Tracker blocking uses flawed heuristics. The only methods that are typically used are static lists which is just badness enumeration. There is nothing stopping the app/service from sending the data down a different domain that isn't blocked or a domain that can't be blocked without breaking the service.
Adding to that, how do we even decide what is a "tracker"? What is the definition? Some might say it includes all telemetry or crashlytics. Are those inherently malicious?
I don't think it would make sense for GrapheneOS to include something flawed like a "tracker blocker" that lulls people into a false sense of security. They use robust and meaningful methods for improving the privacy and security of the OS.
You understand that in those chats, Micay had been the victim of ongoing harassment, perpetuated by Rossman and Calyx leadership, which culminated in doxxing and then a SWAT attack which is a threat on their life.
They didn't lie about stepping down. They took a back seat to development work and the public eye because of these experiences. It was an enormous toll on their mental and physical health.
Now does that excuse Rossman for mislabeling na individual with mental diagnoses? Does that excuse them and other people for dismissing what they say based on these false labels?
Open source or source availability is not a requirement for auditing a system. There would be evidence that would have almost certainly been found by now if this was the case. It is up to you, or the claimant, to prove their claims. I can say that there has not been any evidence of data collection by hardware components found, despite years of Pixel devices being tested by security researchers and mobile forensics companies. Not only that, the actual technical capabilities of the hardware (isolated component without networking capabilities) backs that up.
GrapheneOS (like any other AOSP fork) is technically a Linux based OS. They run a modified version of the Linux Kernel. What matters is the changes they have made to the kernel, as well as enforcing AVB, SELinux, etc. etc.
"Linux" phones that run modified desktop Linux distros are hugely insecure devices that lack many basic security and hardening features.
It's not a matter of being paranoid and the GrapheneOS project members are not paranoid. It is simply a matter of Murena/eOS/Gael Duval making claims about their products that are misleading, false, and harmful to users.
There is no "hole". It has nothing to do specifically with being from Google, only that no one else but Google is manufacturing devices that meet the hardware requirements and have full support for alternate OSes.
It is an isolated component without networking. This is not evidence that unknown data collection is occurring. You need to provide actual evidence that it is.
He lied about stopping use of GrapheneOS. He can be seen in videos long after still using GrapheneOS on his Pixel. Also, the reasons he stated for not using/trusting it were nonsense. There was not, and is not, a technical way to target a user with malicious OTA updates.
This is definitely not true. GrapheneOS is focused on privacy, security, and usability. It has many features that are solely for increasing privacy and control and implemented in very robust ways. For a couple of examples, see the Contacts and Storage Scopes features.
This is a common misconception people have as a result of misinformation being spread.
That device didn't meet the requirements for GrapheneOS even when it was supported by the OEM. As of now, it is an EOL device and is highly insecure.
https://grapheneos.org/faq#future-devices
Tracker blocking uses flawed heuristics. The only methods that are typically used are static lists which is just badness enumeration. There is nothing stopping the app/service from sending the data down a different domain that isn't blocked or a domain that can't be blocked without breaking the service.
Adding to that, how do we even decide what is a "tracker"? What is the definition? Some might say it includes all telemetry or crashlytics. Are those inherently malicious?
I don't think it would make sense for GrapheneOS to include something flawed like a "tracker blocker" that lulls people into a false sense of security. They use robust and meaningful methods for improving the privacy and security of the OS.