The French government threatens GrapheneOS to provide a backdoor or be arrested
Mood
heated
Sentiment
negative
Category
news
Key topics
Privacy
Security
Government Surveillance
GrapheneOS
Discussion Activity
Very active discussionFirst comment
N/A
Peak period
52
Hour 1
Avg / period
9.9
Based on 79 loaded comments
Key moments
- 01Story posted
Nov 24, 2025 at 11:40 AM EST
9h ago
Step 01 - 02First comment
Nov 24, 2025 at 11:40 AM EST
0s after posting
Step 02 - 03Peak activity
52 comments in Hour 1
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 24, 2025 at 8:01 PM EST
1h ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
> @everyone GrapheneOS is being heavily targeted by the French state because we provide highly secure devices and won't include backdoors for law enforcement access. They're conflating us with companies selling closed source products using portions of our code. Both French state media and corporate media are publishing many stories attacking the GrapheneOS project based on false and unsubstantiated claims from French law enforcement. They've made a clear threat to seize our servers and arrest our developers if we do not cooperate by adding backdoors. Due to this, we're leaving France and leaving French service providers including OVH. We need substantial help from the community to push back against this across platforms. People malicious towards us are also using it as an opportunity to spread libel/harassment content targeting our team, raid our chat rooms and much more. /e/ and iodéOS are both based in France, and are both actively attacking GrapheneOS. /e/ receives substantial government funding. Both are extremely non-private and insecure which is why France is targeting us while those get government funding. We need a lot more help than usual and we're sending our the first ever notification to everyone on the server because this is a particularly bad situation. If people help us, it will enable us to focus more on development again including releasing experimental Pixel 10 releases very soon.
Additional context:
https://grapheneos.social/deck/@GrapheneOS/11557599710445618... https://grapheneos.social/@GrapheneOS/115583866253016416 https://grapheneos.social/@LaQuadrature@mamot.fr/11558177594... https://grapheneos.social/@GrapheneOS/115589833471347871 https://grapheneos.social/@GrapheneOS/115594002434998739
https://archive.ph/20251124161701/https://www.leparisien.fr/...
"This 27-year-old alleged trafficker is suspected of having run this drug telephone platform which, between 2023 and 2024 in Paris, collected a turnover of two million euros and is said to have caused three overdose deaths during chemsex parties."
Already 15 years ago it was illegal to use Wi-Fi outside buildings in France, FFS. I still remember the old Nokias plastered with those warnings.
Or is GrapheneOS the only one built securely enough to need to be leaned upon?
Either way, makes Google and Apple look bad/incompetent and GrapheneOS look like some kind of beacon of user protection / privacy rights / other things that are the opposite of the direction the world seems to be moving.
They successfully argued in court that being forced to insert code the government wanted would be equivalent to compelled speach, in violation of the first amendment.
As the Feds often do, they dropped the case instead of allowing it to set a precedent they didn't want.
This isn't true, they never "successfully argued in court". There was never any judgement, and no precedent. They resisted a court order briefly before the FBI withdrew the request after finding another way into the device.
1. Apple can and does comply with subpoenas for user information that it has access to. This includes tons of data from your phone unless you're enrolled in Advanced Data Protection, because Apple stores your data encrypted at rest but retains the ability to decrypt it so that users who lose their device/credentials can still restore their data.
2. Apple has refused on multiple occasions, publicly, to take advantage of their position in the supply chain to insert malicious code that expands the data they have access to. This would be things like shipping an updated iOS that lets them fetch end-to-end encrypted data off of a suspect's device.
When we are talking about data stored on a company server, you have no choice when you are served a valid warrant.
That's why Apple went all in on the concept of keeping sensitive data off their servers as much as possible.
For instance, Apple Maps never stored the driving routes you take on Apple's servers, but does remember them on your device.
Apple refused “to write new software that would let the government bypass these devices' security and unlock” suspects’ phones [1].
> not sure exactly what happened after that
Cupertino got a lot of vitriol and limited support for its efforts.
[1] https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...
Are you hypothesising?
I'm not claiming to know of any foul play, but it has happened several times, enough for me to notice. If it was related to time of the month, it wouldn't be as consistent. It might be that you need specific combination of phone, configuration and network provider for this to happen. Maybe I've been p0wnd, but I've noticed this behavior since at least the Nexus line.
Businesses that don't generally cease operating in said country. LavaBit was a highly visible instance of a business shuttering itself instead of complying with such lawful orders.
The simple truth is that if a VPN provider hasn't been shut down by authorities after more than a year (like VPNLabs was), then they are basically guaranteed to be giving out your data to authorities at this point.
Are there any VPN providers that claim they'll take the metamorphic bullet for their clients? I feel like you're setting up unrealistically high expectations where a VPN is like "we don't log or sell your data!", and you retort with "yeah but what if you get a secret court order or the government threatens your family?". I think nordvpn's response is consistent with what reasonable people's expectations are. Otherwise you can apply this logic to all sorts of interactions and find it quickly breaks down, eg. talking to a friend:
>"do promise you won't tell anyone?"
>"yes"
>"yeah but what if government subpoenas you, and grants you immunity so you can't plead the fifth?"
My country has this: https://www.schneier.com/blog/archives/2024/09/australia-thr...
Which kinda ruins it for everyone.
This year, Apple took the UK to court and announced that they would strip encryption features from UK users before they would give in to UK demands for an encryption back door.
If Graphene has the money to do so, they should fight it out in the courts.
And it's not because they're hiding your data. See their disclosure report for data requests.
The situation with Android security updates means that such a distro is either not based on Android (and likely less useful), or there are months-long delays to security updates for the non-GPL components.
Similarly, non-Google versions of Android can't run important apps that require attestation, including the Australian government app myGov.
https://grapheneos.org/articles/attestation-compatibility-gu...
It's safe to assume that software provided by every large, publicly-traded, for-profit technology company incorporated in the USA cooperates extensively with US intelligence agencies, and therefore by extension, the "Five Eyes" alliance, at a minimum if not also the "Nine Eyes" and "Fourteen Eyes" alliances [4].
[1] Slide 6: https://www.eff.org/files/2013/11/21/20131022-monde-prism_ap...
[2] https://www.reuters.com/business/media-telecom/us-court-mass...
Probably has something to do with it, but GrapheneOS doesn't have the money or resources that Google/Apple/etc has to lobby/bribe/delay/obfuscate/etc such attempts.
The latter has worked well because Germany is, to this day, occupied by the US & the UK. But the former has never worked out and is now bankrupting the EU!
(It'd be funny if French software was illegal to use in the EU for GDPR violations. )
There were three articles from newspapers (Le Figaro, Le Parisien) known for their rightist, pro-cops, opinions, and owned by billionaires (LVMH/Arnault, Dassault). In those articles, GrapheneOS is associated with bad actors purpotedly using it as a way to obfuscate their activities.
A comment was made by Johanna Brousse, Chief of French Cybercrime Unit, stating she would not refrain from pursuing the publishers if links were found with a criminal organization and they refused to cooperate with the justice system.
Another claim from a police investigator equates GrapheneOS usage to illegal activity.
Maybe consider replacing the redirecting url to the destination url? Not very good not being able to see the actual url linked imo.
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.