This looks hugely blown out of proportion. The project founder has a well documented history of what I would consider a persecution complex. Once again he has provided no substantial evidence. The only thing they provided are some, admittedly borderline libelous, news articles. Unless they provide some more concrete information about these supposed attempts of getting a backdoor installed into the system, I will consider this as just another day of GrapheneOS drama.
The evidence is not "news articles", but the contents of those articles where a high-ranking prosecutor threatened to go after GrapheneOS "if they don't cooperate with the law".
No matter your feelings about the creator, I think this was entirely the rational choice.
France is pro-Chat Control. For about a year now there's been an anti-drug trafficking fervor among legislators and government, in which they've pushed for encryption backdoors (separate from Chat Control at the EU level) and recently threatened GrapheneOS. The country is politically unstable so future politics are hard to predict, but anti-encryption politicians stand a good chance of winning the next election. Any rational project would move out.
Multiple accounts have said the same thing in this thread, and I'll be honest here: given the Jia Tan situation, it could be true (in the way that he's being pushed by external forces). It could it be character assassination... Or it could be totally valid: idk.
But what I do know is that nobody is providing any citations.
I also know that progress depends on the tyranny of unreasonable people.
They should consider making their primary site a .onion and then have clear-web portals in many countries that serve as a secondary class site or cache. The physical location of the primary site should be unknown.
It's a sad fact that there's just no way for GrapheneOS to win this fight. The intelligence agencies of every world government are on one side, and a relatively poor organization that produces less restricted cell phone software is on the other.
How does this increase security? The actual code is distributed over github and is digitally signed. Same goes for the installers/updates. Attempts to replace the contents would be easily detected, and would won't do much, aside from maybe compromising someone installing in that short time frame. Moreover darknet sites have an identity problem. It's easy to validate that "grapheneos.org" is the official site, not least because there's no grapheneos.com or similar. If you're using a hidden service you'll get an address like graphenenlhxh74dsi1kk1k8se0wutcc2v4f7bnohqe8zxbkfk8z3wp8.onion. How do you know whether that's the official site, or graphenenlhxr1uvl0i8oiuzx587fpgcesik0apij5axd1a0xbdvj5eg.onion?
Was there "concrete evidence" that "the majority of Europeans wanted" the rights granted to them under the GDPR
If we examine each of the rights that the public possesses, perhaps many of them would be unfamiliar or unknown to a majority of the public
Is it reasonable to imply that for each and every one of those rights there is "concrete evidence" that "a majority of the public" wants them, even when they are not familiar with them or do not know of their existence
It's amazing to me that everyone even slightly disliked by the ruling class isn't doing this. Like remember when Nintendo took down a bunch of Switch emulators... from GitHub? Why were they primarily on GitHub?
I'd like to understand the facts: What has government in France actually done in regard to GOS? All I've seen is one comment from one prosecutor, quoted in a news article, though certainly I could have missed much more:
Has any government agency or representative in France said anything else? Taken any actions? Contacted GOS directly?
It's kinda ironic that they posted this on X. If they really care about privacy and freedom, why are they still active on X, a platform run by an insane person?
this is all fluff and noise, as we are on the threshold of space based servers, complying with the laws of convienient country next, owned by company overthere, leased to a "guy in taiwan", maybe
I read about this when I first discovered GrapheneOS, and it looked like it. And it may be partially correct.
But on the other hand, I have read a lot of "drama" between e.g. /e/OS and GrapheneOS, and more often than not, it looked like GrapheneOS was criticising actual limitations of /e/OS and /e/OS (a mix of the community and official comms) seemed to be the one being unfair.
GrapheneOS generally is pretty direct at saying stuff like "their approach is strictly less secure" or "they are often worse than Stock Android", and I understand that this is not good publicity for Murena. But I am yet to see one of these claims to be wrong: all I can say is that the tone is very direct and could offend the /e/OS people, even if the claims are true.
On the other hand, instead of just acknowledging and trying to explain why /e/OS may be a good choice (e.g. if you happen to own a phone that is not a Pixel and that is well supported by /e/OS), I have seen actually wrong claims from /e/OS against GrapheneOS (sometimes downright technically wrong about security/privacy). And while GrapheneOS is quite exemplary with their support (if your phone is supported, then it's best in class), I have run /e/OS on a couple of phones and I have seen by myself that some of the security updates were 3 years old while the Stock Android was actually up-to-date.
So yeah... I get that it's a sensitive topic, but I feel like there is more a long history of people accusing GrapheneOS of accusing people, and I'm not anymore convinced that this is actually true.
Here is the problem France and Europe need to be somehow attractive in the world today:
- Energy prices -> nope
- Science and technology -> not anymore plus the brain drain is accelerating
- Business environment and competitive taxes -> nope
Europe still had good living environment, safety, fair privacy and rule of law. But western Europe seems to be dedicated to destroy this too. In the meanwhile a lot of countries elsewhere are progressing rapidly in those domains.
” In Canada and the US, refusing to provide a PIN/password is protected as part of the right to avoid incriminating yourself. In France, they've criminalized this part of the right to remain silent.”
I understand the concerns and anger of GrapheneOS's leadership, but the hyper-escalation tactic doesn't do what they hope:
First, it sends a message of inexperience in business, negotiation, and conflict resolution: 'I'm going to take my ball and leave' - it looks like an emotional overreaction without strategic thinking. These days you sometimes see powerful parties making similar threats - e.g., Uber threatening to leave certain markets. But those people have significant power and their tactic is really to demonstrate that in order to shift their negotiating position; usually they don't actually decamp, and GrapheneOS has relatively little power so that tactic doesn't apply.
As importantly, it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee. Others will take note, and many will think the same of other FOSS projects, large and small - they are easily intimidated and dismissed.
Another reason people don't use these tactics is that they have other important interests besides the one under immediate threat. A requirement of anyone with significant investments that can't be easily abandoned - which is everyone doing anything of value - is to navigate in a way that upholds all those interests. You don't burn down the house to kill a rat. It can be hard and requires careful, deliberate thought and strategy.
One unmentioned interest that might appeal to GrapheneOS's leadership is the freedoms of people in France to create FOSS, and to individual privacy and security.
Exiting France when they feel like the freedoms of their software and their contributors are in danger seems like a perfectly reasonable response.
GrapheneOS is an open source project. They hand out great software for free. They have no obligations to do this. And they certainly have no obligation to try to "negotiate" with obviously hostile governments. They have nothing to gain from this.
> You don't burn down the house to kill a rat.
I don't see how this analogy applies here. France is the house.
> it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee.
Somehow I doubt France thinks they "won". What they wanted was a back door into the OS. Not only did they not get that but they lost what little bargaining power they had when gOS left France.
> it sends a message of inexperience in business, negotiation
You don't negotiate with terrorists. Obviously France isn't a terror organization but the point is the same: you don't play their game. You play your own.
> self-advertised as uncompromising privacy focused OS
> didn't even compromise even a bit (negotiation is already a compromise) against a country who is notorious for advocating for privacy-invasive policies in recent years
> get lectured by yc high-horse rider on the obligation blah blah, even when by and large this move doesn't materially affect the end-users in any substantial way
I used 4chan style because most of the times 4chan commenters have more sense than yc these days. Many people here do live in glass houses.
I don't know. It's making the news, and if GrapheneOS is the only one protesting this, what are iPhone and Android already complying with? Perhaps I should also switch to GrapheneOS.
And moving your servers out of jurisdictions that threaten them is not hyper-escalation; that's just being responsible.
I am genuinely not sure you understand what GrapheneOS is doing here. They were using French servers (OVH) for some infrastucture, and they are moving away from that because they are pissed at France.
They don't make GrapheneOS unavailable to French users, they just change "cloud provider".
There is no negotiation or conflict resolution there: they don't feel safe using a French provider, so they move to a non-French provider, period.
[+] [-] dang|3 months ago|reply
France threatens GrapheneOS with arrests / server seizure for refusing backdoors - https://news.ycombinator.com/item?id=46035977 - Nov 2025 (244 comments)
Recent and related:
France is taking state actions against GrapheneOS? - https://news.ycombinator.com/item?id=45999024 - Nov 2025 (108 comments)
[+] [-] Lariscus|3 months ago|reply
[+] [-] concinds|3 months ago|reply
No matter your feelings about the creator, I think this was entirely the rational choice.
France is pro-Chat Control. For about a year now there's been an anti-drug trafficking fervor among legislators and government, in which they've pushed for encryption backdoors (separate from Chat Control at the EU level) and recently threatened GrapheneOS. The country is politically unstable so future politics are hard to predict, but anti-encryption politicians stand a good chance of winning the next election. Any rational project would move out.
[+] [-] aunty_helen|3 months ago|reply
[+] [-] gruez|3 months ago|reply
Source?
[+] [-] ls612|3 months ago|reply
[+] [-] sunshine-o|3 months ago|reply
Especially since I guess they do not have the same kind of money and influence to fight it back.
[+] [-] unknown|3 months ago|reply
[deleted]
[+] [-] yownie|3 months ago|reply
[+] [-] dijit|3 months ago|reply
Multiple accounts have said the same thing in this thread, and I'll be honest here: given the Jia Tan situation, it could be true (in the way that he's being pushed by external forces). It could it be character assassination... Or it could be totally valid: idk.
But what I do know is that nobody is providing any citations.
I also know that progress depends on the tyranny of unreasonable people.
[+] [-] Bender|3 months ago|reply
[+] [-] hacker_homie|3 months ago|reply
The real issue is that the public wants a right to digital privacy.
The state would not like you to have that because they are lazy and want to be able to look at your messages.
Because they have convinced themselves that messages are a crime.
This is a political problem not a technical one.
[+] [-] anonymousiam|3 months ago|reply
[+] [-] gruez|3 months ago|reply
[+] [-] 1vuio0pswjnm7|3 months ago|reply
https://allaboutcookies.org/ad-blocker-adoption
"Majority of Americans now use ad blockers"
https://www.theregister.com/2024/03/27/america_ad_blocker/
Was there "concrete evidence" that "the majority of Europeans wanted" the rights granted to them under the GDPR
If we examine each of the rights that the public possesses, perhaps many of them would be unfamiliar or unknown to a majority of the public
Is it reasonable to imply that for each and every one of those rights there is "concrete evidence" that "a majority of the public" wants them, even when they are not familiar with them or do not know of their existence
[+] [-] immibis|3 months ago|reply
[+] [-] aborsy|3 months ago|reply
Every few months a bad proposal comes out of somewhere in EU. The details of this case don’t matter, the tendency is big government control.
[+] [-] mmooss|3 months ago|reply
Has any government agency or representative in France said anything else? Taken any actions? Contacted GOS directly?
[+] [-] amatecha|3 months ago|reply
[+] [-] d4rkn0d3z|3 months ago|reply
[+] [-] unknown|3 months ago|reply
[deleted]
[+] [-] d3Xt3r|3 months ago|reply
[+] [-] metalman|3 months ago|reply
[+] [-] ranger_danger|3 months ago|reply
When asked for details, he gets defensive and accusatory, then creates multiple sockpuppet accounts to argue the same points over and over.
[+] [-] palata|3 months ago|reply
But on the other hand, I have read a lot of "drama" between e.g. /e/OS and GrapheneOS, and more often than not, it looked like GrapheneOS was criticising actual limitations of /e/OS and /e/OS (a mix of the community and official comms) seemed to be the one being unfair.
GrapheneOS generally is pretty direct at saying stuff like "their approach is strictly less secure" or "they are often worse than Stock Android", and I understand that this is not good publicity for Murena. But I am yet to see one of these claims to be wrong: all I can say is that the tone is very direct and could offend the /e/OS people, even if the claims are true.
On the other hand, instead of just acknowledging and trying to explain why /e/OS may be a good choice (e.g. if you happen to own a phone that is not a Pixel and that is well supported by /e/OS), I have seen actually wrong claims from /e/OS against GrapheneOS (sometimes downright technically wrong about security/privacy). And while GrapheneOS is quite exemplary with their support (if your phone is supported, then it's best in class), I have run /e/OS on a couple of phones and I have seen by myself that some of the security updates were 3 years old while the Stock Android was actually up-to-date.
So yeah... I get that it's a sensitive topic, but I feel like there is more a long history of people accusing GrapheneOS of accusing people, and I'm not anymore convinced that this is actually true.
[+] [-] neilv|3 months ago|reply
[+] [-] rixed|3 months ago|reply
[+] [-] outside1234|3 months ago|reply
[+] [-] jMyles|3 months ago|reply
[+] [-] bedros|3 months ago|reply
[+] [-] sunshine-o|3 months ago|reply
- Energy prices -> nope
- Science and technology -> not anymore plus the brain drain is accelerating
- Business environment and competitive taxes -> nope
Europe still had good living environment, safety, fair privacy and rule of law. But western Europe seems to be dedicated to destroy this too. In the meanwhile a lot of countries elsewhere are progressing rapidly in those domains.
[+] [-] andsoitis|3 months ago|reply
[+] [-] ChrisArchitect|3 months ago|reply
[+] [-] unknown|3 months ago|reply
[deleted]
[+] [-] mmooss|3 months ago|reply
First, it sends a message of inexperience in business, negotiation, and conflict resolution: 'I'm going to take my ball and leave' - it looks like an emotional overreaction without strategic thinking. These days you sometimes see powerful parties making similar threats - e.g., Uber threatening to leave certain markets. But those people have significant power and their tactic is really to demonstrate that in order to shift their negotiating position; usually they don't actually decamp, and GrapheneOS has relatively little power so that tactic doesn't apply.
As importantly, it sends the message that GrapheneOS can be pushed around and manipulated: A slight hint of a threat and they flee. Others will take note, and many will think the same of other FOSS projects, large and small - they are easily intimidated and dismissed.
Another reason people don't use these tactics is that they have other important interests besides the one under immediate threat. A requirement of anyone with significant investments that can't be easily abandoned - which is everyone doing anything of value - is to navigate in a way that upholds all those interests. You don't burn down the house to kill a rat. It can be hard and requires careful, deliberate thought and strategy.
One unmentioned interest that might appeal to GrapheneOS's leadership is the freedoms of people in France to create FOSS, and to individual privacy and security.
[+] [-] elric|3 months ago|reply
GrapheneOS is an open source project. They hand out great software for free. They have no obligations to do this. And they certainly have no obligation to try to "negotiate" with obviously hostile governments. They have nothing to gain from this.
> You don't burn down the house to kill a rat.
I don't see how this analogy applies here. France is the house.
[+] [-] fooqux|3 months ago|reply
Somehow I doubt France thinks they "won". What they wanted was a back door into the OS. Not only did they not get that but they lost what little bargaining power they had when gOS left France.
> it sends a message of inexperience in business, negotiation
You don't negotiate with terrorists. Obviously France isn't a terror organization but the point is the same: you don't play their game. You play your own.
Leaving the country is exactly that.
[+] [-] anvuong|3 months ago|reply
> didn't even compromise even a bit (negotiation is already a compromise) against a country who is notorious for advocating for privacy-invasive policies in recent years
> get lectured by yc high-horse rider on the obligation blah blah, even when by and large this move doesn't materially affect the end-users in any substantial way
I used 4chan style because most of the times 4chan commenters have more sense than yc these days. Many people here do live in glass houses.
[+] [-] mcv|3 months ago|reply
And moving your servers out of jurisdictions that threaten them is not hyper-escalation; that's just being responsible.
[+] [-] palata|3 months ago|reply
They don't make GrapheneOS unavailable to French users, they just change "cloud provider".
There is no negotiation or conflict resolution there: they don't feel safe using a French provider, so they move to a non-French provider, period.
[+] [-] Klonoar|3 months ago|reply
[+] [-] mightysashiman|3 months ago|reply
[+] [-] t3rra|3 months ago|reply