Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Daniel Micay Profile picture
@DanielMicay
Nov 5, 2020 21 tweets 5 min read Read on X
was initially released in August 2018. I developed it to replace the port of OpenBSD malloc to Linux and Android that I made in 2014.

Copperhead was founded in late 2015 and split from my open source Android hardening project in June 2018.github.com/GrapheneOS/har…
My open source Android hardening project had already been renamed to the Android Hardening project when hardened_malloc was developed and released.

The hardened_malloc license requires attribution. License and copyright header needs to be included by anything using the code.
Copperhead is misrepresenting my allocator hardening work throughout the years as their own. They're fraudulently misrepresenting my open source work throughout the years as their own and by not complying with the licensing. This is a particularly egregious case of it though.
I have never been an employee of Copperhead. There was never any employment agreement or salary. They made retroactive changes claiming I was an employee in 2017 and early 2018 before pushing me out. Even if that was true (it's not), this work was not done in that time period...
Copperhead also fraudulently claims to have upstreamed code in AOSP, which is not the case. I landed changes in AOSP as an individual. I explicitly signed the CLA with Google as an individual. They also falsely claim credit for work done entirely by Google with no coordination.
Similarly, they've tried to imply that they have involvement in the Seedvault project which is not the case. They've made no contributions to Seedvault. It was created by Steve Soltys and @calyxinstitute has done the bulk of recent development. Copperhead has no involvement.
My involvement in Seedvault was coming up with the concept and inspiring the author to create it. Calyx stepped up to help get it past the finish line to a stable release and is continuing to make substantial improvements. This is a team effort, not involving Copperhead at all.
Copperhead continues to claim credit for work done by others. They also falsely claimed that Calyx and many other organizations were their partners when it wasn't the case. They've removed those claims, but they continue to make these kinds of false claims. The fraud never ends.
Copperhead has never included a one-time permission grant feature. That was developed by Google for Android 11.

This was the downstream background access feature:

github.com/GrapheneOS/pla…
github.com/GrapheneOS/pla…

This became obsolete with Android 9. It was not landed upstream.
It was Android 9 that removed access to the camera, microphone and sensors in the background:



Android 11 just changes the permission request interface to inform users of the restrictions. The changes were all done by Google. It was never "upstreamed".developer.android.com/about/versions…
It has always been the case that developers working on the project own their own code. There has never been any kind of copyright assignment, and it has been explicitly communicated throughout the years that this is the case. It was no different when Copperhead was sponsoring it.
It's quite sad that a company can get away with fraudulently taking credit for the work of others and earn substantial revenue from selling it as a branded closed source product. They don't have an understanding of what they've taken and are shipping a broken, insecure product.
CopperheadOS is a closed source with tracking for license enforcement. It masquerades as hardened and they take credit for the work of the developers they're trying to wipe out. They take our work while trying to destroy our project with baseless lawsuits and misinformation.
Copperhead filed a baseless lawsuit against us based on their false claims. We've filed counterclaims against them and we're filing our own lawsuit against them based on their fraud. You can read our initial legal response here:



There will be a lot more.grapheneos.org/legal/Micay_%2…
CopperheadOS at the time that Copperhead split from the project was almost entirely created by me and all my work was attributed to me as the author and owner. This was always agreed upon. Nothing was assigned to Copperhead. Nothing in the code was ever attributed to the company.
They even try to claim ownership over my open source work done before the company existed and after they stopped sponsoring the project. It's simply ridiculous. They sell an very expensive product that's just a poor imitation ripping off the real thing. It's incredibly pathetic.
Meanwhile, while they're spreading misinformation, threatening open source developers and filing a baseless lawsuit they claim that we're "bullies" for defending ourselves and talking about what really happened and is happening. That's some seriously screwed up projection...
The CEO of Copperhead, James Donaldson, is a narcissistic psychopath. He pretended to be my friend while manipulating and gaslighting me for years. He completely betrayed me and went back on all our agreements. He has tried to retroactively rewrite history, but it won't work.
We have records proving these falsehoods along with witnesses who experienced these things publicly and internally. If you want to help us, get in touch with me or help cover the expensive legal fees (). Legal fees for September alone were just under $5000.grapheneos.org/donate
I'm still co-owner of the company with 50% of the voting shares. It doesn't belong to James Donaldson. The lawsuit we're filing ourselves is focused on fraudulent claims by the company about the authorship and ownership of the code. We may need to file other lawsuits beyond that.
Stealing over $100k of donations from the project in violation of our agreements and what was promised to donors is one of the particularly egregious actions.

He has abused his the position as director and has a total disregard for his obligations to me as a 50% shareholder too.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Daniel Micay

Daniel Micay Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @DanielMicay

Daniel Micay Profile picture
Aug 23, 2023
@4Dgifts @msolnik @dwizzzleMSFT @GrapheneOS @BllocPhone I'm still working on GrapheneOS but I'm putting much less time into it than before and I'm gradually handing off more and more of the responsibilities to the rest of the team. I don't have much energy or motivation left to work in security, software development, etc. as a whole.
@4Dgifts @msolnik @dwizzzleMSFT @GrapheneOS @BllocPhone I'm not posting much on Twitter but I still check my account every couple days. Didn't see this for 11 hours since I'm just not looking at it much anymore. People consistently harass me every day on these platforms so I don't want to be looking at it throughout the day anymore.
@4Dgifts @msolnik @dwizzzleMSFT @GrapheneOS @BllocPhone I would really prefer to completely leave immediately but it's going to take a long time to hand everything off to other people. Going to need more people and will need those people to take more responsibilities than they would have needed to if I was able to keep doing it.
Read 9 tweets
Daniel Micay Profile picture
Oct 24, 2022
@RichFelker @GrapheneOS Treble makes it possible to easily run AOSP or GrapheneOS on any hardware providing an implementation of Android vendor APIs which have a stable versioned ABI with backwards compatibility for a few major versions of the OS. It provides an easy way to support any Android phone.
@RichFelker @GrapheneOS AOSP has official support for a few development boards with an entirely open source implementation of the vendor HALs based on Mesa, etc. It's entirely possible for a phone to provide that and Pixels will likely trend towards that and away from the Exynos tech due to Tensor SoC.
@RichFelker @GrapheneOS Treble makes it so that you can run the portable userspace portion of the OS on top of any underlying drivers, services, kernel, kernel modules, etc. used to support the hardware. GKI brings this to the kernel where any GKI kernel build can be used on any device supporting GKI.
Read 12 tweets
Daniel Micay Profile picture
Sep 2, 2022
I know several people working as software engineers at Cloudflare. According to one of them, this incident (blog.cloudflare.com/the-mistake-th…) was hardly a mistake. Cloudflare is including block lists sourced from far right evangelical groups as part of their 'family friendly' DNS service.
Cloudflare is aware their 'family friendly' DNS (1.1.1.3) isn't blocking sites like Kiwi Farms (kiwifarms . net) or Daily Stormer (stormer-daily . rw). It's a deliberate decision, despite their blog post claiming their filtering is meant to mimic SafeSearch, which filters them.
Cloudflare has not stopped using block lists sourced from hateful groups. They only stopped including the subsets explicitly marked for that purpose. Easy to see why getting porn block lists from groups producing LGBTQ block lists results in continuing to "mistakenly" block more.
Read 4 tweets
Daniel Micay Profile picture
Aug 31, 2022
Cloudflare drops sites from their service on a daily basis for having content they dislike. They remove sites with adult content, support for sex workers, etc. They also drop sites they deem to be posting spam. Cloudflare's censored 1.1.1.3 DNS blocks lots of LGBT content, etc.
They're too cowardly to stand behind their decisions so they won't mention sites like Kiwi Farms by name. Their official accounts and executives all have their replies disabled on Twitter to shut down dissent. Their free speech act is a ridiculous sham. They drop lots of sites.
Cloudflare does FAR MORE content moderation than required by law. They aren't a free speech host. They remove speech they disagree with every day. They host Kiwi Farms because they support the content on it. They dropped sites used by sex workers because they consider it immoral.
Read 9 tweets
Daniel Micay Profile picture
Jul 13, 2022
@burnt_disk @MishaalRahman It's problematic that they expose those directly. They either require user consent on a case-by-case or one-time basis despite not being runtime permissions or they have no real privacy model. Low-level permissions exist for static analysis of what apps can request at runtime.
@burnt_disk @MishaalRahman For example, request install packages allows the user to allow it as an app source and then approve app installations on a case-by-case update. Only thing that can be done without case-by-case consent is updating an app again after the user authorized an install initial/update.
@burnt_disk @MishaalRahman Another example is that QUERY_ALL_PACKAGES has no actual privacy model at this point. It would mislead users into thinking that apps without it can't query all the user installed apps when they can if they list queries for common intents like the one used for launcher activities.
Read 12 tweets
Daniel Micay Profile picture
Jun 29, 2022
@IntelTechniques It's unfortunate that you're giving a platform to someone making numerous false claims about both CalyxOS and GrapheneOS to promote CalyxOS. They're spreading misinformation about our project and are misleading people about multiple privacy and security topics.
@IntelTechniques The article in unredactedmagazine.com/issues/003.pdf by Zachary McIntosh should be corrected. They're misleading people about sandboxed Google Play and microG along with falsely claiming that the CalyxOS approach does not use Google services, when in fact CalyxOS always does.
@IntelTechniques It makes numerous inaccurate claims about CalyxOS, misleading people in a harmful way. It presents AOSP features as ones added by CalyxOS and makes inaccurate claims about the CalyxOS features. Many claims there are inaccurate marketing talking points about it.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(