Why was I banned from GrapheneOS? That’s a good question.
 |
|---|
| Why I was banned from GrapheneOS by Daniel Micay) |
Hello everyone, I want to preface this by disclosing that I am part of the GrapheneOS team. My account is not freshly created by the way, since that seems to be such a hot topic here. We asked our community for help with dealing with this mess since the self proclaimed open-source “enthusiast”, who is supposedly so eager to help, has gone out of his way to spread this literally all over the internet in order to harm an…open-source project. Here on Lemmy, Mastodon, Reddit, LinkedIn…even Facebook and elsewhere. That’s where the “suspicious” new accounts come from. That said, yes you can go ahead and verify they are in fact members of the community. And you can verify mine too if you wish, on the GrapheneOS forum, our reddit, discord, matrix, github. I don’t know what else I could tell you on this front honestly.
Now this person filed a duplicate feature request on the issue tracker regarding 3-button navigation. We closed it and provided an explanation on why it’s not wanted, primarily because 3-button navigation is really just a legacy mode and only kept around for compatibility reasons. Any feature that aims to provide a quicker way to force kill apps should be done in a way that’s not specific to it, but can be applied to all navigation modes. I hope this makes sense until here.
About a year later some people picked up on this feature request and started discussing it further. We have a rule where if you want to express your support for something you should react to it with a thumbs up emoji. That’s because each mention and reply sends an e-mail notification to multiple developers. We opted to delete the issue in order to stop the noise. In hindsight yeah that was a mistake, since apparently there are individuals around who are just waiting for an opportunity to act in bad faith as seen here.
This person kept insisting on it and continued to file more issues regarding this matter, even going as far as cloning our repository and continuing the spam there. We repeatedly asked them to stop and take it to dms instead but they didn’t do either of these things. Now what they did do is dig this up over a year after our last interaction with them and make a mountain out of a molehill.
There you go, that’s the gist of it.
I can’t believe I just wasted time reading this.
Tldr: GOS accused OP of trying to create public drama and instead of taking multiple opportunities to deescalate, OP kept pushing and got banned.
So, if GOS was wrong about OP wanting to create public drama, then why have they made this post?
I’m not saying GOS didn’t overreact but that whole conversation was at the level of 13 year olds. Surely, OP, you can do better?
Specifically:
If all you wanted was to share the information with CalyxOS, wouldn’t the logical option have been to copy the relevant text from @jertek’s comment (which you had already recovered), and quote it in a comment on your CalyxOS feature request? You could have linked to @jertek there and continued the conversation without involving GOS.You know GOS aren’t intending to implement this feature - you were informed of that on the GOS discussion forum before opening the ticket. (I just searched the forum for this topic because I was so sure I must be missing context but no, not really.) So when they deleted the request, why not let it go? I just don’t get why it mattered so desperately that they deleted your feature request, and why you couldn’t clarify that anywhere except on a clone of their repo. I really, genuinely don’t.
Yeah strcat has been an ass since the Copperhead days. He’s set back Linux security at least a decade by pissing off Spender of GRsecurity to the point of making him remove the public patches (not that I think Spender was right to do that, but I understand why it happened after what Mackay did).
The dude is toxic.
That information you posted about Spender and GRsecurity is false. That isn’t why the patches were removed. The project is in good standing and contact with Spender.
Also, your comment about crashing and burning the Copperhead project is blatantly false as well. The other business partner attempted a hostile takeover that was rebuffed.
This blog post that they have posted across the fediverse, and multiple other platforms is a near complete fabrication of the timeline and what actually occurred. Anyone who has gone to GitHub to look at it has found that maltfield’s claims are baseless and they are acting inappropriate childish and unacceptable manner.
You are just saying things without a shred of proof and no one is asking for any. So here I am: Please provide proof of all of these claims.
You are just saying things without a shred of proof
Likewise.
Please provide proof of all of these claims.
Here is the information about Spender and GRsecurity copied from my other post:
It was after GRsecurity became private that they had an issue with people making upstream security contributions, particularly upstreaming anything from the GRsecurity patches. They had disagreements about that, and then moved past it and are on good terms now.
It’s absolutely ridiculous to claim that Micay has anything to do with them making things private.
https://grsecurity.net/announcehttps://news.ycombinator.com/item?id=10126319It was Wind River, owned by Intel, which was the main offender for upstreaming the patches. Micay was the one who introduced GRsecurity in Arch Linux and did all the integration it had for PaX exceptions and the start of RBAC support (systemd was an issue at the time). It was afterwards once it became private that it was awkward because they didn’t want people upstreaming or maintaining ports of their work but at the time Micay was maintaining GRsecurity in Arch Linux and GrapheneOS (then called CopperheadOS) was using the PaX subset for kernel hardening, so there were existing uses of it to try to keep going in some way.
You’re drinking the strcat Koolaid. There was no take over. His business partner was mearly looking at avenues of monetization and dipshit blew a fuse.
Copperhead OS was supposed to be independent of the Copperhead company. They were not in the right to just take over the infrastructure and claim ownership or copyright of the code.
Hello Daniel. Why do you keep creating alts and then calling everything fake news with no proof besides “google it yourself”?
Hi, I’m a community member which can easily be verified, not Micay. Feel free to visit the chatrooms and look for my name.
This blog post is verifiably false. All it takes is looking at the actual GitHub repos to see it. This person wasn’t “banned from GrapheneOS”. They were blocked on the repo because they were repeatedly pinging the developers and acting in an immature way because they didn’t get the feature request fulfilled.
It was posted across as many socials as they could to stir up drama and harassment towards the project. It’s completely transparent.
Claims (yours or otherwise) without evidence can be dismissed without evidence.
Cool, so this means we can dismiss your claim that we are all alts of Daniel?
I’ll try to help you with following the instructions from Skorp to verify that the article is completely false (the evidence):
Where are the GrapheneOS contributions? Nowhere.
deleted by creator
Didn’t he leave the project though?
He crashed and burned the Copperhead project, yes. Copperhead was just him and a business partner that he totally fucked over.
The business partner fucked over him by stealing a bunch of crytpo donations that were meant for CopperheadOS which later became GrapheneOS. CopperheadOS which was agreed with Donaldson to be independent from the Copperhead company which was created to support the development of Copperhead but wasn’t allowed to control the CopperheadOS nor to have any ownership or copyright over the code.
Yeah sounds about right. The only reason I’m even running graphene right now is because I heard he left the project. Otherwise I wasn’t sure I wanted to be dependent on it
GrapheneOS is open source, just because you disagree with who runs it doesn’t mean the code itself is bad. Its an extremely popular project now & there are a lot of eyes on it.
It has long since evolved beyond something Daniel can simply destroy as a whim & any attempt to sabotage it would be met with a roaring backlash & warnings from pretty much everyone in the privacy & security space.
I think you’re good to keep on using GrapheneOS, there simply exists no better option. Though if you are set on switching I guess CalyxOS (if they remain in operation) or BraxOS would be the best alternatives.
XZ was also open source…albeit less eyes on it probably. Point is we take “open source” for granted and assume it means “secure” but the person running a project, even an open source one, can do real damage.
I agree with that sentiment fully, just because something is open source doesn’t mean it’s automatically secure. Though when an extremely popular project’s entire focus is high security & the specific eyes on the project are the exact people who are professionals in security, I’m more inclined to trust that it would be pretty hard for Daniel to slip in a critical flaw into the code.
Its just to me the whole idea that one man can sabotage a project of this scale seems pretty overboard. GrapheneOS is a great tool. A lot of people hated Edison, he was a huge ass with an even larger ego, but it doesn’t mean we shouldn’t use DC electricity. I would argue that if you dislike Daniel McKay, that same thought process should still apply. You may not think he’s the greatest guy, personally I don’t have any strong opinions on him. But what he’s done is undoubtedly extremely helpful to anyone concerned with both privacy & security.
They did not leave the project. They are still a developer, a director of the GrapheneOS foundation, and someone shaping the direction and quality of the operating system. They did step down in their role as lead developer though, which was taken over by another person, who is also a director. They also lowered their public social media presence on their personal accounts, in order to avoid harassment and attacks.
Why is it even possible to remove public patches that are already used?
seeing how the GrapheneOS team bans people without any given reason, goes out of their way to point out how they’re the only good OS choice and literally anything else one might consider is insecure garbage (it really feels like mentioning Graphene and any other custom ROM on Mastodon in one post summons them with a 10-post thread pointing out why the two aren’t in the same league and shouldn’t be compared to each other, ever), and then paints themselves as the victim who is constantly harrassed by the competition without ever showing much evidence, I probably wouldn’t be very comfortable running their product, even if it was available for my device.
This is a huge mischaracterization of what the project account does across socials. They are on the receiving end of misinformation like that being spread in this blog post, designed to stir up drama and provoke harassment towards the project. Anyone who has looked at the actual evidence (not the blog post), has found the claims in the blog post to be baseless.
People ask genuine questions about the differences between Android forks and the project account is available to provide factual information on those differences…and you’re mad about it?
I honestly don’t think it’s false. I’ve seen people be on the receiving end of graphene developers propensity to claim their solution is the best and most secure ROM out there. GrapheneOS users are just as inclined to make those claims unsolicited, and that in threads that just mention custom ROMs and aren’t talking about security or anything close to it.
The devs and community need to take a chill pill or go into therapy, because it seems like they all went through some traumatic event(s) and GrapheneOS or ROMs in general are their trigger.
I’d be much more willing to use the ROM and donate if the community weren’t as intense and it also ran on devices other than Google’s. Right now, both points drove me away from GrapheneOS and I actively discourage those around me to use or install it. If the devs and community were less intense and open to civil, friendly discussion + compromise, things would be different. Not everybody out there is a threat and has to be treated as such.
I’ve criticized aspects on GrapheneOS before & have gotten well thought out & reasonable reasons why they made the decisions they do. They took the time to address my concerns respectfully & even linked independent research that supported their position.
Also I am not an active member of the GrapheneOS community, just an enjoyer of the project. So unless you’ve actually joined their community & tried engaging with them respectfully, I have no idea what you’re talking about. Every single interaction I’ve had with them has been positive. Anytime I’ve looked in their chat rooms I see people helping out new users & answering questions I imagine have been asked hundreds of times.
Stop listening to what other people say, just go & see for yourself.
Stop listening to what other people say, just go & see for yourself.
I’m speaking from experience. Read my other responses to understand that it’s not the technical feedback or whatever that I have trouble with. The GrapheneOS community inserts itself into every discussion about ROMs possible.
Someone brings up LineageOS for a OnePlus phone? Get a pixel and flash GrapheneOS. Someone brings up CalyxOS for a no pixel phone? Buy a pixel and flash GrapheneOS! So you bought a Volla phone with VollaOS? Wrong! You should’ve given Google your money for the most secure phone in the planet and flashed GrapheneOS! Oh, you don’t have enough money for a new phone? Stop being poor and sell your assets because the TLAs are after you and your life is worthless without a Pixel and GrapheneOS! You think the pyramid of needs starts with food and physical safety? Guess what! That’d wrong again, because it starts with digital safety and that means GrapheneOS!
It feels even worse than the damn “Arch BTW” people, because we know it’s a goddamn meme but the GrapheneOS people are serious. It’s as if GrapheneOS is a status symbol that makes them levitate above the rest of us lowly LineageOS, CalyxOS, eOS, VollaOS, custom ROM plebs. As if GrapheneOS is the final stage of enlightenment that Buddha reached before he flashed his Pixel and ascended.
That’s what the OP was talking about and I am too.
The blog post is false. You can verify it by looking at the repos. This person was being childish in their attempts to get GrapheneOS and other projects to accept the feature request. They were told “No”. Now whether they or anyone else feels the reason behind that decision is valid or not is separate from the fact that this person then went out of their way to make noise and trouble for the project (by opening the repo, pinging the developers, etc.). We’ll call it “entitlement”. When they were blocked, instead of moving on and accepting that the feature wouldn’t be implemented, they wrote up this blog post and spread it around the internet so that it would stir up drama, and direct more attacks towards the project. I’d call that a vendetta.
Other companies and projects have a tendency to take criticisms coming from the project as directed attacks. I take less issue with the project making objective criticisms. To respond to that criticism by pointing a finger back calling the founder “delusional”, “insane”, etc., doesn’t seem appropriate. Even if it were true (which no one has evidence to claim), it would still be completely unacceptable to talk about someone like that. Your comments about them or the community “needing therapy” perpetuates that sentiment.
Intensity is one thing. That is arguably true and the OS may not be the leading AOSP fork in terms of security and privacy (see: Capabilities against forensic extraction) if it weren’t the case. It is the projects unwillingness to compromise in this area that makes it stand out in that regard.
Other projects and companies make claims about and market their projects/devices/services. Not that I’m arguing that GrapheneOS should be the only ones able to comment on or evaluate those claims, but they are certainly some of the most qualified to. We shouldn’t give them a pass because they claim to protect us against “big tech”. Those things should be critically evaluated because it matters so much.
GrapheneOS evaluates other’s primarily based on their technical merits and against their claims they make. How many of those who oppose do the same? Or do they just call them divisive, crazy, and incendiary?
Thank you for the civil discussion. I hope it can continue.
The blog post is false.
That wasn’t what I meant by false. It was your phrase about the activity of project socials being mischaractered, which I still maintain it is not.
Other companies and projects have a tendency to take criticisms coming from the project as directed attacks.
It really depends what is said and how. As I have said before, and as the original comment you responded to said, the project socials (and community) constantly put down other projects and bring up grapheneOS in any discussion about ROMs. The problem is they seem to lack awareness and often ignore context.
For example, if I mentioned LineageOS as a good option for somebody who wants to degoogle their Samsung phone, you can bet that a grapheneOS maintainer or sympathiser will show up. They will inform everybody how insecure lineageos is, throw a bunch of technical terms around, and finally recommend the purchase of a google pixel and to flash it with grapheneOS. This happens regardless of what the original user says they want (a degoogled Samsung phone), here the question was asked (possibly thread about Samsung phones), what budget the user has (they might not have any to buy a new phone), and so on.
Your comments about them or the community “needing therapy” perpetuates that sentiment
I could call it “making objective criticism” like you call the actions of the grapheneOS maintainers and community. Do you understand now why that argument doesn’t work? To you it may seem objective, but to others it is brigading, unwanted, annoying, and also insulting. Immediately entering every discussion about another ROM with a “that insecure” and “you might as well not have a passcode and hand over everything to Google” is far from the objective arguments you think the maintainers and community are making.
Hopefully it is more understandable now what I (and some others) take issue with. If grapheneOS maintainers and the community could just please stay on topic, make relevant comments, and be more diplomatic, maybe even supportive of other projects, that would improve their image so much…
Thank you for the civil discussion. I hope it can continue.
🙏 Thank you too.
This is a huge mischaracterization of what the project account does across socials
That’s true, there’s no mention of all the brigading, evidenced by all the brand new accounts replying on all the threads where this was posted! The stuff of well adjusted people for sure!
So, you’re not taking issue with the obviously fabricated things in this blog post, which this person shared across over a dozen Lemmy communities, Reddit, LinkedIn, Mastadon, etc., but you are taking offense that community members might come to where this is being posted to address/correct/refute it?
You seem to feel comfortable lobbing statements that GrapheneOS community members or even just people that might disagree with lies and targeted drama being posted aren’t well adjusted, but not the person who posted the lies across the fediverse?
This all seems backwards.
I’ve had my fair share of personal experiences which the individual in question to know exactly who they are and where I stand on this issue. Thanks.
Go to therapy and do some introspection, Dan. You have a serious attitude problem that manifests itself as anti-social behavior. It’s not a good look.
They are not Daniel. There just are multiple people disagreeing with you. Despite you being toxic and supporting harassment content, community members and GrapheneOS users replying here have stayed very mature and polite towards you. I would look in the mirror first of all, if I were you.
Sure thing, Dan.
I can vouch that these are all independent people. You’re clearly the delusional one here, like whats even going on in your head?
If you think I’m also Daniel as well, then just search up my username. I guess Daniel (which is of course me) is a big time enjoyer of hacking roblox. Wherever do I, (clearly Daniel) find the time to manage the full lives of all these people. Must just be the most efficient person on earth.
It’s a good product but yes, the team is ridiculous. Either because they do this incessantly or never stop the people doing it.
How hard is it to just let your product speak for itself? I wouldn’t trust the team because they insist on making an echo chamber and mountains out of molehills. It simply reads as a team that isn’t stable.
It’s a team of around 10 full time developers and also other project members with moderation responsibilities. Some of them sadly have to deal with adressing harassment on a daily basis yes. But what is the alterantive? Just letting yourself be harassed? Would you also reply like this to a person getting bullied? “Just ingore the bullies, don’t defend yourself against them and let your personality speak for yourself!” That’s not fair. GrapheneOS has every right to defend themselves.
Just put on your big boy pants and ship code man. I know open source development is tough, you don’t do it for the money and you deal with lots of idiots who act like you owe them something. But you’re wasting your time with them and it seems to me like it’s more about ego than anything else
I don’t like this take. “Put on your big boy pants & ship code” like what? Do the GrapheneOS devs owe us this? Absolutely not!
If you use the project, you should be more grateful for everything their doing. It is essentially charity work & their investing a lot of their time to fight back against surveillance & privacy threats. If they wanna ban people from their communities thats entirely their choice because their doing the world a favour by doing all this.
I’m not a GrapheneOS developer, nor part of the GrapheneOS team, I’m a GrapheneOS user and community member. I can’t go ship code. Agreed that open source development is a difficult work environment due to some people feeling heavily entitled and those people being very vocal. As to for the actual GrapheneOS team, they would love to waste less time with responding to attacks and false information. However, it’s a very normal, human response to not want misinformation about yourself and your project to thrive all across the internet. This also can hurt the project in many ways, it’s not an ego thing.
Look I have no idea about all of the community drama and I don’t care if you are a community member of the leading dev. I’m shipping code every day and if someone talks shit, let them talk, I literally don’t have time for it because I’m busy shipping code. So if you just code and not react, what are those vocal people gonna do about it? Jump out of their screens and beat you up irl?
I think you underestimate the burden of misinformation being spread about you and your passion project online, and having a KiwiFarms thread about you on the internet. The harassment also has a real life impact because the founder has been swatted multiple times, endangering their lifes. So they can sadly do much more harm than just being a keyboard warrior. And besides that, it also has an impact on cooperation the project can do with other organisations and companies. GrapheneOS has asked whether other organisaties would want to share their Android partner access with them and they got replies stating that they would want to share the partner access but will refrain from sharing it becuase they were scared that if people found out they helped that they would also get harassed. Also, GrapheneOS had tried for many years to get a cooperation with a non-Google OEM to support other hardware than just Pixels and the harassment has also been an issue for things like that in the past. Luckily, GrapheneOS is currently in active talks with an OEM though who hasn’t taken any issue with it, so let’s hope for the best.
Most people get banned for a clearly stated reason and many people who post harassment material in the community even get given second chances if it becomes clear they just do this because they are misinformed instead of being malicious.
GrapheneOS does not make many posts on their social media timelines about other projects which other people think are competing in the same space as GrapheneOS. Most of their posts referring to other projects are in reply of posts from other people that tagged (@'ed) GrapheneOS in their post. GrapheneOS replies to these people to inform them. Like many companies and oranganisation do, it’s okay to point out how your project differs from others.
Many projects that claim or think to compete with GrapheneOS make many claims regarding the security and privacy they would offer even if their appraoch actually is detrimental to security and privacy compared to the upstream projects (AOSP) they are based on. This mismarketing is a big problem, it makes sense that GrapheneOS points this out if people are tagging them in social media post while putting them in the same category as those other OSes.
You are also reverting the situation. The other projects started personal attacks and harassment first. GrapheneOS just replies to it. Defending yourself from harassment and bullying is not bullying. Don’t blame the victim. Don’t rever the roles.
whatever you say, 3 hour old account heavily invested in discussing just this one and only thing in multiple communities
𝐒𝐨𝐜𝐤·𝐩𝐮𝐩·𝐩𝐞𝐭
/ˈ𝘴ɑː𝘬 ˌ𝘱ʌ𝘱.ɪ.𝘵𝘳𝘪/(n.) An online identity created, and used, for purposes of deception. A sockpuppet purports to be an independent party that supports, approves of, or agrees with some agent (a person, organization, agency, or state), but is in fact created and controlled by that agent, and has no independent existence. Common uses of sockpuppets include plausibly deniable hacking or information operations, provocation, and astroturfing (creation of the illusion of grassroots support).
I’m in active community member in the GrapheneOS community. I go by the same name there as I’m using here. It became clear from the community chat that a lot of misinformation and lies are spread about GrapheneOS on social media. I’m passionate about the project, which I rely upon everyday so I want to do my part in helping to correct any misinformation out there. You can’t argue with the fact that the post that has been made is a complete lie. The title is a complete falsehood. They were not a contributor, nor are they banned from using GrapheneOS. The reason I’m active in multiple communities on Lemmy about this is because the OP has decided to spread his blogpost on multiple Lemmy instances, mtuliple subreddits, Mastodon, Linkedin, … If they spread in in multiple channels, users and community members who want to discuss GrapheneOS online will also show up in multiple channels to discuss it. I would prefer to only have to reply to one post, they decided to make 12 posts on Lemmy (if I counted correctly). And yes, I made my account yesterday. Am I not allowed? Do I have to wait 2 years and engage in random discussions not related to my interests before I join the threads about topics that I’m passionate about?
okay Daniel
You just look like an idiot right now because he’s not a sock puppet. Just look in any online chat room associated with GrapheneOS, Tranquil has an extremely well established identity.
I’ve even seen him myself helping people in the community for years now & Tranquil is very active. But okay, enjoy being a gullible pawn following whatever maltfield says.
thanks, I will
While the authors intentions are a bit iffy (the whole thing happened over a year ago), the fact that two new fresh accounts that speak just like Daniel apperead in the comments speak the loudest.
Daniel, if you are reading this, comparing Graphene features to Lineage is not targeted harassment, nor is creating feature requests that can be closed and explained politely. When browsing the GrapheneOS forum the weirdest thing is seeing misunderstanding people being threatened with bans instead of helped with explanations. Usually with forums I just assume a 12-year-old is behind the keyboard, but unfortunately that’s not the case with Graphene.
I’m a real person and long-time community member. I’m not an account created by Daniel. You can go to the GrapheneOS Discord and search for
from: tranquil_cassowaryand see that I have posts going way back in time, on Matrix I used to go by stackedbedrock@arcticfoxes.net and now also go by tranquil_cassowary@arcticfoxes.net. My style of writing is also not the same at all, as is my level of English. It’s probably easier for you though to assume that everyone who disagrees with you is one person, so that only one person would be disagreeing with you.I don’t know if you or the other account is Daniel or not. You do have to have a few screws loose to be constantly looking for posts that are negative towards your project and create accounts (or multiple) to defend it ASAP. However doing it to someone elses project you would have to be in a nuthouse, so I usually assume the more intelligent option.
I looked for the posts once when they got post-spammed across all of Reddit and the Fediverse by the OP. Now I just get notifications for things happening in the replies. That’s how these social media things work, there are notification inboxes. As I said, I’m not Daniel you can verify it by looking in the Discord. I’m passionate about this project, I think having a positive passion towards something isn’t that strange. Being passionate about harassing a project and an open source developer, however, seems a bit stranger.
𝐒𝐨𝐜𝐤·𝐩𝐮𝐩·𝐩𝐞𝐭
/ˈ𝘴ɑː𝘬 ˌ𝘱ʌ𝘱.ɪ.𝘵𝘳𝘪/(n.) An online identity created, and used, for purposes of deception. A sockpuppet purports to be an independent party that supports, approves of, or agrees with some agent (a person, organization, agency, or state), but is in fact created and controlled by that agent, and has no independent existence. Common uses of sockpuppets include plausibly deniable hacking or information operations, provocation, and astroturfing (creation of the illusion of grassroots support).
Legit 2 digit IQ, Tranquil is not a sock puppet. I’ve seen him in GrapheneOS chat rooms occasionally over the span of a few years during the time I’ve occasionally looked through them. From what I’ve seen he’s very active & is constantly helping people out.
The Hard Parts of Open Source. TL;DW - it’s people.
deleted by creator
