> The domain “Copperhead.co” was registered by Donaldson in 2014 and incorporated in 2015 under both Donaldson’s and Micay’s names. The idea was that shares would be split equally, with Donaldson as CEO and Micay as de facto chief technology officer. Their flagship product
It sounds to me like some "business" characters I know well. They "handle the business" while someone else does 99% of the actual work, then ask to split 50/50. This didn't work out for Donaldson, and now he spends his time harassing Micay? Is that the gist or am I misreading?
As a response, Micay decided to destroy the update signing keys for all the CopperheadOS devices out in the wild. Resulting in financial damages to Donaldson.
Hardly a level-headed response, even if you disagree about the financial share of something.
It was not a disagreement about shares, it was a hostile takeover. Someone who never owned the project sought to steal it.
CopperheadOS was always's Micay's project and used his own signing key. The key never belonged to Copperhead the company afaik.
According to the linked responses, the keys were not deleted because of disagreement over financial share, but over how the keys were to be used (in particular, in potentially dangerous security-wise ways), for which he did not want personal responsibility over (the keys belonged and used by him even before that project)
Question 17: Did your and Donaldson values begin to diverge? Was Donaldson more concerned with making money than you were?
Answer: [...] In 2018, matters between Micay and Donaldson came to a head over Donaldson’s desire to pursue business deals with criminal organizations, and his attempts to compromise the security of CopperheadOS, including by proposing license enforcement and remote updating systems that would allow third-parties to have access to users’ phones. As part of this process, Donaldson began to demand that Micay provide Donaldson with the “signing keys” - i.e. the credentials required to verify the authenticity of releases of CopperheadOS. Donaldson advised that, in order to secure certain new business, potential customers required access to the Keys.
The keys had been in continuous use by Micay, in his personal capacity, since before the incorporation of Copperhead. However, more importantly, any party with the keys could mark malicious software as “authentic”, and thereby infiltrate devices using CopperheadOS.
Micay was unwilling to participate in that kind of security breach. Since Donaldson had control over certain infrastructure for the open source project, he would be able to incorporate (or hire others to incorporate) the privacy-damaging features described above for all future releases of CopperheadOS. Micay therefore deleted the keys permanently and severed ties with Copperhead and Donaldson.
Question 25: Did things between you and Donaldson devolve when he approached you about a compliance audit? Did he tell you that he needed to know how the signing keys were stored?
From Wired:
We understand that Daniel's recollection was not that James wanted to know more information about how the signing keys were stored, but that he wanted direct access to them.
Question 26: Did you suspect his request was tied to a deal he was brokering with a large defense contractor? Did you believe this would put the entirety of CopperheadOS’ user base at risk?
Answer: Yes and yes.
The large defense contractor in question was Raytheon. The decision to destroy the signing keys was not based on a financial disagreement, but an existential one. Every single CopperheadOS user back then would have been compromised otherwise. It's of course a big deal given the implications, but it acted as a last resort for Daniel to stop a hostile takeover attempt fueled by greed, which he ultimately took because there was no other way out.
Or is it just that Raytheon went against what he thought CopperheadOS stood for?
Intelligence wanted in, and Donaldson seemingly would have been happy to oblige.
Reddit and IRC/etc logs from the period are illuminating, too.
At least some of the defensiveness is warranted. Maybe most of it. Regardless, it comes across in most GrapheneOS communications, and it's sometimes counterproductive.
A related issue, which I'm sure Micay can appreciate, is that users of GrapheneOS tend to be cautious, and increasingly will want to know why the project should be trusted, now that it is popular and on a lot of radars of adversaries.
(For example, hypothetical scenario that's plausible, given the incentives: State actor (e.g., RU, US, CN) or organized crime group long-con starts with a public harassment campaign of Micay. Followed by sleeper volunteers taking more control of the project, initially under the pretext of helping insulate Micay from harassment, and taking some of the load off. Later maybe even impersonating Micay. Now the threat actor has backdoors to a large number of especially privacy/security-conscious parties, including communications, 2FA, location, cryptocurrency wallets, internal networks where those people work, etc.)
I think it probably hasn't been compromised like that, but it's an obvious real possibility, and IMHO, until GrapheneOS is more transparent, some natural users of GrapheneOS are going to consider iPhone relatively "the devil you know".
Again, I think Micay is genuine, and I'm a fan of the project and appreciate it. And I hope the project understands that's compatible with critical thinking about infosec, and doesn't take personal offense at that.
(Source: Am long-time GrapheneOS user, and have donated.)
With a non-profit project of highly principled security experts, there is at least a high probability that they'd rather blow up the project than compromise. People elsewhere in the thread criticize Micay because he deleted the CopperheadOS keys, but to me it increases trust in the GrapheneOS project, since he clearly puts the security of his users over money, fear, and whatnot.
In the end trust arises from running a project or company long-term without evidence that you somehow compromised security.
I wonder in general how this situation could be improved. Second or third independent reproducible build + confirmation signing?
The project is not going to relinquish control to any 3rd party. Not even the Motorola partnership is given control over the GOS project. The hypothetical you describe is not possible by design.
The GOS project takes no issue with critical thinking, and encourages it. But that is often used as an excuse to handwave attacks. There is a very big difference between criticism/critical thinking and attacking them.
Note that there are more individuals in the project than Micay. Multiple people handle multiple responsibilities, its not one person.
Responding to attacks so defensively is almost alway a bad look for organizations. They could really use a PR person with a more measured voice that corrects facts and projects confidence, and does not convey victimhood, insecurity or defensiveness. Take a look at the tone of press releases issued by companies when some tech press bozo writes a hit piece on them, for good examples of dealing with people attacking you.
Is there an authoritative source of information about how a takeover like that isn't possible by design, which people can verify, analyze, hold parties accountable for the pieces that require it, etc.?
As for how such a thing would not be possible;
-GrapheneOS updates do not trust the network, so any compromise of update servers for OS and app updates would not be able to push malicious updates. Only those who hold the signing keys are capable of pushing updates that will be accepted.
-Multiple people review the code that gets included in the OS. There is not one point of failure when it comes to social engineering.
-GOS supports reproducible builds, so the code that is published can be verified to be the code that is built for the official builds.
So in other words, you would need to convince multiple people who are consciously protecting against this, and who have a proven track record of burning the keys if the privacy and security of their users are in jeopardy. On top of that, you need to conceal this from every developer, moderator, and community member who would raise the alarm at the slightest indication of compromise.
That's not healthy for any project.
> ...responding to that with sustained, coordinated attack campaigns online. That's what Micay's history is.
For the rest, in general, I'm tempted to give grapheneOS the benefit of the doubt. Running any FOSS project is hard, running it against the (implicit) wishes of OEMs/Google (who throw in things like Play Integrity) is even harder, and doing it when 3 letter agencies at the US govt actively hate you is harder still.
Being paranoid in responses to FUD campaigns isn't ideal, but save coordinated attacks, I'd say fairly understandable.
So I can understand why they are as defensive as they are.
There's no coordinated attacks on anyone or projects by GrapheneOS. They respond to misinformation, that's about it.
There have been many attacks on privacy/security projects, not just GOS, recently. If you keep up with the GOS forum you can see posts saying GOS was hacked without evidence. Other claims that GOS is only used by criminals. Theyre not true. Misinformation that aims to destroy the reputation of the project should be responded to.
Rossmann wanted to work with GOS and they didn't want him. So Rossmann made that video to make Daniel look bad for revenge probably. Saying he was leaving GOS was a lie, not that GOS can push malicious updates which was also a huge lie. Even after pointing that out that part wasn't corrected because Louis doesn't care about accuracy, he only cares about making Daniel/GOS look bad. He used his big following to punish Daniel. Now he works with Nick from Calyx after he got pushed out and are doing business together.
The more you learn about the story, the more you see the Copperhead stuff was just the beginning and those involved held grudges and pushed their grudges onto more people who bought their lies and it continued. Privacy-focused OSes that pretend to compete with GrapheneOS suck. GrapheneOS is led by someone with integrity, unlike some other projects.
Not that I disagree but Louis Rossmann giving someone advice to tone down the rants is ironic.
"I can't believe you wrote this terrible code. You clearly don’t understand how concurrency works. Do it again."
Technically right, but when you run out of people who actually want to work with you, you'll be writing the code yourself.
GOS only defends themselves from attacks. Its not that they are misinterpreting what is an attack, there are really just that many attacks. It leaves little room for much else than defense. Nobody should have to deal with the inhumane level of attacks.
Barely any comments about the linked thread which is about Wired publishing an article that was extremely poorly researched after having misled GrapheneOS about the intention and content of what would be published. This seems like the sort of thing that should earn a disclaimer on future Wired articles as worthless and get them removed from RSS feeds/have subscriptions cancelled. Complete lack of integrity and respect for standards. Why did they not interview anyone else involved in the project or around at the time?
This Micay guy spends so much time and does something hugely beneficial and we're arguing about how he responds to criticism?
I'd rather direct and blunt rather than the weasel words and lies most companies put out.
I'm much more concerned with companies that claim to support LGBQT+ and then stick a flag up for 10 minutes once a year, or companies who make 10% of their workforce redundant because they want to pay themselves more, or companies who on one hand support green initiatives and then behind the scenes do the complete opposite.
I'm more concerned that Signal incorporated in US is having easy life.
To add - ironically, it was Durov (Telegram founder) who got arrested in Paris.
Not saying Durov is perfect but video you linked is about guy who has all his assets in Russia while Durov has none.
https://curia.europa.eu/site/upload/docs/application/pdf/202...
https://www.ft.com/content/36a37387-cb71-4851-a56f-de2571d52...
Also, I disagree with Durov having no assets in Putin’s direct reach.
https://istories.media/en/news/2024/08/27/pavel-durov-has-vi...
The man looks on photos like he genuinely loves his long-term girlfriend and the three kids he has with her. Kids are stupid tho. They climb on everything and fall out of windows frequently.
(Durov himself is known to regularly visit Russia, while denying he ever visits Russia. Telegram opened a Dubai office claiming that it was now a Dubai-headquartered company, but that was a mere legal formality; no one was actually there at that office, and journalists visiting it found that not even the building staff knew anything about Telegram. In practice, the company continues to exist out of Russia.)
"so anybody going knocking on incorporation addresses in Dubai" The point is that Telegram has repeatedly countered claims that it is a Russian app with "Actually, Telegram is a Dubai company”. People reasonably interpret that as more than a mere incorporation address, and it isn’t being emphasized enough that development is still largely done from Russia, and servers are also located there.
They Built a Legendary Privacy Tool. Now They're Sworn Enemies https://www.wired.com/story/they-built-privacy-tool-graphene... (https://archive.ph/pbJu9)
P.S. I avoided making any statements about what I personally think about Micay and the GOS team's behaviour above because I don't use it and have never looked into it before reading this article, but from looking at the comments, the WIRED article, the forum thread linked in this post, and some cursory research, it just seems like they are a popular software project that is at odds with many powerful actors with obvious motivations against their existence and popularity - if they are constantly combative online instead of being friendly, don't you think part or all of it may be because they have to defend themselves against attacks instead of having the freedom to be friendly like say SQLite/FFMPEG/Rust/other free software projects? I'm admittedly new to HN but this entitlement and refusal to empathise with the people giving you free shit seems insanely out of character
I get the sense a lot of people care about this project and care about defending it but good luck against the propaganda and bullshit like this that comes along with it.
I really enjoy GOS and used it as a daily driver for ~3 years