GrapheneOS user reported to authorities for using GrapheneOS

Original Article ↗ Hacker News Discussion ↗

Credibility and details of the incident

  • Some see Yoti’s stated policy (“devices running GrapheneOS” and multiple attempts being “reported to the authorities”) as deeply alarming: privacy tools themselves are treated as suspicious.
  • Others question accuracy: the phrasing may be boilerplate or a typo, and the real trigger appears to be multiple verification attempts from a GrapheneOS device.
  • Several note the only evidence is a Reddit screenshot that could be edited; there’s no public confirmation which “authorities” receive such reports or whether any action is taken.

OS detection, spoofing, and app compatibility

  • People ask why GrapheneOS doesn’t simply pretend to be stock Android.
  • Replies: spoofing is brittle and detectable (e.g., via exploit mitigations or Play Integrity attestation), would become a cat‑and‑mouse game, and could legitimize bans as “fraud.”
  • GrapheneOS is described as reinforcing, not weakening, the app security model; some argue focusing on evasion is counterproductive versus normalizing alternative OSes.

Age verification, Yoti, and biometric data

  • Strong pushback against private age‑verification providers (especially for porn and gaming), where users must link biometric/ID data to accounts.
  • Yoti is criticized as a “mass surveillance” business; a Spanish GDPR fine for unlawful biometric processing, invalid consent, and excessive retention is cited.
  • Some argue users could “just stop using porn,” others counter this just pushes people to less regulated, potentially worse platforms.

Civil liberties, policing, and “pre‑crime” in the UK

  • Many see this as part of a wider UK drift toward illiberalism: Online Safety Act, non‑crime hate incidents, compelled decryption, watchlists, and broad “suspicious activity” flags.
  • Others emphasize nuance: password disclosure requires a judicial order; non‑crime hate incident recording has been narrowed; courts often push back on overreach (e.g., protest bans).
  • There is extensive debate about “two‑tier policing,” protest policing (especially around Palestine), and whether the UK is approaching authoritarianism or still meaningfully constrained by law.

Comparisons with US, EU, and China

  • Some claim the US has stronger formal rights but worse practical outcomes (police violence, ICE, border searches of devices and social media).
  • Others say the UK still offers more reliable due process, but both systems are trending worse.
  • China is generally described as operating at a different, harsher level of control; some warn against false equivalence, others note Western hypocrisy.

User strategies and threat models

  • Several advocate using GrapheneOS for everyday use and keeping a separate cheap stock Android “ID phone” for age verification, banking, and mandatory gov apps with no personal data.
  • Others argue that even using invasive apps on GrapheneOS is a large net win versus stock Android, and threat models differ: some care more about exploit resistance than anonymity.

Broader fears: “authorised devices” and piracy

  • Commenters worry about a trajectory where only “authorised” devices/OSes can access banking, porn, games, or even public services, making privacy‑preserving setups de facto suspicious.
  • Some predict increased piracy as legal access becomes encumbered by intrusive verification, framing piracy as resistance to surveillance rather than mere theft.