Skip to content(if available)orjump to list(if available)

GrapheneOS and Forensic Extraction of Data (2024)

GrapheneOS and Forensic Extraction of Data (2024)

23 comments

·September 11, 2025
Visit

p0w3n3d

There is no such thing like "bad government" and "good government". I mean - it really depends on people's views, therefore we must not blissfully put our data into govt hands because "they will protect us from terrorists and child rapists". What they will do, actually, is that for sure they will abuse innocent citizens at some point of time. They will. Even if they don't, they will. Or maybe they are doing it right now and they need more control to make it easier

marcofloriano

No. When the government fails to delivery what people need (not necessarily wants), you have a bad government. When gangs and bandits (or drugs, or diseases, or whatever) takes on the street, it's not about people's view, it's just bad stuff that the government need to address or there's no point on having a government.

jbstack

Aside from the fact that there's a subjective definition problem here (how do we decide what people "need"?), I think this an unrealistic view. By this definition, every government that has ever existed or ever will exist is a "bad" government because no government can ever tackle every single problem 100% of the time. Many problems are extremely difficult to solve (e.g. global warming), and others simply cannot be solved without creating other problems.

For example, people "need" access to healthcare, but there's essentially an unlimited amount of money you could spend to keep improving healthcare (e.g. opting for increasingly expensive treatments with diminishing returns on health outcomes). The more money you allocate to healthcare, the less you have available to spend on other things that people "need". Sure, you can tax more up to a point, but eventually that tap runs dry and you're forced to reallocate existing resources.

As another example, people "need" criminals to be punished in order to be able to live in a safe a crime-free society. People also "need" to not be put in prison when they are innocent. But you can never be 100% sure that a convicted criminal actually committed the crime. Locking up criminals implies by necessity that you will also lock up some innocent people. No government can solve both of these problems simultaneously which means they are all "bad".

Even the most competent "good" government ultimately has to select among which "bad" things it is going to allow to continue and which it will solve.

pona-a

The 50s~70s are idealized by many as an American golden age, despite higher reported crime. Law enforcement back then did not have AI-powered surveillance camera networks, widely deployed IMEI stingrays, private data-brokers, or the ability to remotely activate any phone's microphone with 0-click RCE.

crumpled

What's the 0-click RCE thing?

__MatrixMan__

Agreed. There are problems that governments solve and if a government can't solve them it's a bad one.

Maybe consensus shifts (or goes away) about which problems are the domain of government, buy ultimately it's about efficacy against those. The rest is a distraction.

Rygian

> therefore we must not blissfully put our data into govt hands

Extending this reasoning, we should not blissfully put our data into anyone's hands.

Government mission at least have a veneer of public servants, as opposed to private hands whose only real motivation is fiduciary obligations towards the shareholders.

squigz

I think this sort of thinking is symptomatic of something very problematic: that if a government doesn't align with your views, it's a bad one. We've forgotten that, in order for a civilization to survive, with many, many viewpoints, we must compromise sometimes.

IlikeKitties

> There is no such thing like "bad government" and "good government".

Of course there is, compare the government of Finland to that of North Korea. Just because there are shades of grey and human institutions are generally susceptible to corruption greed an power politics doesn't mean there aren't governments that are different not only in degree but in kind.

Thorrez

[2024]

And it looks like this is the draft, and it was published on the author's blog here: https://telefoncek.si/2024/05/2024-05-30-grapheneos-and-fore...

azalemeth

I really love Graphene OS but I _wish_ there was a version in which you could get a root shell and extract private data of apps you install when verified as the user. The developers are on record as saying that root blows a hole in their security model (it does!) but if there was _some_ way of doing it safely, so I can modify applications I as the user wish to, it would be my ideal OS. I know I could download and self sign it, but I'd rather not…

null

[deleted]

altonw

[dead]

mrbluecoat

TL;DR:

> Cellebrite admits they can not hack GrapheneOS if users had installed updates since late 2022.

nithssh

The post had some nice structural discussion about digital forensics

nunobrito

Up to this day: GrapheneOS insists in only using hardware built directly by Google.

There is no point in hardening the operating system when the base hardware has a strong probability to be compromised from the start. As reminder: three-letter organizations take pride in compromissing hardware for decades before someone eventually exposes the case. Google is a long-time contractor/cooperator for these aforementioned agencies.

GrapheneOS has long been suspicious about the revenue values it receives. Donations they claim, never specifying how much. Recently it even went as far as incorporating Tor directly on the operating system, a known VPN created and maintained by surveillance agencies. GrapheneOS users are not informed that their private data is crossing a myriad of government-owned servers on the Tor network.

From a forensic perspective: Do not use Google hardware when your goal is to reduce exposure on Google services and increase your privacy. Between bad choices, I'd still prefer to use phones from cheap chinese manufacturers than jumping into hardware built by federal government contractors.

SigRed

So you were called out over on Nostr by Final regards the Tor app which you mistakenly took to be integrated when they simply showed the app and it running on the OS, not IN it and decided to come to HN for an anti-Graphene sympathetic ear?

The reply you were called out for, for other people's benefit: It's not bundled. It isn't going to be bundled. This is a post showing a work in progress beta app that most users have not seen before. This app is developed officially by Tor to hopefully replace Orbot, it is informational content.

"GrapheneOS has long been suspicious about the revenue values it receives." GrapheneOS Foundation is a registered Canadian non profit that declares it's accounts and has filed accounts registered against them for this year and last year too. Nothing is suspicious.

From a forensic perspective? You don't provide ANY forensic basis or evidence for anything you claim.

You prefer Chinese devices? Suggesting people use something known to be objectively less secure on a technical level and known to be closely tied to the Chinese government/military and not legally able to refuse their requests is strange. Even if US gov is the only threat you consider, this makes little to no sense. Especially when it has been revealed that forensic analysis firms used by the US LE agencies have revealed that they see GrapheneOS Pixel devices to be the hardest if not impossible to extract especially in BFU state. There is a reason European LE agencies and their media have gone to extra lengths to smear users as criminals due to how stymied they are in extracting data. A job you want to make easier by making ludicrous hypersensationalised claims based solely in the realm of fantasy.

Retr0id

> Tor ... a known VPN

This is like freaking out about dihydrogen monoxide in the water supply.

bri3d

This is a deeply horrible take.

“From a forensic perspective” if one uses a cheap Chinese phone, as you suggest, anyone with one of tens of forensic extraction tools (including the US government!) will immediately own your phone as soon as they plug into it (seriously, as a very public example MediaTek SOCs until very recently all have fatal flaws in the boot ROM).

If you use a Google phone, maybe a deeply embedded secret NSA implant will eventually activate late one night under the glow of your tinfoil hat, but by and large most people will not be able to extract all of your data in ten seconds by plugging into your phone.

Luker88

This is kinda paranoid speech. GrapheneOS and Tor remain two of the best projects out there for privacy. I'd love to hear of other open alternatives, if any.

..."I don't trust google hardware, but I trust hardware from a dictatorial controlling regime" also does not really help your argument, sorry.

Besides, they seem to be working with some OEM to get their own phone out.

I'd love to receive daily updates on this, but it's a new development, updates are scarce and this things take time.

I hope sometime they'll collaborate with fairphone and others.

Scrubbed4426

GrapheneOS does not have Tor "directly on the operating system". You are terribly misinformed about all of this it seems.

q3k

Speaking of social media FUD...