Instead, I installed CalyxOS and have been using it over a year now and I'm very happy with it. Check it out.
You have to be aware that you give that person root when you use Graphene. All possible technical improvements aside this is a very big risk. He claimed he would step back after the video released, then called that a lie and continued with everything.
Calyx seems to be the best alternative right now without such a risk factor.
While I don't think the developers necessarily hallucinates being attacked (i.e. given the nature of the project, I would expect them to be persons of interest, be it from surveillance agencies, or even state actors), the main issue with Rossmann is their claim that he is either personally directing harassment against GOS, or colluding with and encouraging other communities to harass (mainly Kiwifarms, Techlore, CalyxOS, and other Android related FOSS projects). This claim seems to originate then cascade from Rossmann leaving the comment "Informative, but unfortunate" on TechLore's video criticizing GOS's leadership. This is taken as explicit support of TechLore community's / KiwiFarms alleged harrassement on the lead GOS developer, and this has somehow been cascaded and blown out of proportions, and considered by GOS developers as evidence of Rossmann's wrong doing against them.
As mentioned somewhere else, I am using GrapheneOS since 2 or 3 years now, based on Rossmann recommendations. The software is very good, pretty much native Android experience, but without the extra alleged Google snooping / root access. Rossmann himself seemed to have stopped using it as his main device because of fear of retaliation given that the GOS devs could potentially target him. Better safe than sorry. I still use it because I am not that high profile of a person, and generally will use throwaway when it comes to discussing anything GOS related at this point. The overall leadership however, based on Rossmann's and later my personal interactions with them however, did leave a bad after taste.
But he didn't. It's clear in his later videos that he was still using GrapheneOS, I believe even for months after the video.
> Better safe than sorry.
People who are familiar with how GrapheneOS updates work wouldn't agree. No identifiers are sent to the update server, so targeted updates aren't possible that way. Also, update servers only host static files. If Rossmann was really that worried, all he'd have to do is use a VPN. But that was all just a huge dramatic act so his video would get more views, and possibly to entertain his fellow Kiwi Farms members.
Emphasis on "seemed to have stopped using it as his main device". For all we know, he kept it as secondary device (its just that good) after removing anything he deemed critical. Again, he never said "don't use GOS", or "GOS is not secure". He said he was did not feel safe enough because of the hostility from the lead dev.
> People who are familiar with how GrapheneOS updates work wouldn't agree. No identifiers are sent to the update server, so targeted updates aren't possible that way. Also, update servers only host static files. If Rossmann was really that worried, all he'd have to do is use a VPN. But that was all just a huge dramatic act so his video would get more views, and possibly to entertain his fellow Kiwi Farms members.
Does it matter ? Rossmann is a layman when it comes to software. What he perceives is that "lead GOS dev is hostile against me and has essentially full control over the project". First, he is under no obligation to spend hours learning how GOS updates work and audit the code every release, whether or not some identifier is being tracked or not (and by the way, you can still get identified and tracked even if you use a VPN). The damage was done once that lead GOS dev persist in toxic behavior, for the lack of a better word.
> But that was all just a huge dramatic act so his video would get more views, and possibly to entertain his fellow Kiwi Farms members.
Unsubstantiated claims. We cannot read his mind, and I have yet to see any evidence that would support these.
Sure, but that requires additional data about the user, which the GrapheneOS update server doesn't get. Both the update client and the update server are open source, so you can verify any of what I'm saying. The server only sees the user's IP address, which device model they're requesting an update for, and which update channel (alpha/beta/stable) they are using. The HTTP headers, etc. for the request would be identical across any GrapheneOS device, as they use the exact same updater app.
https://github.com/GrapheneOS/releases.grapheneos.org https://github.com/GrapheneOS/platform_packages_apps_Updater
> First, he is under no obligation to spend hours learning how GOS updates
That literally takes a few minutes to look up, it's all really well documented on the official website. https://grapheneos.org/faq#default-connections
But yes, I do believe that he's obliged to do some research before putting out such absurd claims entirely based on speculation with no technical knowledge or understanding.