They should consider making their primary site a .onion and then have clear-web portals in many countries that serve as a secondary class site or cache. The physical location of the primary site should be unknown.
How many users are aware of their loss of privacy, and of those who are, how many are aware of its extent? These are not trade-offs with clear and obvious implications written on the tin.
Have you tried talking to normies about this? Sure, nobody likes bad things happening to them, but they usually neither understand what would be bad about a loss of privacy, think the long-term consequences are just paranoid fear-mongering, and will shrug away the implications next time they encounter a decision between comfort and privacy again.
It reminds me of Jamie Oliver (I think it was him) showing a group of pupils how Chicken Nuggets are made, in all its brutality; afterwards, when asking them if they would like to eat some nuggets now, guess what they said? "Yeeeeees!"
People care but lots of people were brainwashed by politicians and the media to think it's no big deal, and even that Snowden is a bad guy. I've met somewhat intelligent people in real life who have zero appreciation for his disclosure, seemingly oblivious to the fact that whistleblowers are unwanted by the establishment. Does anyone seriously think they didn't know that what they were doing was highly illegal and inappropriate?
The official title is 'Regulation to Prevent and Combat Child Sexual Abuse' and I imagine most people would be inclined to vote in favour of that without context.
And yet people don't realise that Epstein was talking in clear text for years through a gmail account that the government could access - and the powers that be didn't do anything about it. It's got nothing to do with protecting children, it's about controlling and monitoring the population.
It's a sad fact that there's just no way for GrapheneOS to win this fight. The intelligence agencies of every world government are on one side, and a relatively poor organization that produces less restricted cell phone software is on the other.
How does this increase security? The actual code is distributed over github and is digitally signed. Same goes for the installers/updates. Attempts to replace the contents would be easily detected, and would won't do much, aside from maybe compromising someone installing in that short time frame. Moreover darknet sites have an identity problem. It's easy to validate that "grapheneos.org" is the official site, not least because there's no grapheneos.com or similar. If you're using a hidden service you'll get an address like graphenenlhxh74dsi1kk1k8se0wutcc2v4f7bnohqe8zxbkfk8z3wp8.onion. How do you know whether that's the official site, or graphenenlhxr1uvl0i8oiuzx587fpgcesik0apij5axd1a0xbdvj5eg.onion?
>Also who REALLY controls that domain in the end? Someone with access to `.org` nameservers. Do you trust that person? What's their name?
Same way you trust/verify that you got Tor Browser from the right domain, and the organization behind it hasn't backdoored it (didn't the tor project recieve government funding?).
It's amazing to me that everyone even slightly disliked by the ruling class isn't doing this. Like remember when Nintendo took down a bunch of Switch emulators... from GitHub? Why were they primarily on GitHub?
Technically emulators are not against the law, piracy is against the law. And given that open source projects are all on github, it makes sense for them to just be on github
That said, there are many forks of the projects DMCA'd still floating around.
This looks hugely blown out of proportion. The project founder has a well documented history of what I would consider a persecution complex. Once again he has provided no substantial evidence. The only thing they provided are some, admittedly borderline libelous, news articles. Unless they provide some more concrete information about these supposed attempts of getting a backdoor installed into the system, I will consider this as just another day of GrapheneOS drama.
The evidence is not "news articles", but the contents of those articles where a high-ranking prosecutor threatened to go after GrapheneOS "if they don't cooperate with the law".
No matter your feelings about the creator, I think this was entirely the rational choice.
France is pro-Chat Control. For about a year now there's been an anti-drug trafficking fervor among legislators and government, in which they've pushed for encryption backdoors (separate from Chat Control at the EU level) and recently threatened GrapheneOS. The country is politically unstable so future politics are hard to predict, but anti-encryption politicians stand a good chance of winning the next election. Any rational project would move out.
I don't disagree about leaving France over their position on chat control or legislation.
I disagree about them essentially spreading misinformation about what actually happened. One prosecutor, that probably doesn't even know what GrapheneOS is, making boisterous claims to the press, is not the same as being contacted by the state about adding a backdoors.
Interviewed cop says they'll go after them if they don't cooperate, which would mean a) requesting assistance to law enforcement via means such as backdoors and server seizures and b) resulting in legal steps against the organization and its members by France. Who in their right mind wouldn't take this a threat? After Wikileaks, the Telegram CEO, pushes for chat control and other authoritarian techniques?
Sure, the cop might be a nobody in the grand scheme of things but they're representing a government agency publicly so they're probably not babbling out nonsense in a bar somewhere, being overheard by a reporter.
Can you believe that the cash Euro is used in crime, human trafficking, and exploitatiom everywhere, and the US hasn't invaded Europe to stop them from supporting human rights violations all over the earth?
I don't understand the last line in your comment: if Telegram doesn't have good encryption, why would anyone require to have a backdoor installed? Are you implying that the French government isn't able to decrypt a bad encryption scheme? Or that the idea that this government asked for a backdoor is preposterous?
Encryption doesn't have to be backdoord because none of the group chats on telegram are encrypted (telegram gets to claim it's "encrypted" because it's TLS between client and server, but e2ee is not claimed except for inconvenient device-to-device chat.
In any case, the back door may be more of a Room 641A arrangement where all messages are intercepted by the host government, saving them the trouble of installing sockpuppet accounts in all the chatrooms they want to keep an eye on
The cynic in me believes that the motivation behind this very publicized melodramatic arrest is even simpler: reinforce the myth that Telegram is e2ee (remember the 90s when the DoJ wanted us to believe that 40bits keys were unbreakable?)
I expect that most cynics would just keep their heads down and use iOS or something. The intense idealism needed to motivate something like Graphene is compatible with paranoia, but not with weariness.
> The intense idealism needed to motivate something like Graphene
Yes, the intense idealism of the brainwashed and oblivious prompted the realistic Graphene creators to do something themselves instead of waiting for other realistic folks who happen to be few and far between.
A European Arrest Warrant would make the entire EU off limits. Which makes me think they haven't thought this through and are just overreacting, as many on this thread suspect.
If the GrapheneOS maintainers were being advised by a lawyer, they'd surely know that if French Authorities wanted them arrested and they were standing on a street corner in Stockholm, they could just as easily be picked up by police as if they were in a café in Paris. Making the whole France travel ban just a load of theatrics.
> Which makes me think they haven't thought this through and are just overreacting.
You're contradicting yourself. If "they haven't thought this through" they clearly haven't been paranoid enough but in that case they aren't overreacting, they're under-reacting. They need to transfer development out of the EU, not just out of France. That's one unexpected benefit of Brexit, btw.
My point is that they clearly haven't sat down with a lawyer, so don't know what the appropriate response is.
I suspect they'd get told to calm down while the lawyer sends a letter to the authorities explaining what they're currently attempting to articulate via social media.
The lead developer seems to have a history of this style of communication in response to any minor critique of himself or GrapheneOS.
> you intentionally put "benefit" and "Brexit" in the same sentence
My comment wasn't an endorsement of Brexit, UK or EU. I was only thinking that if a quick change to a nearby jurisdiction was needed, the UK would be a place to consider, at least in the short term.
Multiple accounts have said the same thing in this thread, and I'll be honest here: given the Jia Tan situation, it could be true (in the way that he's being pushed by external forces). It could it be character assassination... Or it could be totally valid: idk.
But what I do know is that nobody is providing any citations.
I also know that progress depends on the tyranny of unreasonable people.
There is no place in the world where there are not bad proposals all the time. Some places are worse than others, but everyplace has problems and needs to be watched.
The Canadian parliament can vote laws that break/infringe upon most of our charter rights with a simple majority, using the non-withstanding clause. The Quebec government has already used it and is signaling that it will use that clause even more often.
Again, that requires a simple parliament majority and courts aren't allowed to really do anything about a law once that clause is invoked. That makes for one of the worst places to be in for something like grapheneOS in the long term. You're just a single election away from a PM like Legault deciding that encryption is against "Canadian values" or something.
(They wouldn't even need that to restrict encryption, but it still makes us unique in the west since it's just a "routine" clause that can be invoked to suspend almost every possible legal challenge against a law outside of any emergency situation or extraordinary circumstance, and is used almost on a yearly basis nowadays )
> but it still makes us unique in the west since it's just a "routine" clause that can be invoked to suspend almost every possible legal challenge against a law
It is not unique in the West, or even specifically in those parts of the West that share the same head of state as Canada; in fact, Britain itself has a more extreme form of it given Parliamentary sovereignty.
Here is the problem France and Europe need to be somehow attractive in the world today:
- Energy prices -> nope
- Science and technology -> not anymore plus the brain drain is accelerating
- Business environment and competitive taxes -> nope
Europe still had good living environment, safety, fair privacy and rule of law. But western Europe seems to be dedicated to destroy this too. In the meanwhile a lot of countries elsewhere are progressing rapidly in those domains.
I read about this when I first discovered GrapheneOS, and it looked like it. And it may be partially correct.
But on the other hand, I have read a lot of "drama" between e.g. /e/OS and GrapheneOS, and more often than not, it looked like GrapheneOS was criticising actual limitations of /e/OS and /e/OS (a mix of the community and official comms) seemed to be the one being unfair.
GrapheneOS generally is pretty direct at saying stuff like "their approach is strictly less secure" or "they are often worse than Stock Android", and I understand that this is not good publicity for Murena. But I am yet to see one of these claims to be wrong: all I can say is that the tone is very direct and could offend the /e/OS people, even if the claims are true.
On the other hand, instead of just acknowledging and trying to explain why /e/OS may be a good choice (e.g. if you happen to own a phone that is not a Pixel and that is well supported by /e/OS), I have seen actually wrong claims from /e/OS against GrapheneOS (sometimes downright technically wrong about security/privacy). And while GrapheneOS is quite exemplary with their support (if your phone is supported, then it's best in class), I have run /e/OS on a couple of phones and I have seen by myself that some of the security updates were 3 years old while the Stock Android was actually up-to-date.
So yeah... I get that it's a sensitive topic, but I feel like there is more a long history of people accusing GrapheneOS of accusing people, and I'm not anymore convinced that this is actually true.
This is likewise my experience. It’s true that Micay is prickly and unwilling to prioritize social grace over technical accuracy, but that’s kind of what I’d like to see for a project like this.
Honestly, this thread has done more to sell me on graphene than anything else. This makes me think its a fully serious and ridigid in its integrity endevour.
There was a post on the GrapheneOS forums a while back, from Micay, claiming that a well-known YouTuber who had backtracked on recommending GrapheneOS (because of Micay's behavior, according to the YouTuber) had probably actually backtracked because the YouTuber was financially involved with a competing project. My initial reaction to the post was, "Oh, I guess this is that paranoia I've heard about with Micay." My thought was reenforced when it was further claimed, in that thread, that the YouTuber was active in a forum well known for online bullying of people they don't like. The whole thing definitely sounded paranoid.
In the thread, though, there was in fact linked paperwork where the YouTuber had registered the company in question, and also links to a verified account on the forums in question (using the YouTuber's real name).
So, yeah, just because you're paranoid, doesn't mean they're not out to get you.
Yeah, I think it's fair to say that Micay knows a million times more about this technical and application space, and the political and business dynamics around it, than most HNers.
And I also believe that he's actually been personally targeted for harassment, from multiple directions, over the years.
So he's learned and earned some... vigilance.
And overall, I suspect that GrapheneOS is much better for the vigilant mindset.
I donated money partly with this in mind.
I don't know whether the project has a PR expert working with them already, but if not, that would be a nice pairing with the very smart and vigilant people on the team.
Most people rather trust some newspaper or magazine instead of investing 10 minutes into researching on their own only to then start sockpuppeting for the conclusions of the author who probably didn't do their due diligence in writing the piece in the first place.
"Sockpuppeting" has connotations that don't apply here, and it's an important term for other pressing purposes, so we don't want to dilute it. Does "parroting" express your intent well enough?
I understand the concerns and anger of GrapheneOS's leadership, but the hyper-escalation tactic doesn't do what they hope:
First, it sends a message of inexperience in business, negotiation, and conflict resolution: 'I'm going to take my ball and leave' - it looks like an emotional overreaction without strategic thinking. These days you sometimes see powerful parties making similar threats - e.g., Uber threatening to leave certain markets. But those people have significant power and their tactic is really to demonstrate that in order to shift their negotiating position; usually they don't actually decamp, and GrapheneOS has relatively little power so that tactic doesn't apply.
As importantly, it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee. Others will take note, and many will think the same of other FOSS projects, large and small - they are easily intimidated and dismissed.
Another reason people don't use these tactics is that they have other important interests besides the one under immediate threat. A requirement of anyone with significant investments that can't be easily abandoned - which is everyone doing anything of value - is to navigate in a way that upholds all those interests. You don't burn down the house to kill a rat. It can be hard and requires careful, deliberate thought and strategy.
One unmentioned interest that might appeal to GrapheneOS's leadership is the freedoms of people in France to create FOSS, and to individual privacy and security.
Exiting France when they feel like the freedoms of their software and their contributors are in danger seems like a perfectly reasonable response.
GrapheneOS is an open source project. They hand out great software for free. They have no obligations to do this. And they certainly have no obligation to try to "negotiate" with obviously hostile governments. They have nothing to gain from this.
> You don't burn down the house to kill a rat.
I don't see how this analogy applies here. France is the house.
This is the second time people responded to a post about GrapheneOS strategy with an argument about obligations. It's hard to even explain how vastly different those issues are. I didn't say anything about GrapheneOS's obligations; I talked about strategy and tactics to serve their goals.
If you do want to talk about obligations - yes, we all have obligations to our communities, societies, etc., whether we like it or not, whether we deny it or not. GrapheneOS has obligations to the open source community, to freedom, to their users and developers, etc. Defining those obligations is very difficult and I won't try, but if none of us have those obligations then who does? There's nobody else coming to the rescue, there is no authority that will take care of it for you (like parents caring for irresponsible children) - it's just you and me.
> I talked about strategy and tactics to serve their goals.
I am skeptical that there is any lesser step that they can take consistent with their goal of an uncompromised OS. Or that France would be satisfied with anything less than access. Security is not a side feature of GrapheneOS that they can compromise on, it's their core mission. It's like telling Frodo to see the sights in Mordor, but stay away from Mount Doom.
This is part of the overreaction I described. Nothing the government of France has said publicly indicates any interest in GOS, beyond one quote from one prosecutor. Has there been any direct communication between someone from the government and GOS regarding this issue?
I get that people are outraged, etc. but it's actually damaging the cause. GOS looks like an unreliable partner.
> it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee.
Somehow I doubt France thinks they "won". What they wanted was a back door into the OS. Not only did they not get that but they lost what little bargaining power they had when gOS left France.
> it sends a message of inexperience in business, negotiation
You don't negotiate with terrorists. Obviously France isn't a terror organization but the point is the same: you don't play their game. You play your own.
> Somehow I doubt France thinks they "won". What they wanted was a back door into the OS.
There is absolutely nothing pointing to France wanting a backdoor in GOS. The only thing we have is one prosecutor quoted in a far right journal saying she wouldn’t hesitate to charge them if they are linked to organised crimes and refuse to cooperate.
When France wants a backdoor in an open source project, they do it like every modern country with an intelligence service, sneakily.
When France wants a backdoor in an open source project, they do it like every modern country with an intelligence service, the borrow either the CIA's or Mossads.
If you want my opinion GrapheneOS isn't on the radar of the French government at all, so they don't think they "won" or "lost". It's kind of a "I don't think about you at all" Mad Men Meme.
It's just a few cops who said "I don't like that we can't crack it", and a journalist who asked the prosecutor who got Durov arrested and she said "well sure if they break the law we could sue them".
The only party that is getting hurt about this whole thing is their French hosting company, OVH, who tried to calm down the situation and talk to explain him that they can still safely use OVH.
GrapheneOS also lost something. Whatever they are shutting down in France has some value, or it wouldn't have existed in the first place. Also they lose access to future opportunities in France.
> self-advertised as uncompromising privacy focused OS
> didn't even compromise even a bit (negotiation is already a compromise) against a country who is notorious for advocating for privacy-invasive policies in recent years
> get lectured by yc high-horse rider on the obligation blah blah, even when by and large this move doesn't materially affect the end-users in any substantial way
I used 4chan style because most of the times 4chan commenters have more sense than yc these days. Many people here do live in glass houses.
I don't know. It's making the news, and if GrapheneOS is the only one protesting this, what are iPhone and Android already complying with? Perhaps I should also switch to GrapheneOS.
And moving your servers out of jurisdictions that threaten them is not hyper-escalation; that's just being responsible.
> It's making the news, and if GrapheneOS is the only one protesting this, what are iPhone and Android already complying with? Perhaps I should also switch to GrapheneOS.
I am genuinely not sure you understand what GrapheneOS is doing here. They were using French servers (OVH) for some infrastucture, and they are moving away from that because they are pissed at France.
They don't make GrapheneOS unavailable to French users, they just change "cloud provider".
There is no negotiation or conflict resolution there: they don't feel safe using a French provider, so they move to a non-French provider, period.
France threatens GrapheneOS with arrests / server seizure for refusing backdoors - https://news.ycombinator.com/item?id=46035977 - Nov 2025 (244 comments)
Recent and related:
France is taking state actions against GrapheneOS? - https://news.ycombinator.com/item?id=45999024 - Nov 2025 (108 comments)
The real issue is that the public wants a right to digital privacy.
The state would not like you to have that because they are lazy and want to be able to look at your messages.
Because they have convinced themselves that messages are a crime.
This is a political problem not a technical one.
Legitimate question, is there any concrete evidence that the majority of the public actually does want this?
It reminds me of Jamie Oliver (I think it was him) showing a group of pupils how Chicken Nuggets are made, in all its brutality; afterwards, when asking them if they would like to eat some nuggets now, guess what they said? "Yeeeeees!"
80% are concerned.
Is it? Why not graphene-os.org? Why not graphene.org? Why not grapheneos.com? Why not grapheneos.io? How do you validate it, really?
Also who REALLY controls that domain in the end? Someone with access to `.org` nameservers. Do you trust that person? What's their name?
Same way you trust/verify that you got Tor Browser from the right domain, and the organization behind it hasn't backdoored it (didn't the tor project recieve government funding?).
That said, there are many forks of the projects DMCA'd still floating around.
No matter your feelings about the creator, I think this was entirely the rational choice.
France is pro-Chat Control. For about a year now there's been an anti-drug trafficking fervor among legislators and government, in which they've pushed for encryption backdoors (separate from Chat Control at the EU level) and recently threatened GrapheneOS. The country is politically unstable so future politics are hard to predict, but anti-encryption politicians stand a good chance of winning the next election. Any rational project would move out.
I disagree about them essentially spreading misinformation about what actually happened. One prosecutor, that probably doesn't even know what GrapheneOS is, making boisterous claims to the press, is not the same as being contacted by the state about adding a backdoors.
Interviewed cop says they'll go after them if they don't cooperate, which would mean a) requesting assistance to law enforcement via means such as backdoors and server seizures and b) resulting in legal steps against the organization and its members by France. Who in their right mind wouldn't take this a threat? After Wikileaks, the Telegram CEO, pushes for chat control and other authoritarian techniques?
Sure, the cop might be a nobody in the grand scheme of things but they're representing a government agency publicly so they're probably not babbling out nonsense in a bar somewhere, being overheard by a reporter.
Yes. Yes they did.
You guys hurt your argument so much by straight up lying so you can feel self righteous anger over it
between Durov and Sir Tim Berners-Lee?
Doubly funny as you seem to be implying Telegram has worthwhile encryption to start with.
In any case, the back door may be more of a Room 641A arrangement where all messages are intercepted by the host government, saving them the trouble of installing sockpuppet accounts in all the chatrooms they want to keep an eye on
Have you not seen what happened to Telegram CEO?
Yes, the intense idealism of the brainwashed and oblivious prompted the realistic Graphene creators to do something themselves instead of waiting for other realistic folks who happen to be few and far between.
Source?
Especially since I guess they do not have the same kind of money and influence to fight it back.
If the GrapheneOS maintainers were being advised by a lawyer, they'd surely know that if French Authorities wanted them arrested and they were standing on a street corner in Stockholm, they could just as easily be picked up by police as if they were in a café in Paris. Making the whole France travel ban just a load of theatrics.
You're contradicting yourself. If "they haven't thought this through" they clearly haven't been paranoid enough but in that case they aren't overreacting, they're under-reacting. They need to transfer development out of the EU, not just out of France. That's one unexpected benefit of Brexit, btw.
I suspect they'd get told to calm down while the lawyer sends a letter to the authorities explaining what they're currently attempting to articulate via social media.
The lead developer seems to have a history of this style of communication in response to any minor critique of himself or GrapheneOS.
There is no contradiction between "being paranoid" and "not being rational".
Oh my mistake, you intentionally put "benefit" and "Brexit" in the same sentence; yes, there's absolutely a contradiction there, well done lad.
My comment wasn't an endorsement of Brexit, UK or EU. I was only thinking that if a quick change to a nearby jurisdiction was needed, the UK would be a place to consider, at least in the short term.
Multiple accounts have said the same thing in this thread, and I'll be honest here: given the Jia Tan situation, it could be true (in the way that he's being pushed by external forces). It could it be character assassination... Or it could be totally valid: idk.
But what I do know is that nobody is providing any citations.
I also know that progress depends on the tyranny of unreasonable people.
Every few months a bad proposal comes out of somewhere in EU. The details of this case don’t matter, the tendency is big government control.
https://www.eff.org/deeplinks/2025/07/canadas-bill-c-2-opens...
Again, that requires a simple parliament majority and courts aren't allowed to really do anything about a law once that clause is invoked. That makes for one of the worst places to be in for something like grapheneOS in the long term. You're just a single election away from a PM like Legault deciding that encryption is against "Canadian values" or something.
(They wouldn't even need that to restrict encryption, but it still makes us unique in the west since it's just a "routine" clause that can be invoked to suspend almost every possible legal challenge against a law outside of any emergency situation or extraordinary circumstance, and is used almost on a yearly basis nowadays )
It is not unique in the West, or even specifically in those parts of the West that share the same head of state as Canada; in fact, Britain itself has a more extreme form of it given Parliamentary sovereignty.
- Energy prices -> nope
- Science and technology -> not anymore plus the brain drain is accelerating
- Business environment and competitive taxes -> nope
Europe still had good living environment, safety, fair privacy and rule of law. But western Europe seems to be dedicated to destroy this too. In the meanwhile a lot of countries elsewhere are progressing rapidly in those domains.
When asked for details, he gets defensive and accusatory, then creates multiple sockpuppet accounts to argue the same points over and over.
But on the other hand, I have read a lot of "drama" between e.g. /e/OS and GrapheneOS, and more often than not, it looked like GrapheneOS was criticising actual limitations of /e/OS and /e/OS (a mix of the community and official comms) seemed to be the one being unfair.
GrapheneOS generally is pretty direct at saying stuff like "their approach is strictly less secure" or "they are often worse than Stock Android", and I understand that this is not good publicity for Murena. But I am yet to see one of these claims to be wrong: all I can say is that the tone is very direct and could offend the /e/OS people, even if the claims are true.
On the other hand, instead of just acknowledging and trying to explain why /e/OS may be a good choice (e.g. if you happen to own a phone that is not a Pixel and that is well supported by /e/OS), I have seen actually wrong claims from /e/OS against GrapheneOS (sometimes downright technically wrong about security/privacy). And while GrapheneOS is quite exemplary with their support (if your phone is supported, then it's best in class), I have run /e/OS on a couple of phones and I have seen by myself that some of the security updates were 3 years old while the Stock Android was actually up-to-date.
So yeah... I get that it's a sensitive topic, but I feel like there is more a long history of people accusing GrapheneOS of accusing people, and I'm not anymore convinced that this is actually true.
There was a post on the GrapheneOS forums a while back, from Micay, claiming that a well-known YouTuber who had backtracked on recommending GrapheneOS (because of Micay's behavior, according to the YouTuber) had probably actually backtracked because the YouTuber was financially involved with a competing project. My initial reaction to the post was, "Oh, I guess this is that paranoia I've heard about with Micay." My thought was reenforced when it was further claimed, in that thread, that the YouTuber was active in a forum well known for online bullying of people they don't like. The whole thing definitely sounded paranoid.
In the thread, though, there was in fact linked paperwork where the YouTuber had registered the company in question, and also links to a verified account on the forums in question (using the YouTuber's real name).
So, yeah, just because you're paranoid, doesn't mean they're not out to get you.
And I also believe that he's actually been personally targeted for harassment, from multiple directions, over the years.
So he's learned and earned some... vigilance.
And overall, I suspect that GrapheneOS is much better for the vigilant mindset.
I donated money partly with this in mind.
I don't know whether the project has a PR expert working with them already, but if not, that would be a nice pairing with the very smart and vigilant people on the team.
First, it sends a message of inexperience in business, negotiation, and conflict resolution: 'I'm going to take my ball and leave' - it looks like an emotional overreaction without strategic thinking. These days you sometimes see powerful parties making similar threats - e.g., Uber threatening to leave certain markets. But those people have significant power and their tactic is really to demonstrate that in order to shift their negotiating position; usually they don't actually decamp, and GrapheneOS has relatively little power so that tactic doesn't apply.
As importantly, it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee. Others will take note, and many will think the same of other FOSS projects, large and small - they are easily intimidated and dismissed.
Another reason people don't use these tactics is that they have other important interests besides the one under immediate threat. A requirement of anyone with significant investments that can't be easily abandoned - which is everyone doing anything of value - is to navigate in a way that upholds all those interests. You don't burn down the house to kill a rat. It can be hard and requires careful, deliberate thought and strategy.
One unmentioned interest that might appeal to GrapheneOS's leadership is the freedoms of people in France to create FOSS, and to individual privacy and security.
GrapheneOS is an open source project. They hand out great software for free. They have no obligations to do this. And they certainly have no obligation to try to "negotiate" with obviously hostile governments. They have nothing to gain from this.
> You don't burn down the house to kill a rat.
I don't see how this analogy applies here. France is the house.
If you do want to talk about obligations - yes, we all have obligations to our communities, societies, etc., whether we like it or not, whether we deny it or not. GrapheneOS has obligations to the open source community, to freedom, to their users and developers, etc. Defining those obligations is very difficult and I won't try, but if none of us have those obligations then who does? There's nobody else coming to the rescue, there is no authority that will take care of it for you (like parents caring for irresponsible children) - it's just you and me.
I am skeptical that there is any lesser step that they can take consistent with their goal of an uncompromised OS. Or that France would be satisfied with anything less than access. Security is not a side feature of GrapheneOS that they can compromise on, it's their core mission. It's like telling Frodo to see the sights in Mordor, but stay away from Mount Doom.
I get that people are outraged, etc. but it's actually damaging the cause. GOS looks like an unreliable partner.
Putting their project or contributors at risk does not serve their goals. You seem to be expecting a lot from a bunch of volunteer contributors.
Somehow I doubt France thinks they "won". What they wanted was a back door into the OS. Not only did they not get that but they lost what little bargaining power they had when gOS left France.
> it sends a message of inexperience in business, negotiation
You don't negotiate with terrorists. Obviously France isn't a terror organization but the point is the same: you don't play their game. You play your own.
Leaving the country is exactly that.
There is absolutely nothing pointing to France wanting a backdoor in GOS. The only thing we have is one prosecutor quoted in a far right journal saying she wouldn’t hesitate to charge them if they are linked to organised crimes and refuse to cooperate.
When France wants a backdoor in an open source project, they do it like every modern country with an intelligence service, sneakily.
It's just a few cops who said "I don't like that we can't crack it", and a journalist who asked the prosecutor who got Durov arrested and she said "well sure if they break the law we could sue them".
The only party that is getting hurt about this whole thing is their French hosting company, OVH, who tried to calm down the situation and talk to explain him that they can still safely use OVH.
https://mastodon.social/@_bapt_/115585566888497543
> didn't even compromise even a bit (negotiation is already a compromise) against a country who is notorious for advocating for privacy-invasive policies in recent years
> get lectured by yc high-horse rider on the obligation blah blah, even when by and large this move doesn't materially affect the end-users in any substantial way
I used 4chan style because most of the times 4chan commenters have more sense than yc these days. Many people here do live in glass houses.
And moving your servers out of jurisdictions that threaten them is not hyper-escalation; that's just being responsible.
That is a (minor) upside, imho.
They don't make GrapheneOS unavailable to French users, they just change "cloud provider".
There is no negotiation or conflict resolution there: they don't feel safe using a French provider, so they move to a non-French provider, period.