@Fritange France is taking state actions against GrapheneOS. They’re conflating us with companies which they’ve previously gone after and taken over their servers. We aren’t vulnerable to being attacked in the same way but we still don’t want accesses to our website/network services being logged or our website being hijacked. France isn’t a safe country for GrapheneOS to operate in anymore and we’re going to be protecting the project and our users by avoiding the country completely now.
From the official GrapheneOS Mastodon account.
Seems like western nations are incredibly reliant on the little supercomputer in your pocket that monitors and reports all your activity, which would be concerning, but thankfully western nations believe in freedom and aren’t a totalitarian fascist authoritarian 1984 hellscape. Unlike China who will send a mobile execution squad to your home if you save a winnie the pooh jpg on your phone. In fact I think it should be illegal to not have a smartphone on you at all times, and that it should be rigged to explode if you criticize Israel, otherwise the freedom haters will win.
It’s incredible how reactionary a lot of tech journalists are.
Is this a new thing? I feel like stuff like user privacy rights used to be pretty widely understood by tech journalists.
consent is being manufactured in real time. we’re to only interact in algorithmically mediated walled gardens and won’t we feel so safe then
I feel like there’s a “generational” divide in tech journalism. The old school were basically bloggers with good writing skills who understood (at least on a layperson level) the technology they wrote about. New tech journalism seems like business journalism by J-school grads whose familiarity with technology is limited to tech company press releases.
Looking at that specific authors blog, it looks like he is approaching cyber security less from a technology and more from a true crime angle. At least in the headlines.
Bastion of democracy in action
Not feeling great about the future of the whole https://eurostack.eu/ thing
The Industry Initiative conceives the required effort as one where industry needs to lead the way. Not a path charted by academics, think tanks and civil society, nor a “top down” plan from the bureaucracy with allocation of European taxpayer funds in ways that do not directly respond to the actual concrete needs of customers and do not involve commercial-grade products (but research and prototypes).
Did you ever?
Yeah no, not really.
France is really taking the piss lately.
I’m late in learning this but last year the French courts ruled in favour of some French media company and issued orders to the major DNS operators to block access to some piracy sites.
Cisco who run OpenDNS (did you know that? I didn’t. Ew. They bought OpenDNS in 2015 for over $600 million in cash) opted to block connections from France.
Google and Cloudflare, presumably, complied in blocking access to the listed sites when the DNS queries originate in France. No expectation of privacy from them anyway so meh.
Quad9 had to apply the French block list to the whole world because (apparently) the same Swiss law that protects their users from IP logging would also protect them from being geo located to apply the block list. So rather than leave France, Quad9 blocked the required list of sites from all users of their DNS. They said they’d appeal it but I dunno how far that’s gone, probably not very.
https://quad9.net/news/press/quad9-faces-new-dns-censorship-legal-challenge-in-france-from-canal/
also lol dns level blocking to stop piracy
Thanks for the list of trackers and streaming sites tho, Canal+
Edit: ewww it’s all just sports streaming sites. All this for sports.
who would even want to visit these. The mind boggles.
A more recent blog post from Quad9 regarding all that shit:
https://quad9.net/news/blog/when-enforcing-copyright-starts-breaking-the-internets-plumbing/
Feels like the funnel is getting narrower.
Narrower than Hank’s urethra
Can’t wait for France to usurp Hexbear as well.
iirc hexbear is actually hosted in france
My “france is taking action against grapheneos” shirt is raising a lot of questions answered by my “France is taking action against grapheneos” shirt.
Wouldn’t it be really easy to just make a clone of GrapheneOS with a different name, and keep operating by distributing it faster than the state could react to it?
This might be a dumb question, I am not a dev.
An important aspect of software distributions (ranging from Linux distros to smartphone OSes to software development package repositories) is trust. I trust that the infrastructure hosted at gentoo.org is operated by the Gentoo Foundation. I trust that they trust the various repo mirrors listed there (either way, their authenticity can be verified). I know which IRC channels I can drop into, or where I can send an email to speak with them. From their website, I can verify that they are in control of those IRC channels, and I can obtain the public keys of various project members to verify any email I recieve from them is legitimate (and to encrypt my messages to them, should that be necessary). This is the foundation of an entire network of trust which prevents people from (convincingly) impersonating project contributors, or being able to distribute compromised packages or builds claiming them to be genuine.
Likewise, GrapheneOS has a reputation based in large part on their project infrastructure. It’s not just that the users know what they’re getting, but they know who they are getting it from. That they don’t have to worry about people impersonating the project or its contributors on official channels. When infrastructure like this fractures, this reputation evaporates. Trust breaks down. Sure, the mechanisms will still work if you swap out one URL for another, but you no longer know who is in control of what, where your packages are coming from, who’s reviewing them, who’s signing off on them, etc. If I want to install GrapheneOS, I would want to download it directly from the GrapheneOS project. An “archived” copy of the latest image for my device found on ThePirateBay is not a suitable replacement. If some other organization with no history shows up claiming to be the successor to the now (hypothetically) defunct GrapheneOS project, that’s hardly better.
There are other mechanisms like public key cryptography which can be (and are) used to establish the authenticity of a distribution, but there is a chicken and egg problem. Where do you obtain the public keys used to verify authenticity in the first place? Especially when there is no longer a canonical home for an organization and the infrastructure is constantly changing. It makes everything more confusing, unreliable, and risky. Developers and power-users will already have the public keys of important community members and project infrastructure, but for newcomers the whole thing becomes a lot more sketchy.
The GrapheneOS project appears to be taking reasonable precautions to ensure they remain in control of their infrastructure. It may be an exceptionally cautious measure, but that is supposed to be their raison d’être.
If i had a dns service , any .gov or equalent now have a surcharge fee of 1 million a year if they want to be discovered.
