While I really appreciate your work on GrapheneOS (and I will be checking out the sandboxed Google Play Services feature), I don't think it's very good form to heavily promote your OS in a discussion about a different OS, especially in such an adversarial way. There's room in the FOSS space for both GrapheneOS and CalyxOS.

Please look at the comments being replied to from that user in this thread. They're spreading misinformation about GrapheneOS in order to promote CalyxOS. This isn't something isolated but rather than community is highly hostile towards our project and has been heavily involved in harassment of our developers, raids on our community and coordinated spreading of misinformation. Every time GrapheneOS or CalyxOS is mentioned, the CalyxOS community and project are there pretending GrapheneOS doesn't care about privacy and functionality/usability. We're only responding to the comments where this is being done. We didn't jump into this thread but rather they're choosing to attack us and bring us into it.

This looks like a messy dispute, so I'm not going to step in. The FOSS community is outnumbered by those who prefer closed source software, and it's a shame to see infighting between two projects that, despite their differences, both counter the Google/Apple duopoly on mobile device platforms. I hope the GrapheneOS and CalyxOS communities can find a way to reconcile.

> has been heavily involved in harassment of our developers, raids on our community and coordinated spreading of misinformation

I'd be interested to see how you draw this conclusion. I have been in the CalyxOS rooms for quite a long time and have never seen anything of the sort. In fact, when GrapheneOS is mentioned, users are told to change the topic.

People can see for themselves the misinformation being regularly spread about GrapheneOS by the CalyxOS community whenever either CalyxOS or GrapheneOS is brought up. The raids on our channels are a well known fact and those people are openly welcomed in the CalyxOS rooms, even those who have publicly told me to kill myself on multiple occasions. Nick himself has been heavily involved in this behavior. I don't think someone who is involved in the community perpetrating these attacks is a good source on what has been happening. He justifies his support for these people by saying they have an open channel with free speech.

> In fact, when GrapheneOS is mentioned, users are told to change the topic.

Yes, people get banned when they defend GrapheneOS from attacks. Nothing is done when they spread misinformation about it as long as they don't do it too blatantly. Action is quickly taken if someone there tries to counter it.

> The raids on our channels are a well known fact and those people are openly welcomed in the CalyxOS rooms

You've said this a number of times, but you've yet to provide any material evidence this has taken place.

From what I've seen as an impartial bystander, the CalyxOS community doesn't want anything to do with you or your (frankly hostile) community.

I've taken the liberty of doing a little digging and asking around, and it looks like you've even tied in CalyxOS to the recent Bromite impersonation incident. Judging by the chat log you shared on GitHub, it looks like the user was told to change the topic.

I really don't think it's appropriate to be downgrading and "attacking" (as you so vehemently protest) open-source projects like CalyxOS with similar goals. It's a shame such hostility is taking place, when both Calyx and Graphene are doing excellent work in the privacy sector.

In your other (HN dead) message, you branded me a bully and a harasser. I'm interested in how you came to that conclusion?

I specifically avoided commenting on the comparison threads solely to not have to see this. You will not find me doing that anywhere, anytime (unless perhaps when we were on good terms)

I've done that all this time, the only time I comment on something is when somebody asks us to integrate it into CalyxOS, and that's only within our context.

You're the one here who're responding in a hostile manner, and doing exactly what you're accusing us of. Please stop.

I'm sure you didn't do it intentionally, it's just that what you said is a common piece of misinformation spread about GrapheneOS. It's understandable that you'd think that given how much it's repeated and considering that many people got duped too.

>I would trust MicroG a lot more than Google, even if it's sandboxed :)

This is the reason that GrapheneOS sandboxes it. You can disable permissions however you'd like, nothing stops you. You don't want it to send certain data? Then don't give it that permission. Disabling INTERNET will prevent it from sending anything (it's used to privilege, so it likely won't use another app to bypass, but you can use a different profile anyway).

>Play Services are still closed-source google components that I don't want on my phone.

microG is just a reimplementation (a partial one) of Play Services. The privacy benefits are negligible.

>I just wanted to express that I generally see GrapheneOS pick the security side over privacy if there is a choice to be made between both (and only then). And with privacy I mainly mean big data tracking from the likes of Google.

I'm guessing you're referring mainly to microG.

Privacy is not just not sending data. It's far more than that. It needs to be able to blend in with others, and needs a certain decent level of security to avoid simply bypassing privacy features through vulnerabilities.

microG doesn't protect data in transit even close to the way Play Services does. How do you expect to have privacy when apps can simply intercept microG data?

Signature spoofing as microG needs, ruins the security model. It bypasses signature checks by apps. Even in CalyxOS's slightly less bad implementation, vulnerabilities in microG can be used to break out of the sandbox. How do you expect to build a security model on this? Vulnerabilities in microG are very likely, considering how the project disregards security.

How do you expect privacy with such little security? You'll not have any privacy if an app can bypass your privacy features.

It also only reimplements a portion of the APIs and breaks when apps need new ones. How is it supposed to keep up with the APIs anyway? It's tens of thousands of lines of code. It's certainly not a viable option.

Using Play Services as a sandboxed app, on the other hand, avoids this. It doesn't require the microG patch which erodes security, it protects data in transit, and it actually gets the majority of APIs and functionality working. The only functionality that doesn't work is SafetyNet attestation and functionality which depends on privilege. SafetyNet enforces using the stock OS, so you'll never get it with microG. Privileged functionality would need invasive OS integration.

It's clearly a much better solution that preserves the security model. It does it right.

GrapheneOS also optionally blends in with stock Android users. This isn't a bad thing and increases privacy. Connections made are just things like connectivity checks, nothing special.

Besides, CalyxOS isn't particularly good for this either. Their Netguard firewall that they bundle doesn't implement it properly and apps can still bypass it. They aggressively integrate Google services, and have Facebook integration as well.

Correction: because of CalyxOS' implementation of microG, signature spoofing can't easily be used to break out of the sandbox. Sorry to those whom I inadvertently misled. The fact remains that microG is still an insecure implementation that doesn't implement proper security or transit protection and disregards security.

> There's room in the FOSS space for both GrapheneOS and CalyxOS.

I doubt strcat disagrees with that. He's responding to specific statements comparing GrapheneOS and CalyxOS. I don't think we would have seen those comments if nobody had mentioned GrapheneOS.

> CalyxOS has a leaky firewall which apps can bypass and a leaky VPN tethering implementation.

We're working on fixing the one bypass. I don't know what you mean by leaky VPN tethering implementation.

We have a patch (from LineageOS) that allows tethered devices to connect over the VPN. By default in AOSP a tethered device ignores the VPN.

Wouldn't this be the opposite of leaky? It prevents leaks, especially when you have always-on VPN enabled.

> GrapheneOS has a Network toggle without those leaks and prefers the approach of fine-grained VPNs rather than using the same tunnel for everything.

We evaluated the network toggle and found it to cause crashes in apps when the permission got taken away from them unexpectedly, which is why we've gone with the solely network-level implementation.

We also do not have anything that'd make you think 'use the same tunnel for everything'. Multiple users work just fine, and in fact we now have a built-in work profile feature which lets you run another VPN in that (since that's how Android works) out of the box.

> CalyxOS includes a lot more proprietary services (Google, WhatsApp, etc.)

We do not include any proprietary services. We have microG which is open source, and the WhatsApp integration is done in open source code in the Dialer, it does not rely on anything proprietary.

In fact, you're the one who's brought up your play services approach which involves running the proprietary binary. Don't you see the irony?

Like I said in my post below I didn't mean to attack you. I don't even use either Calyx nor GrapheneOS. > That's not true. GrapheneOS is heavily focused on privacy and offers much better privacy than CalyxOS. See https://grapheneos.org/features for the privacy and security features offered beyond AOSP. Unlike CalyxOS, we aren't listing AOSP features as our own.

I simply wanted to explain that you will always pick the security side if a balance has to be made between security and privacy. I don't mean this as a bad thing. It's a good point and a good differentiator between both IMO.

> GrapheneOS has https://grapheneos.org/usage#sandboxed-play-services which is able to provide much better app compatibility, far more functionality and without the privacy/security sacrifices of microG. microG lacks the same security checks and key pinning of Play. It doesn't avoid trusting Play because the apps using Play are using the Play client libraries. microG is an additional trusted party.

I don't agree with this. I would not want any google play stuff on my phone, sandboxed or not.

> Those apps work fine on GrapheneOS. CalyxOS isn't more private and more secure than AOSP. CalyxOS includes a lot more proprietary services (Google, WhatsApp, etc.) than AOSP. For the most part, they're making changes which quite easily hurt privacy and security.

Does Calyx really include WhatsApp out of the box? That would indeed be a very negative point for me. As I mentioned I haven't used either.

> This is a highly inaccurate portrayal of what GrapheneOS provides and the decision making process. GrapheneOS values privacy and usability very highly. It balances those with security.

As far as I understand your website you do always pick security if a tradeoff has to be made. I don't think this is a bad thing. I think it's a good option. It's just not the choice I would make but it's nevertheless a good stance for those who care about security the most.

Anyway like I said in my other post I'm sorry you view my post as an attack. If you look at my other posts you will see I praised you for promoting security features that were incorporated into AOSP after you had initially developed them.

> Does Calyx really include WhatsApp out of the box? That would indeed be a very negative point for me. As I mentioned I haven't used either.

We do not, we would never ship a proprietary app like that.

What we have is a small patch to the open source Dialer / Phone application that lets you make WhatsApp calls directly.

It only shows WhatsApp as an option if you have it installed already, if you don't you won't see it, we don't want to promote using proprietary services.

This was done after a lot of back and forth with our UX team.