Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies. Transcription in French: > Il y a la surface d'attaque, là pour le coup on est pas des spécialistes de la sécurité, donc je ne pourrais pas te répondre avec précision, mais des discussions que j'ai eu, il semblerait que tout ce qu'on fait, ça réduit la surface d'attaque. Donc oui, probablement ça aide. Par contre, on a pas une approche "sécurité durcie", on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice. Donc il y a pas des trucs pas possibles pour voir si la mémoire est pas corrompue, des trucs de sécu vraiment durcis qui pourraient être utiles clairement pour des dirigeants, dans les services secrets ou que sais-je. C'est pas notre but, notre but c'est de partir d'un constat, aujourd'hui nos données personnelles sont pillées en permanence et ça serait pas légal dans la vraie vie avec le courrier ou le téléphone, on veut changer ça. Donc on vous fait un produit qui change ça par défaut pour n'importe quelle personne. Translation to English: > There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything we do reduces attack surface. However, we don't have a "hardened security" approach, we aren't developing a phone for pedo(censored) so they can evade justice. So there aren't difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That's not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn't be legal in real life with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone. GrapheneOS exists to protect users from having their privacy invaded by arbitrary individuals, corporations and states. Privacy depends on security. GrapheneOS heavily improves both privacy and security while providing a high level of usability and near perfect app compatibility. /e/ has far worse privacy and security than the Android Open Source Project. They fail to keep up with important standard privacy and security patches for Android, Linux, firmware, drivers and HALs. They fail to provide current generation Android privacy and security protections. For years, Gaël Duval has spearheaded a campaign to misrepresent GrapheneOS as not being usable, not compatible with apps and only useful to a tiny minority of people. He has repeatedly claimed GrapheneOS is for pedophiles, criminals and spies while claiming /e/ is for everyone. It's hardly only GrapheneOS focusing on protecting users against exploits. Apple and Google have put a ton of work into it. Apple heavily focuses on privacy and security. That includes protecting against remote exploits, local exploits from compromised apps and data extraction. GrapheneOS and iOS are both heavily focused on privacy and security. Both are gradually adding much stronger protections against apps/sites scraping data, coercion users into giving data via alternatives with case-by-case consent and increasingly strong exploit protections. /e/ is far weaker in all of these areas compared to the standard Android Open Source Project on secure hardware. It doesn't keep up with standards updates and protections. It adds tons of low security attack surface and privacy invasive services. It's not in the same space as us. /e/ and Murena devices are far worse for privacy and security than an iPhone. It's trivial to break into their devices remotely or extract data from them compared to an iPhone. They have weaker privacy protections from apps too. Their main approach to privacy is a DNS blocklist. Their DNS blocklist can only block domains not used for useful functionality to avoid ruining usability. Meanwhile, the most privacy invasive behavior by apps is rarely ever split out into separate domains. Even for those, apps and websites can trivially evade DNS blocklists. It's common for apps and websites to do everything through their own servers. That's best practice to avoid leaking API keys. It's increasingly common for invasive libraries to use hard-wired IPs and/or DNS-over-HTTPS to evade blocking. DNS filtering is increasingly less useful. Murena is a for-profit company owned by shareholders including Gaël Duval. /e/ has a non-profit organization which is also led by Gaël Duval. /e/ includes paid services from Murena. /e/ very clearly exists to build products for Murena to sell in order to enrich the shareholders.

(updated post) The Nekogram telegram client contains code that grabs your Telegram ID and phone number to send to their own bots, also some other OSINT bots mentioned. They admitted to it in their channel (@NekoUpdates) and are insulting users in the comments. Assume your number and user can be correlated at a worst case. Keep away from third party clients. https://github.com/Nekogram/Nekogram/issues/336

GitHub

GitHub - RomashkaTea/nekogram-proof-of-logging: A proof of Nekogram sending phone numbers to the developer

A proof of Nekogram sending phone numbers to the developer - RomashkaTea/nekogram-proof-of-logging

BTW, we don't have to pay you in fiat. View quoted note →

We are hiring Android app software engineers to develop and take ownership of maintaining new #GrapheneOS default applications. This is a fully remote, worldwide position. If you have experience in Kotlin, Jetpack Compose and shipping production Android applications with commitment to security and privacy principles, come help fruit the next chapters of GrapheneOS. Apply:

Hiring | GrapheneOS

#GrapheneOS version 2026032000 released. This release introduces experimental support for the Pixel 10a. - add experimental Pixel 10a support - Launcher: change app drawer search bar to cancelling search when the back action is invoked instead of the query becoming empty - backport SELinux policy for CameraX extensions property used by the Pixel Camera HAL from Android 16 QPR3 - hardened_malloc: multiple small optimizations to improve performance - kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.166 - kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.127 - kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.76 - Vanadium: update to version 146.0.7680.153.0 - adevtool: add support for keeping only certain unpacked images to help with constrained storage - switch to cross-device gmscompat_lib key for 10th gen Pixels - Auditor: update to version 91 All of the Android 16 security patches from the current April 2026, May 2026, June 2026, July 2026 and August 2026 Android Security Bulletins are included in the 2026032001 security preview release. List of additional fixed CVEs: Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044, CVE-2026-0049, CVE-2026-0052, CVE-2026-0073, CVE-2026-0080 High: CVE-2025-22424, CVE-2025-22426, CVE-2025-48600, CVE-2025-48612, CVE-2026-0016, CVE-2026-0036, CVE-2026-0048, CVE-2026-0050, CVE-2026-0053, CVE-2026-0054, CVE-2026-0055, CVE-2026-0056, CVE-2026-0059, CVE-2026-0060, CVE-2026-0061, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0067, CVE-2026-0070, CVE-2026-0074, CVE-2026-0075, CVE-2026-0076, CVE-2026-0077, CVE-2026-0078, CVE-2026-0079

Releases | GrapheneOS

GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our online services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.

Proton on the news, again!? So let's bring it back! View quoted note →

Lightning support in Cake Wallet should be huge for XMR nostr users