Why was I banned from GrapheneOS? That’s a good question.
Anyone who follows me on GitHub knows that I make a lot of contributions to many different open-source projects, especially security-related ones.
A couple years ago, I wanted to try-out both GrapheneOS and CalyxOS, but I found that a niche security feature that’s very important to me hasn’t been implemented in either ROM, so I opened a friendly feature request ticket in both ROM’s repos:
- https://github.com/GrapheneOS/os-issue-tracker/issues/2052
- https://gitlab.com/CalyxOS/calyxos/-/issues/1573
My feature request for GrapheneOS
My feature request for CalyxOS
Neither ticket got much traction. There was some discussion on the CalyxOS ticket. But the GrapheneOS ticket was closed by Daniel Micay (Lead Developer of GrapheneOS at the time) 5 hours after I opened it. I forgot about it.
A year later, someone commented on the GrapheneOS ticket (it was the first and only comment other than Micay’s) expressing interest in my feature request, including some useful information: an implementation (that was blocking the CalyxOS ticket) was already written by LineageOS.
When I saw the comment in my email inbox (and realized it might unblock the feature getting added to CalyxOS), I got excited. I tried to load the ticket in GitHub so I could get more information and link it to the Calyx team, but I was surprised to see that the ticket was suddenly — within hours of the new comment — deleted. The ticket wasn’t locked; it was deleted.
I assumed the ticket was deleted by mistake because — why else would it have been deleted?
First I tried to email the commenter to ask them if it was deleted for them too, but their GitHub account had no contact info. GitHub doesn’t have DMs, so I figured the only way I could communicate with them was by creating a new ticket somewhere and @ tagging them. But where?
I also hopped-over to wayback machine. Internet Archive scraped the page the day that I submitted it (a year ago). I wasn’t sure if the ticket was deleted by accident (maybe Micay accidentally clicked the wrong button?), but — combined with the IA and the email from GitHub with the latest comment, I figured I would just clone the repo, create a new ticket there, use it to [a] contact the most-recent-commenter and [b] also use it to serve as an archive of the now-deleted ticket’s contents for both myself and others.
So I cloned the repo and created the following issue, which I just copied-and-pasted the info from the old ticket to the new ticket. I also asked the most-recent-commenter to confirm if they had the same “deleted” message as me. And I asked Daniel Micay if he had maybe accidentally deleted the ticket, and if he could please re-open it.
I asked Micay if the ticket was deleted accidentally and, if so, if he could please undelete it
The dialog that followed was mind-boggling. [1]
Unfortunately, an hour or so after Micay banned me, they began deleting their own comments from the ticket. Fortunately I still had a tab open with the comments that Micay wrote, so I captured a screenshot (mirror 1) (mirror 2) (mirror 3) and also updated all my comments with full quotes of the messages that I was replying-to (since now it just looked like I was talking to myself).
Screenshot of the (public) dialog between “thestinger” (Daniel Micay) and “maltfield” (Michael Altfield) where Micay attacks and bans Altfield (click here to see the full screenshot)
Not Micay’s first attack
Unfortunately, it seems I’m not the first person to be attacked by Daniel Micay. I won’t bother enumerating the long chronology of such events, because at least two credible YouTubers have already done this:
Can’t see video above? Watch it on PeerTube at techlore.tv or on YouTube at youtu.be/Dx7CZ-2Bajg
Conclusion
In general, I think banning someone from any community is not something that should be taken lightly. If someone ever asks me why I can’t contribute to GrapheneOS, I wanted to have something to point-to to show them why. That is the purpose of this post.
To date, I’m not really sure why I was banned from GrapheneOS. But it seems that Micay is hostile to [a] archiving their (public) tickets, and [b] linking to an alternative ROM (which Micay claims is indirectly responsible for harassing and attacking them).
Further Reading
- Why we no longer sell phones with GrapheneOS by Private Phone Shop
- Daniel Micay publicly steps down as project leader of GrapheneOS on Privacy Guides
- Community Drama and My Search for a Privacy-Preserving Mobile OS by Seth For Privacy
Related Posts
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
GOS developer has been known to be difficult sometimes and is infamous for being short with people at times. Happened to Louis Rossmann and others too.
rip your carrer and personal life
That’s not a very nice thing to say 🙁
Alas, I do think it’s important to transparently document when people at the top of organizational hierarchies abuse their power.
why is everyone dishonestly pretending that this feature enables you to kill misbehaving apps as if that ability doesn’t already exist in grapheneos by using the “force kill” option? all this feature is asking for is a shortcut for an already existing feature, so it’s perfectly reasonable for the dev team to just say no
Hi Nate,
You’re absolutely right. It *is* perfectly reasonable for them to close the ticket. It seems like you didn’t read the article :/
I wasn’t banned for doing anything in the GrapheneOS namespace. I created my own repo (in my own namespace) so I could have a public conversation with someone else (not related to Graphene – just a potential user like me) who was interested in the same feature request. Then Daniel attacked me and banned me (for reasons still unclear).
Please read the full thread here:
https://tech.michaelaltfield.net/wp-content/uploads/sites/5/grapheneos-daniel-micay-banned_banned-full.png
mirror 1
mirror 2
As a sidenote on the actual issue with these ROMs (Yes, you are right, they are *also* called ROMs, contrary what other ppl might say) – IodeOS has a setting for both 3-Button Navigation and Gesture Navigation to execute a custom action on long-press/swipe-hold, among which is also “Kill current background app”. I have found this feature very handy, for your exact reasons (misbehaving or buggy app).
Thanks for the recommendation 🙂
Micay the Great demonstrating his unparalleled communication skills, again. This is getting depressing.
Every single fucking time someone questions even the slightest word he writes, he goes to full-throttle fantasy-lunacy, waves the harassment flag. There is zero space for any kind of debate with opposing views. He spiralling into authoritarianism.
Equally as sad, if not worse actual, is the rest of the team and couple key users (that can be very friendly and helpful) that seem to back him up blindly.
You’ve got a guy which words shall not be questioned, and an entourage of blind followers. The recipe of a cult.
He’s single handedly pushing away people who are/want to contribute/support/promoting GOS. It’s frankly mindbloggling.
This is simply mind boggling. What a POS this Micay is. Whats his deal? He’s on a power trip!
Lunatic
Not only is Micay wrong, he also acts like a child. I facepalmed so hard.
Oh my God this guy is fucking insane.
Daniel Micay doesn’t do this because he is autistic, he does this because he is an asshole.
I’m sorry for you, this guy is just horrible.
Things are way worse, Micheal. Way worse.
It’s not just that Daniel attacks every person who disagrees with him, he and his team are also lying about the security features of GrapheneOS. They are deceiving people.
They state that GOS can protect its users from Google Apps as a main selling point, because they say that those apps don’t have special permissions on their system.
https://forum.f-droid.org/t/graphene-os-questions-comments-concerns-etc/25837/14
They tell people they have nothing to worry about, they write about that all the time, Daniel brags about this feature every single day but it doesn’t even fuc*ing work.
They don’t even know how the Android code works! Or worse, they know and don’t care because they can deceive everyone and no one is allowed to talk about this because they will go after them and force websites to delete these informations.
Daniel and his team talk about harassment but they are the ones lying and harassing people.
They are the ones spreading misinformation.
This is beyond serious, GOS has a HUGE userbase who is being tricked and can’t even know the truth.
Someone has to do something because they can’t get away with lying to users who put their trust on them.
Thanks for sharing this.
Personally, I’m of the opinion that there is no such thing as a secure mobile device. I wish all ROMs would clearly enumerate the limitations of trying to secure a mobile device in their documentation — as it’s not possible to secure a device that’s designed for convenient use.
But I do think it’s a good idea to harden all your devices as much as is reasonable. And, of course, I’d consider the removal of gapps to be an obvious and necessary prerequisite for the lowest bar of security on an Android device..
You’re right, that would be a reasonable and honest thing to do.
But the real problem isn’t that their system can’t actually do anything against GApps like they claim, it’s the fact that they are willingly lying about it.
They know they promoted that feature far too much to come out and say:
“Ah sorry, we didn’t even understand how the Android code works, GApps have full control of your device lmao”.
Presuming they didn’t know that from the very beginning and were just lying to make GrapheneOS look better.
In both cases, you have the creators of “the most secure Android system in world” blatantly lying to their users and exposing them to danger.
How can you trust them if they can’t even admit their own mistakes? What else are they lying about?
Users are risking everything they have in their phones, including money, blindly trusting an unstable person with mental health problems and a toxic personality and their cult which doesn’t allow you to question the things Daniel and his team do.
Even if you bring actual proofs of their lies and the shortcomings of GrapheneOS, they will lie to your face and use their community and their influence to silence you, creating a situation where you can’t question anything they do.
You can question Samsung, you can question Apple, you can question Google, but not GrapheneOS apparently.
They might as well do something illegal at this point and they would still find a way to act as if they didn’t do anything wrong.
You just have to believe them, and if you don’t you’re harassing them and you’re probably trying to kill Daniel Micay while you’re at it, why not. He has to play the victim to find an excuse for his own harassment.
What I means is that this is truly madness and someday something terrible will happen, and even if that day never comes, GrapheneOS is far too sketchy to ever trust, and yet millions of users use it everyday and even more will come.
I’m not sure if I conveyed just how ridicolous and dangerous the current situation is.
You have an extremely popular operating system run by people who attack any project they don’t like, lie about their own security features, expect you to just trust them because they will harass any person or news site that tries to debunk their lies or their toxic behaviour, forcing them do delete those informations (like Daniel did or attempted many times).
And then you have a community who doesn’t know anything and believes everything they say. They trust a deranged person like Daniel Micay more than they trust official companies.
This is a recipe for disaster. I truly fear for them and I wish somebody would spread awareness about this as much as they can, because I can’t.
I don’t have a news site and they would delete everything I wrote anywhere.
I don’t care about them, but I don’t want people to be deceived…