Since 2022 (afaik) GrapheneOS and its devs’ blogs have been distributing disinformative FUD campaigns against F-Droid, Firefox, Linux and even uBlock Origin, and they promoted accrescent.app and Chromium for years.
They spammed developers to upload their apps to accrescent.app. https://gitlab.com/ironfox-oss/IronFox/-/issues/7
- here is one of there spam account
- this account copy-pasted this same text in 9 popular open-source project within just 1 hour
Have you considered or are you planning on putting your app on Accrescent (app store focused on security, privacy, and usability)
Accrescent is a private and secure Android app store built with modern features in mind.
It was just endorsed by GrapheneOS (considered by many to be the most private and secure mobile operating). GrapheneOS also now has accrescent in their app store.
Right now there is only 9 apps on it. So any new apps added get great installation opportunities from the privacy and security minded community.
Anyway, I really like your app, and would love to see it on Accrescent because it's so easy to install and update apps compared with f-droid, plus much more secure!
Thank you for taking the time to read this. I'm a security and privacy conscious individual, not associated with Accrescent or GrapheneOS (though I use them both).
Xoxo Olivia
- here is the screenshot
They created many blogs with different domains:
- https://madaidans-insecurities.github.io/guides/linux-hardening.html
- https://privsec.dev/posts/linux/linux-insecurities
- https://privsec.dev/posts/android/choosing-your-android-based-operating-system/
- https://madaidans-insecurities.github.io/linux.html
- https://madaidans-insecurities.github.io/android.html
- https://madaidans-insecurities.github.io/firefox-chromium.html
- https://simpleprivacy.fr/basiques/smartphones/
Suspicious GitHub accounts:
- https://github.com/qua3k (madaidans webdev graphaneos ex-dev)
- https://github.com/RKNF404 (secureblue maintainer)
- https://github.com/d4rklynk (simpleprivacy.fr owner)
- https://github.com/Wonderfall/ (privsec.dev side account)
- https://github.com/Ganwtrs (graphaneos dev, privsec dev)
- https://github.com/TommyTran732 (privsec.dev co-owner, grapheneos ex-dev, privacyguides ex-dev, secureblue maintainer)
- https://github.com/akc3n (privsec.dev co-owner and graphaneos member and employer)
- https://github.com/thestinger (grapheneos founder)
https://wonderfall.space/marches-android-alternatifs/
(Translated from French)
I’ve never shied away from expressing my doubts about F-Droid https://privsec.dev/posts/android/f-droid-security-issues/ (I’m mainly referring to its official repository here).
Here they admit privsec.dev is theirs.
and privsec.dev authors are akc3n and TommyTran732
Also, here is a second proof that https://madaidans-insecurities.github.io/ is owned by the same person/group:
also
- https://madaidans-insecurities.github.io/android.html
- https://privsec.dev/posts/android/android-tips/
As you can see, they distribute FUD across many different domains (these are just my findings).
Also, I find that https://discuss.privacyguides.net/t/f-droid-foss-android-app-store/13650 and https://www.privacyguides.org/en/os/linux-overview/ privacyguides team are referencing this BS “research.”
Here is good example how this referance loop create a big problem
Someone write a github issue on secureblue about they want to keep firefox and look at the answer
Thanks for your comments. I'll respond to them individually:
> Please note that Madaidans Article is now pretty old. Many issues still persist, but 3 or so of the linked ones where closed 5mo ago, due to being solved.
Regardless, that article is not the only reference point here. See also the grapheneos article https://grapheneos.org/usage#web-browsing
This project will not switch to firefox unless/until GrapheneOS does.
Do you see the problem? That says that article is not the only referance also reference grapheneos but grepheneos article is the main source of madaidan"s
For the public record, please do not trust anyone who references this disinformation.
Also in lemmy we have at least 1 of their troll @dnzm@lemmy.ml I’m really sorry awkly when I paste this URL https://lemmy.zip/u/Stilic@lemmy.ml Lemmy’s autocomple converted this and thanks @LytiaNP@lemmy.today for warning
please ban this troll and investigate if there is other trolls, we don’t want trolls in fediverse
- Edit: added proof for spam claim, both source account and screenshot (btw this is just one account I find there could be more)
- Edit: every link I referanced also has archive.org snapshots
- Edit: fixed markdown formatting Edit: added akc3n (privsec.dev co-owner and GraphaneOS employer) and qua3k and added info about RKNF404 and Ganwtrs
- Edit: added secureblue example
- Edit: added more information about spam
- Edit: I’m sorry for wrong lemmy user link
- Edit: removed debunked word in title for clarify
Maybe I’m just not understanding, but most of this seems very conspiratory. I’m happy to be wrong, but this post tastes like a giant nothing burger.
First, the “spamming” seems to be about not uploading their own apps to F-Droid, which is a fair concern given a lot of the apps’ permissions. F-Droid is slow when it comes to app updates, for better or for worse, and so hosting something like a PDF viewer puts the user at unnecessary risk.
Second, there is zero proof behind the blogs. Same with the “Suspicious GitHub accounts”. Sure they post the same stuff, but that could be literally anyone. Additionally, for the android recommendations, they recommend more projects than just GrapheneOS, something Daniel Micay would likely never do given his stance on everything.
Third, and finally, the account you linked as a troll seems to be just a random dude. From a pretty brief look over of their profile, they don’t even use Lemmy anymore, and haven’t made any troll posts. On Lemmy a user doesn’t really get “banned” anyhow. The instance hosting their account (lemmy.ml) can ban them, but nothing stops them from hosting on an instance that refuses to ban trolls (such as lemmy.ml).
I don’t think you read my post or look at this links, until then I don’t care what you’re saying
I’m familiar with some of the names on that list and I think you’re confusing people with overlapping opinions with any kind of coordinated campaign. For as I can tell, there is not one. There is some accusation-flinging that’s happened behind the scenes, ironically, one prominent developer in the Graphene camp who has made baseless accusations against others, also confusing his enemies of conspiring against Graphene.
I’d urge you to take a step back and not be so hasty with your conclusions. Are the security blogs wrong? Perhaps. I think you can make a great case for that. Is there conspiracy? I don’t think so.
Okay, maybe not all the people on the list are bad. Some people might just think the same way. But what they do is still a problem.
For example, one person named “Olivia” sent the same message to nine projects. She sent them all in one hour. This looks like a plan, not just what she thinks.
Also, their websites all connect to each other. This makes their ideas look true. It makes other projects confused.
It might not be a big secret plan. But they are working together. They want to share wrong ideas about Firefox and F-Droid. They want people to use Accrescent and Chromium instead.
Who owns the spammy github account(s?)? Just because they endorse GOS doesn’t make them associated with the project.
I did read your post, it has zero mention of how the websites belong to the GrapheneOS devs.
You also still have not provided any proof that the random lemmy account you linked (which has been inactive for 3 years) is a troll, though that’s besides the point.
you’re right I put wrong user link on post I’m sorry and I explained the reason (still I don’t know why this happened)
and I updated post now it’s clearer;