France threatens GrapheneOS with arrests / server seizure for refusing backdoors

> devices should have government-mandated backdoors if and only if you are a public servant

This would be an intelligence bonanza.

Better: mandatory, encrypted logging. Officials maintain the keys. When they leave office or are subpoenaed, they have the means to grant access. (If they can send and read their messages, they have the keys.)

This is how NARA in the U.S. is supposed to work.

I've been saying this for years: the more power you have the higher standard you should be held in. In most societies on the planet it's the other way around.

Even then the backdoor should be on their government device and not the personal devices.

Note that having their personal device when doing government work should be prohibited (that is you can't have it in your pocket when working). As is using your personal device for anything government (other than a formula check your government device call/text - employees should be regularly tested that they report any government communication that doesn't follow the formula)

We do have things like the Freedom of Information Act in the US, and I think a lot of European countries have similar laws. Yes it isn’t perfect and could be enforced more evenly.

But obviously, if you work for the military there is information that needs to be kept secure…

Backdoors exist for everyone or they exist for no one, this technology isn't one that has room for a gray area to debate. If it can be deployed to public servant devices, it can be deployed to your device.

That is a terrible, terrible idea.

It would make it even easier to hack them, blackmail them, snoop on top secret information. The list goes on.

No, the correct answer is - no backdoors because crypto, because security, because of theft, because of France, or any other government or Uncle Sam.

If they want to protect the children, hunt crime, catch drug dealers, they are going to have to learn criminology.

The only problem with that train of thought is that you are advocating a lower standard. Backdoors are not a superior option in any circumstance whatsoever.

The standard of conduct we need (and are failing) to hold politicians and cops to is actual security and responsibility. Some of the most powerful politicians in the world are leaking private conversations, and no one is holding them accountable. Police are paying private corporations (notably Flock) to build giant monolithic datasets from stalking private citizens, yet neither party is held to any standard whatsoever.

> if you are a public servant. I don't understand why private citizens are held to higher standards of conduct than politicians and cops.

Last time I checked, politicians and cops are private citizens...

Wherever you stand on this, I can't understand the justification for this "one rule for thee" position.

I remember. It helped expose his lies about not traveling to russia and not collaborating with russian security services.

You know I didn't use to understand libertarians, but after years of watching boundaries being overstepped again and again I think I see the appeal of burning it all down and living in a cabin in the woods.

Like, in Europe we already live in a completely safe society in historical and geographic terms, what more do you fucking want? Security is beyond a laughable excuse for things like chat control. Power tripping elitists will never be happy until they have the entire population under 24/7 camera surveillance and can read every thought in our heads as it occurs. If you make crime impossible, you make free will impossible.

In the Pavel case, it involved child pornography groups on Telegram and the fact that they ignore a court order.

But I agree with you for the authoritarian logics in Europe (even America) with Chat Control and other actions like the French gov. just did....

That was my read on that too.

absolutely yes

> As of 2018 through an initiative sometimes termed "Five Eyes Plus 3", Five Eyes has agreements with France, Germany, and Japan to introduce an information-sharing framework to counter China and Russia.

https://en.wikipedia.org/wiki/Five_Eyes#Five_Eyes_Plus

Not really. It's one thing trying to bully a relatively small FOSS project, it's quite something else to take on one of the world's biggest companies that can afford a literal army of lawyers and that also has the power to have the US government intervene on their behalf.

Too bad Google Translate doesn't have a subscription to Le Parisien.

https://archive.is/wW7N6

I like grapheneOS. Their have a clear focus and that should be respected. However, all that drama about e/OS they are creating and claims about fascist law enforcement are a bit over the top IMHO.

It's about protecting kids/olds/fighting crime/drug dealer

`What would you like me to wrap the global surveillance in?'

I don't think so; (but at the end of the day, you can never be 100% sure unless it's 100% OSS)

But with that being said both Apple and Google store a lot of data about you, and they are willing to "cooperate" with the government, and they did hand over data in various of cases Apple included [1]. For some reason, people think of as the "privacy company".

btw, big tech also get harassed for similar requests: The UK, for example, is still pressuring Apple to build an encryption backdoor [2].

[1] https://www.apple.com/legal/transparency/ [2] https://www.eff.org/deeplinks/2025/10/uk-still-trying-backdo...

Perhaps, or perhaps they started with companies that are smaller and easier to intimidate.

I can understand you thinking that and there's probably some truth to it but do I consider Android and iOS compromised with government backdoors? No. What do I base this on? The lucrative black market for Android/iOS 0days.

And who's buying them? Generally, state actors, directly or indirectly. There is an entire ecosystem of Israeli "security" companies that exist to farm out these exploits. This is a big part of why Israel is such a key component of the American national security infrastructure. Israel is largely beyond the jurisdiction of American courts and any kind of direct scrutiny by the government.

It's a bit like how the US isn't (technically) allowed to spy on US citizens. How do they get around this? By farming out such activities to allied intelligence services, particularly Five Eyes members.

This entire ecosystem and marketplace just wouldn't exist if Android or iOS were fully backdoored.

In a sense, trajectory has not really changed, but, admittedly, the pace of change has accellerated tremendously. UK and now France.

In the end, wasn't EncroChat a larger problem for the criminals than the governments?

Once it became a big enough target it got taken down, and then quietly run by the police who collected everybody's messages for months before triggering a huge round of arrests, including quite a bit of major organized crime across Europe. The dangers of centralization. They'd love another EncroChat!

Doesn't apply so much to GrapheneOS of course since they're not in the messaging platform market, but it's definitely a cautionary tale.

I watched a fascinating documentary about EncroChat (https://www.channel4.com/programmes/operation-dark-phone-mur...). It was obvious the police absolutely loved having this real time feed into criminal communications, and thought "let's have more of that please". They don't realise the consequences are that criminals won't use such forms of communication once they know they're backdoored.

> scared them pas-de-merde

Huh?

I didn't read it[0] as being particularly nuanced. I thought it was a fact-loose, extremist hitpiece against FOSS, containing howlers such as

> "Particularité de GraphèneOS : on peut se le procurer autant sur le darknet que sur des sites grand public." ⇒ "A distinctive feature of GrapheneOS is that it can be obtained both on the darknet and on mainstream websites."

Quoting "both sides" (so to speak) doesn't automatically create a thoughtful dialog.

[0] https://archive.is/20251119082524/https://www.leparisien.fr/... (tr. "Google Pixel and GrapheneOS: drug traffickers' secret weapon for protecting their data from the police")

I'm unsure whether it's appropriate to trust Le Parisien's equivalencies.

Q: Do they have a track-record of intellectual honesty?

Equivalencies are powerful, and dangerous if mis-handled.

E.g. this is worrying [from the article]: "A unique feature of GrapheneOS is that it can be obtained both on the dark web and on mainstream websites." Le Parisien is calling out GrapheneOS's availability on the "Dark Web" as significant, in the context of "Drug Trafficker's Secret Weapon". Banned books can also be acquired on the Dark Web, and banned books are not illegal, yet, in mainstream democracies. So Le Parisien's equivalency, here, is misleading.

"Criminals and traffickers also use knives."

London already did this

> Le Parisien (a big French billionaire-owned newspaper) They're all billionaire owned. As an example, left wing newspaper Liberation has Kretinsky among the owners

One thing though is - knives, fast cars and cash aren't built with deliberate motivation of thwarting the law enforcement and criminal investigations.

GrapheneOS and its systems are - you can walk through history and see that they're deliberately working on systems that defeat law enforcements efforts of collecting data from seized devices and tracking criminal networks.

This is a massive difference - even for knives and cars, you'd get into some hot water (or outright illegal behaviour) if you build them with express purpose to make them hard to find and track by law enforcement. Try making a company that focuses on cars that hide its license plates from the police and you'll see how far that will go.

This is one thing that GrapheneOS, Signal and others will need to at some point reckon with - the fact that they deliberately work at making law enforcements work harder and provide effective cover for criminals will get them into hot water. And I don't think population will stand at their side when they find that they've been helping CSAM traffickers hide their loot.

Having all that anti-governmental rhethoric won't end well for longerm survivability of these projects - which sucks for all of us.