Departure of Calyx / CalyxOS leadership and discontinuation of CalyxOS updates

GrapheneOS

de0u ryrona Rotating most of the keys doesn't require any disruption. It's possible to rotate all of the OS and app signing keys other than the OS verified boot keys without reinstalling it. The keys used for enforcing the OS security model, OS updates and app updates can all be easily rotated. CalyxOS does not appear to have access to the previous CalyxOS signing keys since only Nicolas Merrill had access to those despite not being involved in OS development. He does not appear to have handed over the keys to Calyx. It has been publicly stated on more than one occasion that only Nicolas Merrill had access to the keys. We have archives proving this and can post them if necessary. Based on our research of the domains, IP blocks, ASN, etc. we believe Nicolas Merrill may also be holding onto most of that infrastructure rather than handing it over to Calyx.

de0u ryrona They should be quickly releasing an update with an announcement informing users about the situation, similar to how GrapheneOS added a notice to end-of-life devices. Most users likely don't closely follow CalyxOS news, chat channels, social media, etc. and many will not have seen that anything has happened. If they have access to the previous signing keys, it's easy for them to make a final release with those to provide an announcement. It would also be straightforward to generate new signing keys and rotate everything other than the verified boot keys including rotating the keys for signing OS and app updates along with the ones used for the OS security model. Only verified boot key rotation requires a reinstall. Unless they consider the previous keys compromised for some reason, it's highly unusual to have people reinstall the OS to rotate the verified boot keys.

The only reasonable explanation for the situation is that CalyxOS does not have access to the previous signing keys because the only person with access to them (Nicolas Merrill) is not providing them to Calyx despite those keys solely being used for CalyxOS which has only existed under Calyx as an organization. Calyx is not being transparent about the situation.

GrapheneOS

Franckienogotobollywood Left your previous comment there but used strikethrough and added a note to show that it was retracted.

Franckienogotobollywood

GrapheneOS thanks

wuseman

Is it normal for a leader and founder to just leave a project out of the blue with no announcement of a replacement or anything?

It legit feels like Nick took the signing keys and left.

GrapheneOS

wuseman Nicolas Merrill was not one of the CalyxOS developers but rather the leader of Calyx as an organization. He was the only one with the CalyxOS signing keys because he insisted on it being set up that way. This approach led to 2 people being completely trusted rather than 1 but with Nick still acting as a single point of failure. He appears to be choosing not to allow CalyxOS users to have updates. Calyx isn't being transparent about it but that's almost certainly what's happening.

This situation is not at all the same as the GrapheneOS project experiencing a company sponsoring it trying to take it over. We continued development of the project and wanted to continue providing updates to our users but were blocked from doing so due to the takeover of our infrastructure combined with most of what we needed to continue development in the short term being taken away. The project was down to 1 person with all of the donations stolen, nearly all of the accounts and other forms of contact with the community stolen, etc.

Watermelon

@GrapheneOS Btw may I know please why you deleted my reply? Maybe I said something wrong or you don't want the thread to turn into a flame war or another reason maybe…

MetropleX

Watermelon we can see your heart and your passion was in the right place but we should try to keep the tone of the discussion factual and technical avoiding the opportunity for our detractors to paint you, our community writ large, moderation or dev team in a bad light.

Bimmy

Question: Does anyone see indicators for external adversaries of Calyx - meaning powerful 3rd party adversaries able to issue gag orders and/or directly threatening project members -- playing a role in the end of Calyx?

I don't want to spread rumours, but maybe there is publicly visible signs like a dead warrant canary?

GrapheneOS

Bimmy

Question: Does anyone see indicators for external adversaries of Calyx - meaning powerful 3rd party adversaries able to issue gag orders and/or directly threatening project members -- playing a role in the end of Calyx?

No, and CalyxOS was not a hardened OS so it doesn't make sense.

I don't want to spread rumours, but maybe there is publicly visible signs like a dead warrant canary?

No.

It's known there's an internal conflict and that Nicolas Merrill was previously public demoted. Calyx is choosing not to be transparent about what's happening. They could give the excuse that it's for legal reasons but it's entirely possible to prioritize transparency and a serious privacy organization would do so.

oci3o

GrapheneOS If Calyx had access to the signing keys, they could quickly make a release rotating nearly all of the OS keys including the ones for signing OS and app updates. There's no need for them to require people to reinstall the OS to rotate most of the keys. Only rotating the verified boot keys requires people to reinstall the OS. Nicolas Merrill is the sole person who had access to the signing keys despite not being a developer involved in CalyxOS development and CalyxOS being entirely created and managed as part of Calyx. He appears to be refusing to turn over the signing keys to them, otherwise they could have continued doing updates and could have rotated everything other than the verified boot keys. Calyx is not being transparent about what's happening and why they're making these decisions.

On this specifically, what would happen if GOS went through something similar? I assume back in the day Daniel had access to the signing keys (or he still does), plus a few trusted individuals?

starry-night

GrapheneOS I found this super interesting, reading this and your thread on twitter. So interesting that I made a forum account haha. When I had watched Louis' video on the matter I didn't know about any of this. On your twitter, you mentioned something about him live streaming the harassment when the founder was swatted. Are there any links to VODs or archive links of the kiwi farms harassment? Just wanting to do research on this.

GrapheneOS

starry-night

On your twitter, you mentioned something about him live streaming the harassment when the founder was swatted.

He live streamed a private discussion which took place shortly after repeated swatted attacks. That's what he shows in his video so you've seen some of it.

Are there any links to VODs or archive links of the kiwi farms harassment?

A huge number of people have seen the raids on our rooms with CSAM, gore and endless harassment towards the founder of GrapheneOS. Please note that it did not directly involve Kiwi Farms until after Rossmann involved them. Nearly all of the harassment was based on Copperhead's attacks and especially Techlore's video and other attacks on the project. The person who did most of the swatting attacks was posting Techlore's attacks in our rooms and voicing support for CalyxOS and Techlore. That person raided our chat rooms over a long period of time, likely years, often spending hours doing it for days or weeks at a time. They eventually escalated it to the swatting attacks. Techlore and CalyxOS are responsible for that, not Rossmann and Kiwi Farms. Rossmann got involved later and his video was published after all of the serious swatting attacks.

Byteang3l

GrapheneOS I've never really understood why this project gets so much heat from people, it's a good project maintained by good people that contributes to the greater good. What is there to hate about that?

Pocketstar

Byteang3l Whatever may be the reason, it is important not to give in to it and damage the GrapheneOS project due to harrasment like that, we should not let them succeed by them turning the efforts of the GrapheneOS developers into apathy and burnouts.
Just don't let them divide the GrapheneOS community and stick with what the GrapheneOS project stands for.
Together we stand united.

Xtreix

Byteang3l

If you would like to learn more about the origins of the attacks against GrapheneOS and how it all began, here is a link.

Byteang3l

Pocketstar agreed, I have 3 devices running Graphene now and it's my favorite open source project.

Pocketstar

Byteang3l Me too, we finally have a reasonably secure operating system rather than an exploitable mess and a privacy nightmare, for me it is hard to imagine that projects like GrapheneOS are not the norm rather than the exception, after all, it is by far the best option when it comes to a secure and private solution to mobile operating systems.
It undoubtedly saved alot of lives of whistleblowers, dissidents, journalists and kept alot of people safe from abuse or worse.
In my opnion the developers are truly like a digital equivalent of superheroes, saving people left and right, I cannot praise them enough for their hard work honestly.
It makes it even more sad when you think about the developers being attacked while they are protecting people, I hope it does not affect their spirit and cause burnouts and spread apathy, which is possibly the goal of some bad actors in order to stop the project, it is a well-known tactic.
But I am merely speculating here though, I am sure bad actors don't make their intensions clear, so it is hard to guess.

Byteang3l

Xtreix I'm just getting started but I've already learned enough to be happy calyx is declining. Thanks for the link, it's fascinating how much lore there is surrounding this.

Xtreix

Byteang3l This link have more to do with Copperhead than with Calyx, but yes, they do provide more information about the origins of the attacks. It is likely that a number of users are unaware that GrapheneOS was previously known as CopperheadOS. I have read a number of posts online where people believe that GrapheneOS was created in 2019. Copperhead has contributed greatly to this by making people believe that GrapheneOS is a fork when it is actually the original project that changed its name. When I discovered Daniel Micay's work around 2018-2019, I was not yet aware of Copperhead, Calyx, and the harassment they created. I discovered this later, and it was while doing research that I one day found the link that I published.

user20583982

Just a theoretical question here: how would the same situation be handled by GrapheneOS leadership? Would it impact GOS users in any way?

fph

user20583982 Just a theoretical question here: how would the same situation be handled by GrapheneOS leadership? Would it impact GOS users in any way?

No one is answering this question, apparently. I'm also curious to know if there are safeguards, and who has access to the signing keys.

« Previous Page Next Page »