France has made it clear they expect to have a backdoor in end-to-end encryption apps and disk encryption. They've been saying that it's unacceptable not to have a backdoor in a bunch of these news stories they've gotten published by contacting the media. They've said if we don't cooperate with that, they'll take similar actions against us as they did SkyECC and Encrochat meaning hijacking our servers and trying to have us arrested.
Le Parisien has 2 articles about this, not only one, and https://archive.is/UrlvK is one of the places they talk about going after us if we don't cooperate with providing them access to devices. It's not possible for us to provide an update which bypasses the throttling for brute force protection so what they're asking isn't even helping them break into specific devices but helping them compromise security for everyone in anticipation of rare cases of criminals using devices. https://news.ycombinator.com/item?id=46038241 explains lack of technical ability to compromise security after the fact. Titan M2 is specifically designed with insider attack resistance so that Google making an update disabling the brute force protection won't be accepted by the secure element without the Owner user successfully unlocking first. We don't have the signing key for the Titan M2 firmware anyway. This is part of our required hardware-based security features which we're working on providing in a Pixel alternative with a major Android OEM working with us right now. We talked to them about the France situation already and it does not negatively impact our partnership. It may be a good idea to speed up an official announcement with them to counter the narrative being pushed by France's law enforcement agencies now.
> France has made it clear they expect to have a backdoor in end-to-end encryption apps and disk encryption.
Note that "France" and "Johanna Brousse" (as the lead investigator lobbying for more agency data access) are not the same, by a couple million people.
Now's the time to get ahead of this. Communicate openly why Open Source matters, what's at stake, and try to ally with existing organizations like the EFF, IETF, Linux Foundation, CCC e.V. and others. They know how to deal with the media, and it's okay to ask for help.
Please let another person check the article from a non-technical perspective, because that's where journalists have a strategical bonus. If the blogpost/article/video/whatever contains too much technological lingo, the masses won't be able to understand it.
Wish you the best.
PS: I hope that you can see that not all people are as messed up as the kiwifarm doxxers. I've seen their "call to arms" to start new swatting attempts etc. Stay safe.
PPS: Don't engage with people that have anime avatars. Just block them. Your time is wasted trying to read or reply to them. Hate is a mind infiltration technique.
I appreciate the answer and the work on GrapheneOS! It seems there's a lot of work going on with the QPR1 release and this French matter doesn't make things easier for the team. Good luck!
To be fair, the quote in the second article is from Johanna Brousse who is behind the Durov arrest.
> "Mais ça ne nous empêchera pas de poursuivre les éditeurs, si des liens sont découverts avec une organisation criminelle et qu’ils ne coopèrent pas avec la justice."
> “But that won't stop us from prosecuting publishers if links to a criminal organization are discovered and they fail to cooperate with the justice system.” (DeepL)
I understand this can be seen as more threatening even if the whole quote softens this a bit.
Given what we know about how most Western nations feel about secure communications, what seems more likely?
The reality is that the west got very comfortable with a world where any and all communication can be trivially wire tapped.
Telephony, messaging, and even the internet - these were not only abused, but abused on such a scale that virtually no data could ever be safe from the eye of the state. Even printed media would leak it's location, etched in microscopic ink.
We, unceramoniously and rapidly, yanked this power out from underneath them. For the first time in a very long time, it is possible to have communication which cannot be surveilled.
Knowing what we know about how governments work, are we shocked that there is push back to this? Frankly, the only reason we aren't seeing more abuse is because the big dogs still permit absolute serveillance. I'm sure at the behest of the state.
Projects like grapheneos and signal represent an existential threat to the current model of citizen serveillance and crime solving. Starving dogs will bite.
> They've said if we don't cooperate with that, they'll take similar actions against us as they did SkyECC and Encrochat meaning hijacking our servers and trying to have us arrested.
No, they haven’t.
You are letting your paranoia talk by widely amplifying the content of two newspapers articles in media affiliated with the far right.
I’m quite surprised by your reactions to be fair because both SkyECC and Encrochat were actually affiliated with organised crimes. As far as I know, GrapheneOS isn’t.
French law enforcement chose to do interviews with those newspapers and nearly all of the content of those articles is paraphrasing or directly quoting what they said. There's very little input from the journalists into those articles. They treated the claims from the state as facts and conveyed them as such, then posted our responses to vague queries not giving us the details of what was being claimed about us so we could properly respond to it.
Le Parisien has 2 articles about this, not only one, and https://archive.is/UrlvK is one of the places they talk about going after us if we don't cooperate with providing them access to devices. It's not possible for us to provide an update which bypasses the throttling for brute force protection so what they're asking isn't even helping them break into specific devices but helping them compromise security for everyone in anticipation of rare cases of criminals using devices. https://news.ycombinator.com/item?id=46038241 explains lack of technical ability to compromise security after the fact. Titan M2 is specifically designed with insider attack resistance so that Google making an update disabling the brute force protection won't be accepted by the secure element without the Owner user successfully unlocking first. We don't have the signing key for the Titan M2 firmware anyway. This is part of our required hardware-based security features which we're working on providing in a Pixel alternative with a major Android OEM working with us right now. We talked to them about the France situation already and it does not negatively impact our partnership. It may be a good idea to speed up an official announcement with them to counter the narrative being pushed by France's law enforcement agencies now.