Army is not only generals and meat waves.
> We've used our available connections to try to keep them safe. There's no way to get them out of the conscription. However, they're an incredibly talented security researcher and engineer and it would be extraordinarily misguided to send them to front line combat. This seems to be understood now.
He was assigned to being infantry since that's the default. Due to our public post on X specifically, he ended up being transferred to doing development work instead. That transfer was only finalized in the past couple days.
He's safe but we're still down our most important developer. We successfully migrated to Android 16 despite this combined with Android 16 no longer providing Pixel device repositories in the Android Open Source Project but it took a lot longer than usual. We're currently recovering from the massive amount of work we had to do for the Android 16 port so development is going fairly slowly right now. We plan to hire more experienced developers.
https://grapheneos.social/@GrapheneOS
> GrapheneOS has only ever posted about Braxman in response to his misinformation about us. In his latest video attacking us, he engages in clear libel towards our team.
> GrapheneOS is currently under a state sponsored attack attempting to misrepresent it as being for criminals
> Due to F-Droid deliberately causing friction and annoyances for GrapheneOS users
> There's currently an example of one of these attacks on the project ongoing across Swedish forums and social media.
The fact that you're bringing up the Rossmann video after saying that is very telling. There's a huge difference between technical discussion and what was very clearly an attack by Rossmann. He clearly knew what he was doing. The video was made shortly after GrapheneOS's founder was swatted. He was understandably upset about that and with Rossmann and Rossmann recorded a private conversation and used that to attack not only GrapheneOS, but also its founder in an attempt to harm GrapheneOS's reputation. Louis didn't actually stop using GrapheneOS, so that part was a lie. It's clear that he was still using GrapheneOS in his later videos.
It's pretty low to bring that video up here. If you have a real technical issue with GrapheneOS, then you could bring that up instead.
The response to Braxman was after he posted a video calling GrapheneOS's founder crazy and made up a whole bunch of lies about the state of GrapheneOS, then plugged his own product. Clearly trying to damage GrapheneOS while helping himself at the same time. https://grapheneos.social/@GrapheneOS/114824444524603470
The thread about a state sponsored attack came after a sudden flurry of news articles about GrapheneOS being used by criminals and claims that devices running GrapheneOS have been exploited with 0 evidence https://grapheneos.social/@GrapheneOS/114784469162979608
F-Droid's approach is incorrect. GrapheneOS adds the sensors permission the same way that upstream AOSP adds and splits permissions, so F-Droid blaming GrapheneOS for an issue with their app is incorrect. People should read https://grapheneos.social/@GrapheneOS/114790171247296048 for more info.
GrapheneOS is an open source project with many project members including many developers. It isn't one person as you're portraying it. GrapheneOS has been attacked by many people, of which there is ample verifiable evidence.
> GrapheneOS has only ever posted about Braxman in response to his misinformation about us. In his latest video attacking us, he engages in clear libel towards our team.
It's easy for people to verify this and to see that this is a charlatan selling insecure products/services. We linked to content from a security researcher who has never been involved in our project going through his content and products/services evaluating it. Other security researchers have done the same.
> GrapheneOS is currently under a state sponsored attack attempting to misrepresent it as being for criminals
People can verify there were multiple news article in Spain from law enforcement contacting publications and portraying GrapheneOS as being for criminals. There were then hundreds of news stories based on those. None of these publications contacted us, but several do say they talked to Spanish law enforcement. We consider a state spreading clear misinformation about GrapheneOS and our userbase to be a state sponsored attack. We explained very clearly what was happening and did not portray it as anything other than what it was.
> Due to F-Droid deliberately causing friction and annoyances for GrapheneOS users
People can see for themselves they're doing this. Multiple F-Droid developers were involved in the company which tried to take over our project in 2018 and have continued on attacking the project since then. That takeover attempt in 2018 is where nearly all the attacks on GrapheneOS originate.
> There's currently an example of one of these attacks on the project ongoing across Swedish forums and social media.
This is accurate information and it's easy to verify it's happening. We didn't speculate about the origin of these attacks.
Your own post from a sockpuppet account demonstrating the attacks on our project including harassment towards our development team where people baselessly claim that I'm insane, delusional, etc. and push fabricated stories about it. Several other freshly created sockpuppet accounts can be seen here too.
> We're in communication with him and he has been diverted away from combat.
You can argue that a specific individual has specific skills and experience that make them more valuable to the country in a non-fighting role. But software developer is just another common job.
But the commenter seems to be making a moral, not utilitary, argument.
This isn't so much about being worthy of protection as it is about the army dealing the most damage it can. Exploiting software vulnerabilities to disable production (like the Ukranians did for that drone production company) can save as many lives as sending someone to the front can. Breaking into networks to gather OPSEC is crucial for any military operation, offensive or defensive.
odds are the dev is in some sort of signals intelligence unit or doing dev on some sort of drone control system, etc.
ditto for if/when they draft doctors, dentists, welders, etc. -- put people with skills and experience in those fields into areas where they can be used.
doesn't mean the graphine dev ain't working 20 hour days and ain't getting targeted by drones -- just they're not line grunts.
There are a lot of highly qualified people in the combat corps.
> ditto for if/when they draft doctors, dentists, welders, etc. -- put people with skills and experience in those fields into areas where they can be used.
Many of which will be very close to the FEBA.
But the Graphene OS commenter seems to be making a moral, not utilitarian, argument, which is both odd and somewhat reprehensible.
Thousands of people rely on GrapheneOS, many of whose lives would be in danger from repressive regimes or criminals if GrapheneOS makes a security blunder or even stops being maintained. Working on GrapheneOS probably saves far more lives than being just another frontline soldier.
It is blatantly immoral to say that a person's life should be valued more because of they are a software developer or because of the software they produce, or that it should be protected more than the lives of other people.
> Working on GrapheneOS probably saves far more lives than being just another frontline soldier.
And it doesn't make a life one iota more valuable than anyone else's.
Why do armies send people to the front? To defend their citizens' lives from an invading army. By taking the developer away from a project where he saves many lives to the front where he can save few lives if any at all, you're the ond saying that the lives in Ukraine are more valuable than the lives of political dissidents, journalists, refugees, etc. everywhere else.
That messaging is insulting to families of equally skilled people who have died in combat and is also historically a precursor to extreme policies based on perceived human worth.
It's important to note that Graphene didn't ask for this developer to be assigned as a specialist where would they provide the greatest operational benefit - they explicitly asked for protection.
It is morally reprehensible, as are your comments.
There was no decision made on where to assign him based on his skills prior to our intervention. People are assigned to infantry by default.
> While it is sensible to use skills effectively
This is not what they're doing in practice.
> Graphene OS's public messaging that pleads for special treatment for one individual developer because their project is important implies that some individuals' lives merit more protection than others, which is not true.
That's absolutely not what we said.
> It's important to note that Graphene didn't ask for this developer to be assigned as a specialist where would they provide the greatest operational benefit - they explicitly asked for protection.
No, that's completely wrong. The entire purpose of the post was an appeal to Ukraine's military based on his clear value to them as a very talented security engineer/researcher. The whole point was getting on the radar of high level people who could evaluate that and make the correct decision of having him do work relevant to those skills. That's why we posted about it publicly at all. We had a clear goal and achieved it.
> It is morally reprehensible, as are your comments.
Your claim that what we said or did is morally reprehensible is ludicrous. We didn't do anything to harm their war effort and they'll be far better off using him in a sensible role related to his skills rather than as infantry.
Ukraine's military leadership made the decision to have him transferred to a software development role entirely based on merit and his value to their war effort. It was done entirely by the book with many people aware of it. It was officially authorized by their military's general staff. If you think keeping our friend safe was morally reprehensible, good for you. None of the officers we talked to had any issue with what we did.
Do you think it's morally reprehensible for Russian men to flee Russia to avoid military service in a war of aggression? If anything, it's morally reprehensible for them not to do everything possible to avoid being part of it. Do you think people are obligated to fight and die for the state they were born in regardless of the details?
In regards to the actual circumstances, not everyone agrees men are obligated to fight and die for their country against an aggressor simply because they were born in it. You're treating it as if there's a universal moral code where defending the nation state you were born in is part of it. It's entirely possible to be against Russia's war of aggression and to support Ukraine defending themselves without wholeheartedly supporting forced conscription. Other countries could have intervened with their volunteer-based forces instead of watching Ukraine send their male population off to die against a much larger force without adequate equipment. What's moral about you expecting Ukrainian men to fight and die in a war while you do nothing?
Denying that this was special pleading is absurd; selective protection for an insider while countless other conscripts (many equally talented and important in their fields) get no such advocacy is a moral and ethical failure.
We never said anything about his life being worth more than others. We posted an appeal to Ukraine's military leadership explaining his value to their war effort with the goal of keeping our friend safe. What's the problem with that?
> And it doesn't make a life one iota more valuable than anyone else's.
What's the problem with trying to keep our friend safe in a way that helps Ukraine to defend themselves?
We posted an appeal to Ukraine's military leadership which was obviously not a moral argument about conscription. Our thread explicitly stated that we aren't taking a position on forced conscription in an existential defensive war.
The former is morally reprehensible and an insult to the families of the war dead.
If this is not clear to you, I think some self reflection is in order.
I checked the guy GOS mentioned: Robert Braxman. One single photo gives you all the vibes from the guy.
It is the same as "Stop Killing Games" movement with Pirate Software totally against it while spreading misinformation. Bad for him tho, the internet uncovered all the lies and bs, that guy's life is finished lmao
For GOS, they need some serious security analysts to review Robert's doing and exposed everything, just like "Stop Killing Games" heroes did.
Not that we don't trust GOS but the position they are in, make it easy to be judged as "bias" by the media, only them Robert and cia will stop this bs.
Just this headline should really scare us.
Grapheneos is a fantastic project and we should all support them but recent headlines here on HN make me believe we are just delaying a little what is unavoidable. Meaning, soon you will need:
1/ A common spyware smartphone turned off with your digital ID and banking app or whatever.
2/ Another device you can reasonably trust and use with confidence, hopefully with Internet connectivity.
I do not know what that second device will be:
- probably a PinePhone
- or a ClockworkPi uConsole with cellular modem
- maybe one of those LilyGo T-Deck with cellular modem
The open source community have greatly contributed to the success of Android but today I would rather have the smart people of GrapheneOS working on the real escape plan rather than trying to keep us just a little bit longer in the Google trap.
I understand they are working on their own hardware which is a bold step toward this direction.
The lead developer was conscripted, but the rest of the development team prepared for Android 16 and the port was completed in a couple of days.
Device-specific repositories were not included by Google this time, so while the port was finished quickly, they had to work around this. And now GrapheneOS has finished the Android 16 port.
So I'm not sure why people need to freak out and start using insecure devices because they _think_ something will happen with no proof. The fact is GrapheneOS is still going strong. And you can see they've been talking about talks with a big OEM on their socials, so even if new Pixels can't be supported in the future, other OEMs are interested.
As of today I already need an 2 Android phones
1/ One Google Android phone for my banking app with Google Integrity API working
2/ One GrapheneOS phone for everything else
I could switch bank for the 3rd time, sure. But how long can I run away?
So what I meant is hopefully in the future we will have a GrapheneOS hardware device, but they might also need to fork or leave AOSP. Because trying to be in the Google Android ecosystem and out of it at the same time became impossible or too costly.
We can't spent most of our resources trying fit in instead of creating our own path.
The Play Integrity API is working. Banking apps rejecting GrapheneOS' hashes has nothing to do with Google Android vs AOSP and everything to do with what the banks decide is an acceptable risk.
GrapheneOS implements everything the Play Integrity API needs and is completely honest about doing so. That's unlike many custom ROMs that lie to Google and spoof a device that doesn't support hardware attestation, which makes many banking apps work.
It's not compatible with the hardware-based security features and atomic A/B update system.
> I imagine at some point a ROM might use pKVM to boot a copy of Android that passes Play Integrity checks through the necessary spoofs without altering the host OS.
Spoofing is not going to pass the Play Integrity API strong integrity level and the device integrity level will keep moving closer to enforcing hardware attestation too.
> The Play Integrity API is working. Banking apps rejecting GrapheneOS' hashes has nothing to do with Google Android vs AOSP and everything to do with what the banks decide is an acceptable risk.
Play Integrity API does not allow anything other than Google Mobile Services devices with the stock OS to pass the device or strong integrity levels. Passing any of basic, device or strong requires being logged into a Google account now too. GrapheneOS provides full support for hardware-based attestation which apps can use to permit both any stock OS and also GrapheneOS or other alternate operating systems. Most apps choose to simply do what Google recommends of not allowing anything not licensing Google Mobile Services with no check for minimum patch level, etc. It's not really a security feature.
> GrapheneOS implements everything the Play Integrity API needs and is completely honest about doing so.
We do, but Google chooses not to allow GrapheneOS. They may be forced to change that soon due to EU regulation. Several apps in the EU have chosen to permit GrapheneOS via using the hardware attestation API themselves but what's really needed is Google being forced to do it.
> That's unlike many custom ROMs that lie to Google and spoof a device that doesn't support hardware attestation, which makes many banking apps work.
That only passes the device integrity level and many banking apps are moving to the strong integrity level. It's also getting harder to do it and Google has detection for it which is being used for an extremely slow moving crackdown on it. They're likely doing it so slowly to avoid making too many people angry at once leading to serious pushback against it. They're mostly fine with people passing it for now, which they can detect is happening via their fingerprinting system. They're choosing to allow it when it's not for wide scale abuse. They would prevent it if an OS like GrapheneOS with 350k+ users deployed it with perhaps around half of the users were using it due to using sandboxed Google Play. If we made it a toggle, it would still likely be too large scale to get away with it.
Most banks permit using GrapheneOS. It's also possible to do most things via online banking. Generally only a fcertain things like cashing a cheque requires a native app.
> So what I meant is hopefully in the future we will have a GrapheneOS hardware device, but they might also need to fork or leave AOSP. Because trying to be in the Google Android ecosystem and out of it at the same time became impossible or too costly.
We're actively working with a major Android OEM towards their future devices providing official GrapheneOS support. Not really clear why we'd need to switch the base for the OS. We'd still need a fork of AOSP if we want Android app compatibility. If we didn't have Android app compatibility, you'd probably have a lot more reasons you couldn't use it as your only device than a single banking apps. Same applies to most users.
> I could switch bank for the 3rd time, sure. But how long can I run away?
Several European banks have explicitly chosen to permit GrapheneOS via https://grapheneos.org/articles/attestation-compatibility-gu.... We're hoping EU regulation requires Google to stop banning it from banning the Play Integrity API since we provide everything they need to verify GrapheneOS via hardware-based attestation. It shouldn't be up to Google which devices and operating systems are allowed to use mainstream apps and regulators generally agree with that. It's just taking a long time for regulators to understand it and do something about it. We expect it will happen.
> We can't spent most of our resources trying fit in instead of creating our own path.
We've hardly put any resources into this. There's not really much we can do about apps deliberately trying to stop people using another OS including GrapheneOS. It's more of an issue to solve via convincing them to permit it than a technical one. A technical workaround would only be a temporary hack likely to break fairly quickly.
theamk•6mo ago
"We avoided specifying the country or war to avoid involving GrapheneOS in a debate on forced conscription in an existential defensive war."
I will follow their wishes and not specify the specific war or side, but this comment gives me all the information to figure it out.
bawolff•6mo ago
defrost•6mo ago
https://en.wikipedia.org/wiki/Conscription_in_Israel
https://en.wikipedia.org/wiki/Conscription_in_Ukraine
https://en.wikipedia.org/wiki/Conscription_in_Russia
https://www.aljazeera.com/news/2025/4/11/myanmars-military-d...
https://en.wikipedia.org/wiki/Conscription_in_Sudan
longfingers•6mo ago
strcat•6mo ago
wiseowise•6mo ago
bawolff•6mo ago
That's basically war propaganda 101 - the war is defensive and existential.
wiseowise•6mo ago
dontleakkeys•6mo ago
I assume that there's truth to what they're saying and that they probably were swatted, and that's awful. But it doesn't feel right to me. Being betrayed seems to be a consistent part of the narrative GrapheneOS presents about itself. It's even in the history section on their website.
strcat•6mo ago
Our lead developer was conscripted.
> I assume this is basically true and that it's probably Ukraine or maybe Israel
We made it clear enough it was Ukraine and later publicly confirmed it multiple times once it wasn't going to cause any issues.
> but the way they're talking about how everyone is against them and sabotaging them makes me think we may not be dealing with a reliable narrator.
We've never said everyone is against us. You're misrepresenting our statements. You appear to be alluding to ongoing harassment which baselessly claims that I'm insane, delusional, schizophrenic, etc. Phrasing it the way you did doesn't absolve you of responsibility for participating in it.
> I assume that there's truth to what they're saying and that they probably were swatted, and that's awful.
What we've said about these topics is completely accurate and your attempt at misconstruing it and sowing doubt is wrong.
> But it doesn't feel right to me.
Okay, so you have unfounded theories based on vibes.
> Being betrayed seems to be a consistent part of the narrative GrapheneOS presents about itself. It's even in the history section on their website.
The information we've provided about these topics including about Copperhead's takeover attempt on the project in 2018 is accurate. Our lead developer being a Ukrainian man is easy enough to see from GitHub. They went from by far the most active developer to completely inactive after being forcibly conscripted at the start of April. They're now able to contribute a little bit in their free time again.
bawolff•6mo ago
strcat•6mo ago
See the response at https://news.ycombinator.com/item?id=44583672.
strcat•6mo ago
bawolff•6mo ago
I was initially assuming Israel was relying on reserves for the current war, which seems to be true, but it also sounds like being in the reserves is mandatory so i guess that is conscription with extra steps.
Anyways, i guess your broad point is right.
throwaway290•6mo ago
Some draftees are made sign the contract not just with large sums of money but also force/torture. I am told it happens almost dsily and knowing a bit what russian army is like I think it is likely. Probably more likely if you are non-slavic guy from the regions and not a big city
This story is about a guy who was arrested for theft or something and was "offered" contract. Apparently cops get 100000 rub reward for one guy who they "convince". https://meduza.io/feature/2025/07/13/dozhd-18-letnego-dagest...
strcat•6mo ago
throwaway290•6mo ago
strcat•6mo ago
throwaway290•6mo ago
strcat•6mo ago
strcat•6mo ago
Ekaros•6mo ago
pyuser583•6mo ago
strcat•6mo ago
strcat•6mo ago
tonyhart7•6mo ago
is that controversial??
adastra22•6mo ago
wiseowise•6mo ago
Even though the guy is obviously on the right side of history, it might be problematic for project like Graphene to acknowledge it.
strcat•6mo ago
spankibalt•6mo ago
The same swings the other way around, i. e. Graphene protecting its devs against any outside threats. Etc.
Hizonner•6mo ago
strcat•6mo ago
See the response at https://news.ycombinator.com/item?id=44583672.
spankibalt•6mo ago
Nonetheless, thanks for the details.
DiogenesKynikos•6mo ago
yreg•6mo ago
senectus1•6mo ago
DiogenesKynikos•6mo ago
diggan•6mo ago
yreg•6mo ago
bawolff•6mo ago
strcat•6mo ago
strcat•6mo ago
colordrops•6mo ago
ThePowerOfFuet•6mo ago
dontleakkeys•6mo ago
colordrops•6mo ago
dontleakkeys•6mo ago
colordrops•6mo ago
bugtodiffer•6mo ago
dontleakkeys•6mo ago
Pretty, pretty please, let's not debate whether or not this is the case and just acknowledge we can't rule Israel out.
bawolff•6mo ago
I think the best argument against it being Israel, is that it appears to have happened suddenly and unexpectedly. News reporting makes it sound like the Israeli system is very predictable - people get conscripted at a specific age (even in peace time), and then afterwards serve in reserves, that might get called up. Ukraine on the other hand has a significant manpower problem and has been somewhat desperately trying to increase the conscription pool. Someone being unexpectedly caught up in conscription seems more likely in Ukraine's situation where the rules are being actively changed to get more recruits.
strcat•6mo ago
The final paragraph was added later after further internal discussion about how people were misinterpreting the country as being Russia or Israel. It was carefully worded to make it obvious which country we were referring to to almost everyone while also making it clear we weren't taking a stance against them defending themselves. It was meant to be very obvious after the addition of the final paragraph.
See the response at https://news.ycombinator.com/item?id=44583672.
> Someone being unexpectedly caught up in conscription seems more likely in Ukraine's situation where the rules are being actively changed to get more recruits.
It wasn't due to a change in rules. They've lowered the age range to 25 through 60 and people age into it but it wasn't either of those things.
strcat•6mo ago
See the response at https://news.ycombinator.com/item?id=44583672.
throwaway290•6mo ago
And "diverting somebody away from combat" for this kinda reason sounds not like russian army.
And they saying it is "defensive existential war" is another thing, if this turns out to be Russia GrapheneOS would be on my personal blacklist forever
strcat•6mo ago
See the response at https://news.ycombinator.com/item?id=44583672.
throwaway290•6mo ago
strcat•6mo ago
k4rli•6mo ago
strcat•6mo ago
The primary goal of making it public was getting him diverted away from infantry to a role related to software engineering and/or security research. It makes little to send the lead developer of a security research and engineering project to launch grenades from a trench. We got in contact with high level people who were able to intervene after he completed 45 days of basic training. He had to do several weeks of menial tasks and was just recently transferred to a more sensible tech related role. We're still down our most important developer.
We deliberately made it obvious which country we were talking about without directly specifying it. A Russian opposition paper did the basic investigative journalism required to confirm what we implied:
https://meduza.io/feature/2025/04/22/veduschego-razrabotchik...
The way we approached it worked out well. It was an appeal to their military leadership based on it not being in their interest to use him as infantry, not a political statement. Ukraine forcibly conscripting men aged 25 through 60 to defend against an invader trying to wipe out their nationality is a messy topic. We had to publicly post about it to get help, that's all.