Since 2022 (afaik) GrapheneOS and its devs’ blogs have been distributing disinformative FUD campaigns against F-Droid, Firefox, Linux and even uBlock Origin, and they promoted accrescent.app and Chromium for years.
They spammed developers to upload their apps to accrescent.app. https://gitlab.com/ironfox-oss/IronFox/-/issues/7
- here is one of there spam account
- this account copy-pasted this same text in 9 popular open-source project within just 1 hour
Have you considered or are you planning on putting your app on Accrescent (app store focused on security, privacy, and usability)
Accrescent is a private and secure Android app store built with modern features in mind.
It was just endorsed by GrapheneOS (considered by many to be the most private and secure mobile operating). GrapheneOS also now has accrescent in their app store.
Right now there is only 9 apps on it. So any new apps added get great installation opportunities from the privacy and security minded community.
Anyway, I really like your app, and would love to see it on Accrescent because it's so easy to install and update apps compared with f-droid, plus much more secure!
Thank you for taking the time to read this. I'm a security and privacy conscious individual, not associated with Accrescent or GrapheneOS (though I use them both).
Xoxo Olivia
- here is the screenshot
They created many blogs with different domains:
- https://madaidans-insecurities.github.io/guides/linux-hardening.html
- https://privsec.dev/posts/linux/linux-insecurities
- https://privsec.dev/posts/android/choosing-your-android-based-operating-system/
- https://madaidans-insecurities.github.io/linux.html
- https://madaidans-insecurities.github.io/android.html
- https://madaidans-insecurities.github.io/firefox-chromium.html
- https://simpleprivacy.fr/basiques/smartphones/
Suspicious GitHub accounts:
- https://github.com/qua3k (madaidans webdev graphaneos ex-dev)
- https://github.com/RKNF404 (secureblue maintainer)
- https://github.com/d4rklynk (simpleprivacy.fr owner)
- https://github.com/Wonderfall/ (privsec.dev side account)
- https://github.com/Ganwtrs (graphaneos dev, privsec dev)
- https://github.com/TommyTran732 (privsec.dev co-owner, grapheneos ex-dev, privacyguides ex-dev, secureblue maintainer)
- https://github.com/akc3n (privsec.dev co-owner and graphaneos member and employer)
- https://github.com/thestinger (grapheneos founder)
https://wonderfall.space/marches-android-alternatifs/
(Translated from French)
I’ve never shied away from expressing my doubts about F-Droid https://privsec.dev/posts/android/f-droid-security-issues/ (I’m mainly referring to its official repository here).
Here they admit privsec.dev is theirs.
and privsec.dev authors are akc3n and TommyTran732
Also, here is a second proof that https://madaidans-insecurities.github.io/ is owned by the same person/group:
also
- https://madaidans-insecurities.github.io/android.html
- https://privsec.dev/posts/android/android-tips/
As you can see, they distribute FUD across many different domains (these are just my findings).
Also, I find that https://discuss.privacyguides.net/t/f-droid-foss-android-app-store/13650 and https://www.privacyguides.org/en/os/linux-overview/ privacyguides team are referencing this BS “research.”
Here is good example how this referance loop create a big problem
Someone write a github issue on secureblue about they want to keep firefox and look at the answer
Thanks for your comments. I'll respond to them individually:
> Please note that Madaidans Article is now pretty old. Many issues still persist, but 3 or so of the linked ones where closed 5mo ago, due to being solved.
Regardless, that article is not the only reference point here. See also the grapheneos article https://grapheneos.org/usage#web-browsing
This project will not switch to firefox unless/until GrapheneOS does.
Do you see the problem? That says that article is not the only referance also reference grapheneos but grepheneos article is the main source of madaidan"s
For the public record, please do not trust anyone who references this disinformation.
Also in lemmy we have at least 1 of their troll @dnzm@lemmy.ml I’m really sorry awkly when I paste this URL https://lemmy.zip/u/Stilic@lemmy.ml Lemmy’s autocomple converted this and thanks @LytiaNP@lemmy.today for warning
please ban this troll and investigate if there is other trolls, we don’t want trolls in fediverse
- Edit: added proof for spam claim, both source account and screenshot (btw this is just one account I find there could be more)
- Edit: every link I referanced also has archive.org snapshots
- Edit: fixed markdown formatting Edit: added akc3n (privsec.dev co-owner and GraphaneOS employer) and qua3k and added info about RKNF404 and Ganwtrs
- Edit: added secureblue example
- Edit: added more information about spam
- Edit: I’m sorry for wrong lemmy user link
- Edit: removed debunked word in title for clarify
So, if I’m getting this right, OP is claiming that GrapheneOS are running some sort of campaign against other open-source projects (projects which they actually do recommend against, but for actually verifiable reasons), then proceeds to show what could very well be a random person just wanting some projects they like to release their apps on Accrescent, then OP links 3 random privsec blogs and claims they’re part of this coordinated attack just because they share the same, verifiable information, and then proceeds to link to a bunch of GitHub accounts that are directly related in some way to these blogs or GrapheneOS itself as if that somehow proves anything, mixing this list with some other random GitHub accounts without giving any reasoning as to why?
And OP is not even attacking the information itself and explaining to us why it’s “BS”, rather they’re just attacking the people spreading it and claiming they’re all connected. And just in case, no, something being open-source does not mean you can just ignore any of its structural security flaws.
Pretty much the only decent takeaway from this post is that the person running wonderfall.space is supposedly the same person running privsec.dev. I don’t know any french but, in this text:
Atleast in the parentheses, je parlerai seems to be future tense (so they meant the section, not the article they linked to, as this post’s translation implies). The rest is still kinda weirdly phrased though and it could imply that they run it too depending on how you see it but I’d find it weirder for them to just, straight up admit to doing that.
With all this I might be missing something, idk dude.
you’re right I should be more clear but,
Because I’m not a security expert but I do know that promoting the same thing on different-look websites that belong to the same group is not something we should allow
also I updated the post with explanations of that github accounts and more detail