France threatens GrapheneOS with arrests / server seizure for refusing backdoors
Mood
heated
Sentiment
negative
Category
news
Key topics
Privacy
Security
Surveillance
GrapheneOS
France
Discussion Activity
Very active discussionFirst comment
N/A
Peak period
95
Hour 2
Avg / period
22.9
Based on 160 loaded comments
Key moments
- 01Story posted
Nov 24, 2025 at 12:00 PM EST
8h ago
Step 01 - 02First comment
Nov 24, 2025 at 12:00 PM EST
0s after posting
Step 02 - 03Peak activity
95 comments in Hour 2
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 24, 2025 at 8:29 PM EST
21m ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
https://translate.google.com/translate?tl=en&hl=en&u=https:/...
Additional context:
https://grapheneos.social/deck/@GrapheneOS/11557599710445618... https://grapheneos.social/@GrapheneOS/115583866253016416 https://grapheneos.social/@LaQuadrature@mamot.fr/11558177594... https://grapheneos.social/@GrapheneOS/115589833471347871 https://grapheneos.social/@GrapheneOS/115594002434998739
Following the propaganda of the ministry of interior, several articles were published in press about GrapheneOS, which is described as a solution for criminals because it allows to hide things.
La Quadrature du Net [similar to the FSF with regard to defending users' rights] argues that the purpose is of course not cybercrime, but to secure and protect the privacy of its users.
The head of the anticybercrime brigade of Paris threatens of suing the developers of GrapheneOS if connections with organized crime were to be found.
The government has repeatedly tried to extend cyber-surveillance previously. They are trying to use a law designed to fight drug traffickers in order to enforce backdoors in services that use cryptography, such as Signal or WhatsApp, without any success for the moment.
---
So, it's a threat before having a proof. They also mention the arrest of Pavel Durov, who was arrested because Telegram failed to answer legal requests, which was then constructed as complicity with criminals using Telegram, but that's obviously a very different case.
But of course, if they succeed in forcing backdoors, criminals will just use other ways to communicate (doesn't matter if they are legal or not because, well, they are criminals...) or tricks; for instance, back in the day when (analog) phone calls could be wiretapped, they were already using code words. They could use e.g. steganography tomorrow.
But we will be left with backdoors that are an unacceptable compromise on security and privacy. This is a recipe for dystopia considering that far-right parties are getting stronger in Europe, including France.
Built into the onslaught of demands of backdoors are two key ideas: A) That the backdoors will only be exploitable by the authorities and that B) they're even necessary to carry out their work in stopping trafficing.
I think most people know by now the first idea is preposterous. The second idea is too. The EU should focus on better police tools and tactics that detect and track the actual movement of goods.
This is a point that doesn't get raised very often: the actual crimes occur in "meat space", not electronically on a device. Haven't police and intelligence been solving crimes like that since 'the beginning'?
The coordination of a crime may be done electronically 'on device', but the actual crime occurs somewhere physical, generally with physical objects and the presence of the criminals themselves.
Why is it suddenly so much more difficult for law enforcement to do their jobs that the privacy of every member of the public needs to be able to be invaded?
Are police forces under-resourced to take on the "how it's always been" approach to fighting crime? Are law enforcement being subject to inapplicable software engineering rules of efficiency to save money? (Ie. Too much focus on the metrics, not the outcomes).
Don't police have great physical surveillance tools? Yes, it may cost more in having to physically surveil targets, but that seems (to me, and this is where the rift lies) that's a good compromise opposed to surveiling the entire populace.
Anyone can say anything in a piece of correspondence that they think is private. If it's made public it completely changes the context. A joke between friends, criminals or not, can look like conspiracy to X, Y, or Z. Research for a crime novel could appear like preparation for a Louvre heist.
And one thing I know for sure is that law enforcement do not understand context. They're bred to find guilt, not innocence, and having a larger haystack they'll find plenty of hay they think look like needles. Gotta hit those metrics.
There's plenty of nuance missing from what I've written here, but I fairly strongly feel it's leaning towards reality rather than liberal fantasy.
So yes, their work is now harder and they're pushing back against that and trying to enact laws that return the previous state (or give them even more power).
Sadly, I don't think that that's true. I've been shocked by the lack of understanding there in groups of technical people who should know better. It's even worse in groups of non technical people. I'm afraid this is an ongoing battle, and every time ideas like this come up from government it's going to be an effort to inform the public.
But really, the point GP was trying to make (IMO) is that all western democracies are very obviously sliding towards authoritarianism. They are building tools which, even _if_ they don't abuse them now, will be available to any future government and with time, the probability of one of them being non-democratic is 1.
> non-democratic country
My guess is there will be no debate... That said, we must acknowledge even having this debate is a positive step.
> Interviewed, she warns that she will “not stop pursuing publishers if links are discovered with a criminal organization and they [GrapheneOS] do not cooperate with justice.”
French law enforcement is conflating companies making products with GrapheneOS code with GrapheneOS itself. They're presenting it as if those companies are working with us and that we're responsible for their actions selling devices using our code. Most of those are using forks of GrapheneOS with features we don't have which are repeatedly incorrectly referred to as being GrapheneOS features. GrapheneOS users can read the many articles and see many references to non-existent features. They similarly refer to non-existent distribution methods and marketing which are actually about these products they're conflating with us. Since they're conflating products and actions by other people with ours, that makes their threats very concerning.
GrapheneOS doesn't even currently bundle an end-to-end encrypted messaging app as we don't have our own and leave choosing third party apps up to users. We plan to make an RCS app with MLS to replace people using Google Messages via sandboxed Google Play but that's no different than what Apple and Google are working towards providing earlier. Even if Chat Control was already the law, we don't have Signal or a similar app bundled with the OS and don't currently distribute a hardened build via our App Store despite plans for it. We do distribute the sandboxed Play Store and Accrescent via our App Store which have end-to-end encrypted messaging apps available...
VeraCrypt is French, too, iirc?
With the current evidence, its not ruled out that the french state is not doing anything at all.
With the current evidence, its plausible that the french state is not doing anything at all.
Your cell phone provider almost certainly will respond to a valid warrant and wire tap your non e2e encrypted phone call.
I'd be very surprised if the most common mode of remote communication in any time period was not subject to government interception in some format within a short time of becoming such. That includes physical mail, landlines, cell phone calls, txt messages, emails, etc.
Referring to "how things used to be" is not in fact helping the case for privacy.
The goal should be, designing your infrastructure in such a way they simply cannot forward this traffic to law enforcement.
Yeah back then we just listened to the phone calls with scanners.
It gives the police's view on narco-trafic crime, but also Graphene's take :
"Criminals and traffickers also use knives." This organization, which is not a company but a foundation, emphasizes that its solution is used by ordinary people who dislike how apps and operating systems handle their data. It adds that if criminals use Google Pixel phones and GrapheneOS, it’s because these solutions work well. But that doesn’t make them accomplices, they assure. "Criminals and traffickers also use knives, fast cars, and cash—things that are also widely used by honest citizens," its representatives note.
And GrapheneOS adds that it protects users from hackers and intrusions by the secret services of totalitarian states. "We consider privacy a human right, and we are concerned about projects like Chat Control (a European bill aimed at detecting child sexual abuse material in messaging services, but which has faced significant criticism) that the French government supports. The invasion of privacy enabled by such legislation would have alarming implications under an authoritarian-leaning government," it argues.
London already did this
BTW As an outsider, this “knife” euphemism caught me off guard a while ago. When you read about these stories from London, it’s usually about machetes.
London has a knife crime problem in the sense that any number of people being stabbed is a problem, but it’s worth bearing in mind that, for example, NYC has a slightly higher rate of fatal stabbings per capita. (Non-fatal robberies and assaults are tricky to compare across countries because of different data collection methodologies and different classifications.) So sure, it would be nice for fewer people to get stabbed, and knife crime is a serious problem for some specific communities, but the city as a whole is not experiencing the kind of knife crime epidemic that you might imagine if you get your news from alt right TikTok accounts.
I used to own many butterfly knifes in Middle School. Feels weird that you could be arrested for that in London
> "Particularité de GraphèneOS : on peut se le procurer autant sur le darknet que sur des sites grand public." ⇒ "A distinctive feature of GrapheneOS is that it can be obtained both on the darknet and on mainstream websites."
[0] https://archive.is/20251119082524/https://www.leparisien.fr/...
GrapheneOS and its systems are - you can walk through history and see that they're deliberately working on systems that defeat law enforcements efforts of catching and convicting criminals.
This is a massive difference - even for knives and cars, you'd get into some hot water (or outright illegal behaviour) if you build them with express purpose to make them hard to find and track by law enforcement. Try making a company that focuses on cars that hide its license plates from the police and you'll see how far that will go.
This is one thing that GrapheneOS, Signal and others will need to at some point reckon with - the fact that they deliberately work at making law enforcements work harder and provide effective cover for criminals will get them into hot water. And I don't think population will stand at their side when they find that they've been helping CSAM traffickers hide their loot.
Which is not to excuse the fascist actions of the French government. I just don't like that quote.
If we can't trust hosted services to protect our data, and we can't trust our own computers to preserve our data, the right to privacy simply doesn't exist.
You don't need to persuade me about it. You need to persuade your cops and governments that having your OS secure outweighs their wish to make crime fighting easy.
They'll be targeted by the governments because of that perception.
Something designed to be private doesn't know the difference between a law enforcement officer trying to break into it and a criminal trying to break into it.
There is no special "anti-cop only code" that gets executed, any more than there are special "cop tools" that exist on some physical plane where criminals don't.
You can slam onto the downvote button all you want, but if you don't UNDERSTAND it, you can't FIGHT it effectively.
It's a typical left failing where you pretend to be too dumb to understand where the authoritarians are coming from to effectively fight it.
To actually do any crime with GrapheneOS you would also need at least a VPN and basic understanding of operational security. Just as you would need a lot more than just a knife and car to be a successful criminal.
A Pixel phone with GrapheneOS is not some magic device that let's you do crime without immunity, but that’s the story they want to sell you.
now now comrade, if the book is banned, how is it that you are in possession of it? you're clearly breaking the rules. I do believe it is time for you to start counting trees
It is disconcerting, as it's unclear whether the rule-of-law still stands, given the anti-Constitutionality of the current US Administration -- especially around due-process.
The trend of Democratic Decline seems provably real, along with a rise in Authoritarianism.
But anyway yeah, in France (and in other countries too ) there is a media oligarchy.
Check the France problem: https://www.monde-diplomatique.fr/cartes/PPA https://www.monde-diplomatique.fr/IMG/png/poster_medias_fran...
Other countries with broken media ecosystem: - Australia: https://www.theguardian.com/commentisfree/2024/mar/17/the-br...
But also USA and Poland for example.
This article is as absurdly biased as it could be! Of course they provided a quoted response from GrapheneOS devs: that's the only appeal to credibility they have.
A truly responsible journalist would explain to their audience what is actually at stake, not simply spout every available position as if it were equivalent.
> The FBI ran a sting operation in Europe where they created their own 'secure' phone and messaging platform. Their OS used portions of our code and was heavily marketed as being GrapheneOS or based on GrapheneOS.
So how do we know GrapheneOS itself isn't a honeypot? It's run by a mystery org and heavily marketed as being a secure platform.
https://en.wikipedia.org/wiki/Crypto_AG was a CIA front for 50 years.
Or, phrased differently, how much independent auditing is graphene OS subjected to?
They claim they are audited... but who? When? Where are the results? https://grapheneos.org/faq#audit
https://discuss.grapheneos.org/d/5527-who-has-audited-graphe...
> We've built relationships with security researchers and organizations interested in GrapheneOS or using it which results in a lot of this kind of collaboration.
No, it's run by a non-profit foundation whose records are public.
https://ised-isde.canada.ca/cc/lgcy/fdrlCrpDtls.html?p=0&cor...
We have tons of different systems for accumulating power all over the world. Corporate structures, democracy vs autocracy, etc. In each of those societies, we see different types of leaders on a sliding scale of savoriness.
My point is that clearly there are some forms of governance which result in more savory people and so you can argue that it's the systems that define the outcomes rather than any "law of nature".
[0]: This is not a figure of speech - many anti-social traits which result in NPD, ASPD and their subclinical versions[1] are genetic. There is literal evolutionary pressure to exploit others.
[1]: Meaning the trait is sufficiently pronounced to be harmful to others but not enough to be harmful to the person having it so it's not diagnosed as a disorder.
---
All social relationships should be consensual.
This means based on _fully-informed_ consent which can be revoked at any time.
This already marks employment as exploitative because one side of the negotiation has more information and therefore more bargaining power. Not to mention having more money gives them more power in a myriad of other ways (can spend more on vetting you, can spend more on advertising the position than you can on advertising your skills). Just imagine if people actually had more power than corporations - you'd put up an ad listing your skills, companies would contact you with offers and you'd interview them.
Citizenship is also exploitative because you didn't willingly sign a contract exchanging money (taxes) for services (protection, healthcare, roads, ...), in most countries you can't even choose which services you want to pay for. And if you stop paying, they'll send people with guns to attack you. This sounds overdramatic (because it's so normalized) until you realize from first principles that is exactly what it is.
_If democracy is supposed to mean people rule themselves, than politicians should be servants which can be fired at any time._ In fact, in a real democracy, people would vote on important laws directly and only outsource the voting to their servants about laws which don't affect them much, or they'd simply abstain.
---
Power should come from the majority.
This should naturally be true because all real-world power comes from violence and more people can apply more violence (or threaten it, when violence is sufficiently probable to be effective, it usually does not need to be applied, the other side surrenders).
But people who are driven to power have been very good at putting together hierarchical power structures where at each level the power differential is sufficiently small that the lower side does not need to revolt against the upper side. But when you look at the ends, the power differential is huge.
Not just dictators, "presidents" or presidents but "owners" and "executives" too.
You don't truly own something you can't physically defend. When you as a worker finish a product, you literally have it in your hands. You could hand it over to a salesman and you'd both agree on how to split the money from selling it. But instead, you hand it over to the company (by proxy its owner) which sells it and gives you your monthly wage irrespective of how much the product made. The company being free to fire you or stop making the product obviously makes more money then you - it's an exploitative relationship.
But why do you hand it over? Because if you don't, they'll tell the state and it'll send people with guns to attack you.
If someone claims to be "representing" me (whatever the fuck that means)...
...even more so if they are "representing" me alongside millions of others, i.e. in a very abstract sense (what do a million people have in common? everything and nothing)...
...and especially if the "representation" is concluded in "winning" a ritual bureaucratic gauntlet which gives you the right to send organized murderers after exactly the people whom you fail to "represent"...
...then it sure sounds like we all deserve instant access to a real-time sub-second, molecular-level feed of your entire present existence before it's anywhere near a fair bargain and not a totalizing coercive arrangement.
Granted, this sounds a little unfeasible from a technical or security perspective.
Although if the global media capacity was redirected to doing primarily this, instead of inventing ever fancier narratives to distract people from paying attention to the circumstances of their own lives, it just might be able to handle the full surveillance of a few thousand global volunteers: the real exemplary humans who set the real standards in real dialog with the entirety of sovereign society. Governance by inverse big brother. Sure gonna be cheaper than all the effort which goes into convincing people throughout their lives that "democracy" is what's going on...
Alternatively, that entire exercise can be sidestepped by Dunbar-compliant representation, i.e. let's introduce a pervasive social norm that dictates the following: (1) nobody has the right to represent more than their 100 closest people in the world (2) representation doesn't stack to form multi-tiered institutions - representatives only connect horizontally in a territory-spanning mesh. so if N * 100 people vibe with your idea you'll have to either split your personality N-wise (doesn't go very far with current theories of mind) or give N-1 people the right to their own interpretation of your idea to communicate with 100 others.
I think they tried that about 100 years ago and it worked well enough for organized metasubversive parasites to core it and wear its husk for the better part of a century. Maybe if it was started less overtly in the first place it would've worked better. But cosplaying German Idealistm to your pet serfs cosplaying worker's council doesn't really leave space for a whole lot of subtlety. That entire story is such a cause-and-effect pinball; like and subscribing to any of those ideologies just lets the ghost of the ball drag you along. Kinda sad that they're one of the things the Net died into, no?
One solution is to say that no country should be so large anyway. And I'd like that, creating such huge power structures (hierarchical or not) is dangerous. But realistically, sometimes they are needed for defense. A lot of power structures are shaped by the necessity of organized defense (and can then be used for organized attack).
Obviously, because the ones with power make the laws.
Note that having their personal device when doing government work should be prohibited (that is you can't have it in your pocket when working). As is using your personal device for anything government (other than a formula check your government device call/text - employees should be regularly tested that they report any government communication that doesn't follow the formula)
1 - Law enforcement have actual information about the probable contents of your phone (like an incriminating filename will do). They can reasonably expect to get a warrant and access to your stuff.
2 - They don't know what's there at all, and have no probable indication of the contents, and in this case they cannot expect access because they would just be going fishing.
Having said that - backdoors are bad.
Last time I checked, politicians and cops are private citizens...
Wherever you stand on this, I can't understand the justification for this "one rule for thee" position.
In fact private citizenship combined with government is the origin of corruption. Think about it, as a government official your incentive should be to preserve order, fairness and honor. As a private citizen your goal is to optimize the amount of money you make via business or employment through whatever means possible. That means exploiting loopholes and possibly when no one is looking, breaking the law.
The incentives are orthoganol and it does make sense to have a different set of rights and rules for government officials and private citizens. The minute you take the attitudes of private business/citizens into the world of government you get people creating rules that are corrupt.
Elected government official doesn't own or have perpetual interest. All he can do is plunder as fast as he can in his unowned fiefdom before it passes on to the next guy. Fully private government would have incentive at least to preserve the value of the "Kingdom" if nothing else for his own children and because he sees the Kingdom as his own and destroying it for short term gain would be irrational.
But in a democracy where you are one government official among many many other officials, one small corruption change that benefits yourself individually hardly effects the overall government. It is rational for you to do small damage to the overall government and gain a reward that benefits you disproportionally. It is the MOST logical action.
But then every government official acting rationally in aggregate causes the overall government to become extremely corrupt and that is the tragedy of the commons. Rational action in aggregate becomes irrational. Government needs to be separate from private business.
I guess it's because it's so culturally ingrained that it's hard to separate. The chase for money and business is entirely cultural. Money is paper and it's all fantasy stuff and the reason why we value it is solely because of culture. Government ideally needs to be seperate from this culture and have a more militaristic based honor structure where the incentive is to guard the citizenry. Easier said than done.
Ok.
I'm interested in why you think this is the goal of citizens (but not of government).
To be clear: I don't believe this should be the goal of government. I don't really understand why this should be the goal of citizens. I've emphasised the term "should" here, which is a somewhat odd moral term in general, but if we're applying a "should" to government to differentiate them from private citizens, there needs to be a symmetrical. Optimizing individual wealth is certainly an emergent goal of specific individuals, but I can't think of a reason to broadly apply a moral "should" to this goal.
But you cannot deny that you as an individual are HEAVILY influenced by the system can culture you live in. Status is equated to those who have the most money. Regardless of yourself as an individual, in aggregate this is how people behave and a good basic universal model that predicts behavior.
This is not about your beliefs or morality. This is about the practical reality. In addition to this, capitalism so far is the the only known effective system to create modern economies of scale. We tried to make things fair, ideal and utopian with communism, but, practically speaking, we haven't seen it work.
Replying here to this seemingly flagged/dead comment (not sure why it was flagged - a very reasonable question).
I fully support higher scrutiny of public officials & cops, but this frankly isn't that. First & foremost, the problems you're describing are systemic, not individual. Monitoring a cop's phone isn't going to reduce police violence if the system isn't accountable - this is essentially the "bad apple" argument. The entire system needs drastic reform: backdoors won't solve any real problems here.
Secondly, independently of the levels of reform needed, at an individual level we're talking workplace conduct, reporting, protocols & transparency -vs- dystopian privacy invasion. There's a very broad spectrum here long before we reach the need for extremes.
Lastly, you need to look at the systems doing the monitoring of politicians' & cops' phones in this hypothetical scenario: if those systems contain the same systemic corruptions (which they inevitably do), the entire argument for oversight is moot.
You may be confusing the civilian/military distinction with private citizens versus public officials. (A delineation American cops fuck with.)
This would be an intelligence bonanza.
Better: mandatory, encrypted logging. Officials maintain the keys. When they leave office or are subpoenaed, they have the means to grant access. (If they can send and read their messages, they have the keys.)
This is how NARA in the U.S. is supposed to work.
No, it's not. A warehouse of locusts is bigger than a full bank vault. That doesn't make the former a bonanza.
Mass surveillance on a foreig population is useful. But it's not as useful as breaching top officials.
And ideally an illustration to those in power why backdoors are never a good thing. They won't care if it's not happening to them. But if their devices are suddenly incredibly insecure due to their backdoors, they might just rethink the concept entirely.
A hypothesis I would have bought until seeing our current White House's opsec.
But obviously, if you work for the military there is information that needs to be kept secure…
Do better policing (and that doesn't include trying to backdoor devices), but backdoors aren't the answer.
It would make it even easier to hack them, blackmail them, snoop on top secret information. The list goes on.
No, the correct answer is - no backdoors because crypto, because security, because of theft, because of France, or any other government or Uncle Sam.
If they want to protect the children, hunt crime, catch drug dealers, they are going to have to learn criminology.
Politicians are routinely ordered to surrender their communication to justice to audit what they do. Missing texts from Von Der Leyen is at the heart of Pfizer-gate after all.
I don’t really know what to think about this to be honest. I don’t think it’s entirely black and white and I find it surprisingly easy to play devil advocate.
Remember that the US government has an insane level of access to private communications via all the post 9/11 laws, how cosy it is with the main tech companies and we know they do a lot of these spying unofficially and with little oversight since Snowden.
Meanwhile, France is struggling with an unprecedented level of organised crime activity with the amount of violent crimes reaching worrying level. There has been a huge increase in the quantity of cocaine being smuggled from South America and the mean in place to tackle the issue increasingly look vastly undersized. Limiting the discussion to it being authoritarian measure is refusing to acknowledge the very real challenge police currently face.
The standard of conduct we need (and are failing) to hold politicians and cops to is actual security and responsibility. Some of the most powerful politicians in the world are leaking private conversations, and no one is holding them accountable. Police are paying private corporations (notably Flock) to build giant monolithic datasets from stalking private citizens, yet neither party is held to any standard whatsoever.
"Scared them shitless" in faux franglais.
Probably something like this would be close to the same colloquial meaning (I'm not familiar with any pants-shitting slang in French): EncroChat leur a foutu les jetons de ouf.
Once it became a big enough target it got taken down, and then quietly run by the police who collected everybody's messages for months before triggering a huge round of arrests, including quite a bit of major organized crime across Europe. The dangers of centralization. They'd love another EncroChat!
Doesn't apply so much to GrapheneOS of course since they're not in the messaging platform market, but it's definitely a cautionary tale.
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.