

                          You know that it's a very big accusation, right? Do you have any proof for these claims?

                              other8026 i just found it and I have to say: that's really bad! I think there should be some kind of warning on the forum to make people stay away from the FUTO products.

                                Some commenters in this thread think the project should comment less on non-technical issues with certain parties, while other commenters think the project should issue more such warnings. That seems like a delicate balance at best!

                                  • c86

                                    • Post #50

                                    de0u

                                    Ya, when teaming takes hold it can get dicey. I certainly see both sides of desired responses.

                                    Personally, I prefer a more academic response - here's the claim/misinformation, here's what it does within Android/AOSP, here's how GOS handles it and why it may/not be an issue.

                                    Just keeps it clean for everyone to understand and helps users increase their knowledge base overall.

                                      de0u

                                      Yes I do understand what you mean but there is a lot of negative energy unfortunately around this subject.
                                      The whole Internet (Social media) is a big sh...t hole.

                                      I should say stay focused on this fantastic project and I hope that the DEV team will keep up the good work and find the inspiration they need.

                                        Before GrapheneOS (I'm still a super newbie at it), I watched his content and was wanting to buy one of his phones. After I saw the phone price tags alongside the cost of his other products/services, I decided to look elsewhere since it was out of my price range... I'm so glad I didn't buy any of his things LOL Instead, I invested in a Pixel phone and put GOS on instead. No regrets! Just a learning curve, but it's been a hobby challenge I like learning about. ^__^

                                        TL;DR: I seriously appreciate this post and am GrapheneOS all the way investing in a Pixel instead spending on these scams. lol