Defense - Defending - Boxer - Boxing - Fighting

Defending GrapheneOS and Daniel Micay

Intro

Trouble has been brewing between Daniel Micay, GrapheneOS, and the privacy and security community for several months. This has culminated in Daniel, the founder of GrapheneOS, stepping down as lead developer of the project in late May, 2023.

In this episode, we go over this issue in some detail and defend Daniel Micay and GrapheneOS from some of the criticisms and responses they’ve received, which we believe are unjustified. We also share our key takeaways and final thoughts so current and prospective GrapheneOS users can make a more informed decision as to whether they should use this operating system.

Podcast

1
00:00:00,000 –> 00:00:14,120
Hey everybody, welcome back to the Bigger Insights Privacy & Security podcast, where

2
00:00:14,120 –> 00:00:17,080
we’ll help you live a more private and secure life.

3
00:00:17,080 –> 00:00:22,900
We like GrapheneOS, and this is one of the tools that we recommend that our clients consider.

4
00:00:22,900 –> 00:00:27,960
So in this episode, we’re going to share our thoughts on this situation that’s been

5
00:00:27,960 –> 00:00:35,160
brewing between GrapheneOS, Daniel Micay, and various parties in the privacy and security

6
00:00:35,160 –> 00:00:36,160
community.

7
00:00:36,160 –> 00:00:42,640
For those of you who aren’t familiar, GrapheneOS is a hardened fork of Android Open-Source

8
00:00:42,640 –> 00:00:50,040
Project, or AOSP, which is the open-source core of every Android operating system.

9
00:00:50,040 –> 00:00:55,720
So when you buy a Google Pixel, Samsung phone, or other phone that runs Android, what they

10
00:00:55,720 –> 00:01:03,000
do is they fork AOSP, then add their apps, telemetry, and other customizations.

11
00:01:03,000 –> 00:01:09,360
GrapheneOS does the same thing, except rather than lock the OS down and load it with bloatware,

12
00:01:09,360 –> 00:01:15,840
and what many would consider to be spyware, it focuses on improving security.

13
00:01:15,840 –> 00:01:22,160
The GrapheneOS project doesn’t seem to discuss privacy very often, but many of the improvements

14
00:01:22,160 –> 00:01:25,800
that they’ve made have privacy benefits as well.

15
00:01:25,800 –> 00:01:32,680
For example, I have a phone with GrapheneOS on it, and I have 5G disabled because GrapheneOS

16
00:01:32,680 –> 00:01:40,440
allows you to do this, and 5G allows for much more accurate location tracking than 4G does,

17
00:01:40,440 –> 00:01:43,080
which is obviously a privacy concern.

18
00:01:43,080 –> 00:01:48,160
And we’ll go into GrapheneOS in more detail in a future episode, because we think it’s

19
00:01:48,160 –> 00:01:52,640
a great project and we think everyone should consider using it.

20
00:01:52,640 –> 00:01:58,400
Daniel Micay is the founder of GrapheneOS and was the lead developer until he stepped

21
00:01:58,400 –> 00:02:01,400
down in late May of 2023.

22
00:02:01,400 –> 00:02:06,680
We’re not going to point fingers or cast judgment because that’s not what we’re about, but

23
00:02:06,680 –> 00:02:12,360
there has been some contention between Daniel and others in the technology space for many

24
00:02:12,360 –> 00:02:13,680
months now.

25
00:02:13,680 –> 00:02:19,760
This is not just disagreements about technical things, but rather personal drama for a lack

26
00:02:19,760 –> 00:02:21,400
of a better word.

27
00:02:21,400 –> 00:02:27,120
We recently saw a YouTube video from Louis Rossmann, who as far as I can tell owns a device

28
00:02:27,120 –> 00:02:32,560
repair business, among other things, where he talked about this issue and stated that

29
00:02:32,560 –> 00:02:37,640
he was going to remove GrapheneOS from his phone because he didn’t feel comfortable with

30
00:02:37,640 –> 00:02:41,880
it anymore as a result of his interactions with Daniel Micay.

31
00:02:41,880 –> 00:02:47,520
Now we’re not going to criticize Rossman for that because we like his work and we respect

32
00:02:47,520 –> 00:02:53,800
his opinion, but we’ve also seen other creators in the technology space criticize Daniel

33
00:02:53,800 –> 00:02:58,920
Micay and GrapheneOS by extension for some of the same reasons.

34
00:02:58,920 –> 00:03:05,400
There’s this idea floating around out there that Daniel Micay, GrapheneOS and their community

35
00:03:05,400 –> 00:03:07,640
are mean and toxic.

36
00:03:07,640 –> 00:03:10,800
We certainly understand where people are coming from on this.

37
00:03:10,800 –> 00:03:16,320
I actually went into the GrapheneOS community once to ask some questions and recommend some

38
00:03:16,320 –> 00:03:17,320
changes.

39
00:03:17,320 –> 00:03:22,320
I don’t quite remember who exactly I was talking to, but I’m pretty sure it was someone

40
00:03:22,320 –> 00:03:28,880
from GrapheneOS. But I will admit that they were pretty direct with me, even though I

41
00:03:28,880 –> 00:03:34,400
was asking legitimate questions that I don’t believe were answered on their website.

42
00:03:34,400 –> 00:03:39,920
However, let me defend their interaction with me with a few points.

43
00:03:39,920 –> 00:03:43,960
1. They didn’t call me names or anything like that.

44
00:03:43,960 –> 00:03:46,560
2. They did answer my questions.

45
00:03:46,560 –> 00:03:52,600
3. They actually listened to me and implemented one of the privacy features that I recommended.

46
00:03:52,600 –> 00:03:56,840
So I’ll go ahead and pat them and myself on the back for that one.

47
00:03:56,840 –> 00:04:01,160
4. And finally, this is a free and open-source (FOSS) project.

48
00:04:01,160 –> 00:04:04,080
These kinds of projects take in little money.

49
00:04:04,080 –> 00:04:10,000
They require a lot of skill and effort, and they take a tremendous amount of garbage

50
00:04:10,000 –> 00:04:11,480
from the public.

51
00:04:11,480 –> 00:04:17,640
I hate to say it, but many in the privacy and security community can be very aggressive,

52
00:04:17,640 –> 00:04:19,920
critical, and unforgiving.

53
00:04:19,920 –> 00:04:26,200
So we cut FOSS projects and their developers a lot of slack as long as they’re not doing

54
00:04:26,200 –> 00:04:27,920
anything malicious.

55
00:04:27,920 –> 00:04:31,720
If they’re going to get a little bit snippy with us, you know, we think that that’s a

56
00:04:31,720 –> 00:04:38,040
pretty small price to pay, even if there’s no real justification for that kind of response.

57
00:04:38,040 –> 00:04:40,160
So let’s talk about this.

58
00:04:40,160 –> 00:04:47,840
Should we abandon GrapheneOS and go to stock Android, CalyxOS, or even iOS because of all

59
00:04:47,840 –> 00:04:49,440
of this drama?

60
00:04:49,440 –> 00:04:54,200
While typing up some notes for this episode, I just saw a discussion where people are talking

61
00:04:54,200 –> 00:04:56,880
about canceling their donations.

62
00:04:56,880 –> 00:04:58,600
Is this justified?

63
00:04:58,600 –> 00:05:05,480
First of all, what exactly is the concern here – that Daniel Micay went ballistic and inserted

64
00:05:05,480 –> 00:05:08,880
malicious code into GrapheneOS or something?

65
00:05:08,880 –> 00:05:14,840
Personal issues aside, we’ve never seen anyone doubt or question the integrity or effectiveness

66
00:05:14,840 –> 00:05:16,000
of his work.

67
00:05:16,000 –> 00:05:18,400
So what is the concern here?

68
00:05:18,400 –> 00:05:24,840
GrapheneOS is open-source, so we can see what code he has contributed, and GrapheneOS is

69
00:05:24,840 –> 00:05:27,280
not just Daniel Micay.

70
00:05:27,280 –> 00:05:32,640
It is an organization with multiple developers, so it’s expected that the project will continue

71
00:05:32,640 –> 00:05:34,920
even though he has stepped down.

72
00:05:34,920 –> 00:05:40,960
So basically, what this all seems to boil down to here is the perception that his communication

73
00:05:40,960 –> 00:05:46,000
skills are poor, some paint him as being paranoid, etc.

74
00:05:46,000 –> 00:05:51,400
But even if those things are true, or as bad as others have made them out to be, does that

75
00:05:51,400 –> 00:05:57,200
negate all of the amazing things that Daniel and GrapheneOS have accomplished?

76
00:05:57,200 –> 00:06:02,960
Let me share a personal story about someone I worked with at a former employer.

77
00:06:02,960 –> 00:06:04,640
Let’s call him Bob.

78
00:06:04,640 –> 00:06:07,880
Now Bob was not the best communicator.

79
00:06:07,880 –> 00:06:13,480
He didn’t make good eye contact, he was a bit awkward, and he had an interesting way

80
00:06:13,480 –> 00:06:19,160
of talking and using hand gestures, which some people found really amusing for some

81
00:06:19,160 –> 00:06:20,160
reason.

82
00:06:20,160 –> 00:06:27,400
However, Bob was also one of our most senior, most loyal, and hardest working employees.

83
00:06:27,400 –> 00:06:33,160
He was always polite to everyone, didn’t complain, and did what he was told.

84
00:06:33,160 –> 00:06:35,960
Now let me ask you, what’s more important –

85
00:06:35,960 –> 00:06:42,240
his unusual communication, or the fact that he was one of our most dedicated employees?

86
00:06:42,240 –> 00:06:47,280
Most of you would probably say the latter, but sadly, it seemed like everyone at the

87
00:06:47,280 –> 00:06:51,120
company treated him like garbage, except me.

88
00:06:51,120 –> 00:06:55,920
People made fun of him in his presence and behind his back.

89
00:06:55,920 –> 00:07:00,040
Managers hardly listened to anything that he had to say, and they gave him very little

90
00:07:00,040 –> 00:07:03,520
equipment and budget that he needed to do his job.

91
00:07:03,520 –> 00:07:09,360
It seemed like I was the only person at the company that respected him, and I did so not

92
00:07:09,360 –> 00:07:15,240
just because of his work and his dedication, but because I believe in focusing on what

93
00:07:15,240 –> 00:07:20,280
good things people bring to the table and overlook more cosmetic things like their

94
00:07:20,280 –> 00:07:22,480
ability to communicate.

95
00:07:22,480 –> 00:07:24,760
Was Einstein a good communicator?

96
00:07:24,760 –> 00:07:27,280
I’m not sure, but I’m guessing not.

97
00:07:27,280 –> 00:07:28,880
What about Steve Jobs?

98
00:07:28,880 –> 00:07:33,880
I’ve heard that he was actually quite abrasive, and people were kind of afraid of him.

99
00:07:33,880 –> 00:07:37,040
So where am I going with this, you might be wondering?

100
00:07:37,040 –> 00:07:41,760
The point is that just because Daniel rubbed some people the wrong way, that doesn’t mean

101
00:07:41,760 –> 00:07:47,240
that he’s a bad or untrustworthy person, and that doesn’t mean that GrapheneOS itself

102
00:07:47,240 –> 00:07:48,740
is problematic.

103
00:07:48,740 –> 00:07:53,480
We think everyone ought to look through these somewhat superficial things and acknowledge

104
00:07:53,480 –> 00:07:58,440
that GrapheneOS is still an amazing privacy and security tool.

105
00:07:58,440 –> 00:08:02,240
This is one of the most important life lessons that I’ve learned.

106
00:08:02,240 –> 00:08:07,920
You need to be able to separate superficial things from facts and data.

107
00:08:07,920 –> 00:08:14,200
Just think about what it would be like to not use any products, services, or code because

108
00:08:14,200 –> 00:08:18,680
you don’t like one of the contributors for personal reasons, or you think they’re a little

109
00:08:18,680 –> 00:08:24,960
unhinged, or you disagree with their politics, or perhaps they do drugs, or whatever.

110
00:08:24,960 –> 00:08:26,800
What would be left?

111
00:08:26,800 –> 00:08:31,800
This is a problem that many employers have, including the federal government.

112
00:08:31,800 –> 00:08:36,960
I could be wrong, but I’m pretty sure that the feds won’t hire you for certain jobs

113
00:08:36,960 –> 00:08:43,720
or give you security clearance if you’ve ever smoked pot or consumed other illegal narcotics.

114
00:08:43,720 –> 00:08:50,600
If everyone was honest about that, think about how many people would be instantly disqualified,

115
00:08:50,600 –> 00:08:55,760
not even taking into account what actually matters, which is their ability to do the

116
00:08:55,760 –> 00:08:56,760
job.

117
00:08:56,760 –> 00:09:00,800
A lot of private employers try to play this game as well.

118
00:09:00,800 –> 00:09:06,480
There seems to be this attitude among employers these days that people have no place at their

119
00:09:06,480 –> 00:09:11,280
organization if they’re a little rough around the edges, and we think that this is a big

120
00:09:11,280 –> 00:09:16,760
mistake because, believe it or not, a lot of the world’s brightest and most productive

121
00:09:16,760 –> 00:09:19,720
people have some kind of blemish,

122
00:09:19,720 –> 00:09:25,720
if you can even call it that, whether that be drug use, communication issues, some kind

123
00:09:25,720 –> 00:09:27,960
of health issue, etc.

124
00:09:27,960 –> 00:09:34,200
If we assume for the sake of argument that Daniel has problems, has anyone considered

125
00:09:34,200 –> 00:09:40,120
that there may be people with these types of problems working at Apple or Google?

126
00:09:40,120 –> 00:09:44,320
Does that mean that you can’t use iOS or Android as well?

127
00:09:44,320 –> 00:09:48,200
That’s no way to live your life or make important decisions.

128
00:09:48,200 –> 00:09:53,480
So to wrap this up, let’s go over some key takeaways and final thoughts.

129
00:09:53,480 –> 00:09:57,400
1. GrapheneOS is not Daniel Micay.

130
00:09:57,400 –> 00:10:01,680
Even if you don’t like the guy for whatever reason, that doesn’t mean that the project

131
00:10:01,680 –> 00:10:07,840
is FUBAR, not to mention Daniel may still be able and willing to contribute code to

132
00:10:07,840 –> 00:10:13,840
the project, which would obviously be reviewed by others before merging in because it’s open

133
00:10:13,840 –> 00:10:14,840
source.

134
00:10:14,840 –> 00:10:21,480
2. We think abandoning GrapheneOS is premature, especially over what is essentially personal

135
00:10:21,480 –> 00:10:24,880
and communication issues from one person.

136
00:10:24,880 –> 00:10:31,240
3. We still believe GrapheneOS is a great operating system and probably the best option

137
00:10:31,240 –> 00:10:35,040
for people who value their privacy and security.

138
00:10:35,040 –> 00:10:41,520
4. We appreciate the work that Daniel Micay and other members and contributors of GrapheneOS

139
00:10:41,520 –> 00:10:45,800
have done to advance mobile privacy and security.

140
00:10:45,800 –> 00:10:51,960
5. GrapheneOS and other organizations might want to try to limit their engineers’

141
00:10:51,960 –> 00:10:58,560
exposure to the general public, not just from a PR standpoint, but also to help them focus

142
00:10:58,560 –> 00:10:59,960
on their work.

143
00:10:59,960 –> 00:11:05,480
This reminds me of that scene in Office Space where Tom was trying to justify his job to

144
00:11:05,480 –> 00:11:11,800
the Bobs and said, “engineers are not good at dealing with customers.”

145
00:11:11,800 –> 00:11:15,080
Perhaps there really is a place for people like Tom.

146
00:11:15,080 –> 00:11:20,320
Like I said before, people in the privacy and security community have very high standards

147
00:11:20,320 –> 00:11:22,320
and can be very harsh,

148
00:11:22,320 –> 00:11:28,280
so insulating your key developers from that to some degree may be beneficial for everyone.

149
00:11:28,280 –> 00:11:33,800
6. This might end up being a good thing for Daniel and GrapheneOS.

150
00:11:33,800 –> 00:11:39,080
We don’t presume to know anything about Daniel Micay, but we do know that no matter how much

151
00:11:39,080 –> 00:11:44,160
you like something, burnout is real and perhaps even inevitable.

152
00:11:44,160 –> 00:11:49,760
So who knows, maybe he just needs a break or to work on something else for a while.

153
00:11:49,760 –> 00:11:54,360
This could also be good for GrapheneOS because most of the criticisms we’ve heard about

154
00:11:54,360 –> 00:11:59,800
the operating system have been specific to Daniel rightly or wrongly.

155
00:11:59,800 –> 00:12:05,880
With someone else in his place, this could attract new capital because large donors, like

156
00:12:05,880 –> 00:12:12,360
organizations, tend to be wary of donating money to someone or something that has a PR

157
00:12:12,360 –> 00:12:13,360
problem.

158
00:12:13,360 –> 00:12:20,680
7. We wish Daniel Micay and GrapheneOS the best of luck and we hope that they continue

159
00:12:20,680 –> 00:12:23,480
doing amazing work moving forward.

160
00:12:23,480 –> 00:12:29,840
8. And finally, regardless of what you think of him, leave Daniel alone.

161
00:12:29,840 –> 00:12:34,680
We don’t know anything about the guy. We’re not going to paint him as any kind of hero

162
00:12:34,680 –> 00:12:40,600
or villain, but we do believe that people should be left alone if that’s what they prefer

163
00:12:40,600 –> 00:12:43,240
and we also believe in second chances.

164
00:12:43,240 –> 00:12:49,400
So let’s all just forget about this, leave the guy alone, let him recover and hope that

165
00:12:49,400 –> 00:12:52,600
he gets back into making the world a better place.

166
00:12:52,600 –> 00:12:55,560
Alright, that wraps it up for this episode.

167
00:12:55,560 –> 00:12:59,840
For those who aren’t familiar with our work, we don’t just produce this podcast and

168
00:12:59,840 –> 00:13:06,240
dank memes. We also help clients like you live more private and secure lives by sitting

169
00:13:06,240 –> 00:13:11,440
down with them in one-on-one sessions and helping them navigate privacy and security

170
00:13:11,440 –> 00:13:17,360
issues like hardening their phones and PCs, implementing more private and secure apps

171
00:13:17,360 –> 00:13:23,120
and services, using password managers, VPNs, Tor, and so on.

172
00:13:23,120 –> 00:13:28,000
If that sounds interesting to you, go to our website, BiggerInsights.com and fill out the

173
00:13:28,000 –> 00:13:33,000
short form at the bottom of the page so we can schedule your initial consultation.

174
00:13:33,000 –> 00:13:58,280
Thanks for tuning in, consider using or keeping GrapheneOS and stay safe out there.

Disclaimer

As of the time of this recording, we have no relationship or association with GrapheneOS or Daniel Micay other than the use of GrapheneOS. We simply appreciate their work.

Support Us

We’re an ethical company that puts our community first. You won’t find us injecting targeted ads or trackers into our website, peddling sketchy products/services, or selling our visitors’ data to 3rd-parties. As a result, our visibility and resources are rather limited.

Please consider supporting us to help keep our mission going. There are several ways to make a difference – from cryptocurrency contributions to simply sharing our content. Every bit of support is greatly appreciated and helps us make the world a more private, secure, and prosperous place.

More Great Content

  • All
  • Finance
  • Privacy & Security
  • Technology
Finance - Budgeting - Financial Planning - Accounting - Asset Allocation - Taxable and Tax-favored Accounts - Cash Finance

Asset Location: Taxable vs. Tax-favored Accounts (401k, IRA, HSA)

Asset Location (AKA Asset Placement) is a strategy for organizing your assets in an optimal way that helps you meet your financial goals. In the previous episode, we focused on asset location strategies for reducing taxes and simplifying your tax return. In this episode, we focus on asset location considerations ...
Continue →
Security - Software - Email - Computer Screen Privacy & Security

Email is Insecure – Here’s How to Improve Email Security

Email was never designed to be private or secure, so not surprisingly, it is neither private, nor secure. In the previous episode, we explained the reasons why as well as the risks inherent to email. However, email is so prevalent that it is unfortunately a necessary evil. In this episode, ...
Continue →
Planning - Concepting - Whiteboard - Tax Planning Tips - Asset Location - Asset Placement Finance

Asset Location: Reducing Taxes & Simplifying Your Tax Return

Asset Location (AKA Asset Placement) is a strategy for organizing your assets in such a way as to reduce tax burden, simplify your tax return, and manage risk. We discuss our Asset Location strategies, which includes specifics about tax treatment for growth stocks, dividend stocks, taxable bonds, real estate investment ...
Continue →
Drake - Bad Choice-Good Choice - Linux vs Windows macOS ChromeOS Technology

Linux Doesn’t Suck – Here’s Why Even Normies Should Use It

Linux has long been viewed as a science fair project for nerds. We explain why Linux doesn’t suck and why it's now usable even for normies. Some of the items discussed: Issues with Windows, ease of use, performance (efficient use of resources), hardware support, application support, OS licensing, concerns about ...
Continue →
Email - Mobile Phone - Privacy and Security - Technology - Hands Privacy & Security

Email is Insecure – Stop Using it for Sensitive Communications

Email is the primary means of sending messages and documents for many people. Unfortunately, email was never designed to be private or secure. Over time, we’ve developed several tools and techniques to help make it more secure. But at the end of the day, no matter how uncomfortable it makes ...
Continue →
Woman Shopping - Holding Shopping Bags - Retail - Spending Money Finance

What Does it Mean to be Able to Afford Something?

Most everyone will agree that you shouldn’t buy things that you can’t afford, yet so many do. Why is that? It seems to us that one of the reasons for this is because many don’t know what it means to be able to afford something. Spoiler alert – it doesn’t ...
Continue →
Scroll to Top