New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
There's no direct evidence that GrapheneOS was already pressured to place backdoors. But there is clear foreshadowing. And any court orders would probably be accompanied by gag orders.
Server location doesn't matter. I think the GrapheneOS dev wants to personally relocate to be somewhere less hostile.
Previous operations by the NSA and similar agencies have made it more than clear that they have plenty of 0days to get into any server/device they want and are using them on the regular. GrapheneOS' security hinges on their signing keys, not servers. Those signing keys are probably kept on offline/airgapped devices.
They conduct arbitrary surveillance just to exacerbate paranoia.
The end result is social exclusion because all these open-source projects that promote privacy are the very expression of an important collective social value. It is reasonable to leave this illegal jurisdiction before that happens.
They know it's illegal and invent all kinds of facile excuses in the public media to try to make this intrusion legal.
Ultimately, they are just showing us how to kill local industry, which is great for smarter countries.
It is also a new form of communism, if the first lesson wasn't enough.
They oppose end-to-end encryption because it bypasses the current SSL standard with trusted third parties (really?).
The system is designed for large companies that want to decode HTTPS internally; just read the Cisco manual.
Countries are doing the same thing in general silence, calling it “open data” even though client-server connections are supposed to be private.
End-to-end encryption escapes this logic of absolute control, and they are going to go very far in their foolishness.
This falls outside the “listen to the fiber optic cable” model, and we report offensive content via NGOs, since it is illegal to infringe on fundamental rights.
GrapheneOS has a response about that somewhere, basically no, that wouldn't work unless the government can force you to lie (e.g. sign the bad update). This at least isn't legal in the US (which is the point of the warrant canary). The courts can gag, but cannot push "speech" onto people.
They also wouldn't be able to target because GrapheneOS doesn't send enough metadata (would need to be based on IP only, which courts in the US wouldn't authorize as being narrow enough in scope).
(this assumes they are under US law, given their servers are currently hosted by Frantech, in the US)
From
strcat's comments on HN it seems the signing keys / bad updates are exactly what the french government is after.The server location is irrelevant for this. Apparently the GrapheneOS Foundation is Canadian? Not sure which jurisdiction this would ultimately fall under.
I would assume server location does matter, given a french court can't order a US court to hand over innocent US citizen data (point two). This would also require a court to authorize sending bad updates to bystanders, which I can't see any western court allowing.
Ah, yeah, that's why strcat moved to the US.