52 comments

[ 2.9 ms ] story [ 99.3 ms ] thread
Wait, this is still alive? I thought they died because of politics between the two founders.
Looking at the pulse on the Copperhead repos, it doesn't seem like there's been much activity since Daniel left. I don't know how far I would trust Copperhead these days.
... yeah if it's not the original coder at the helm I wouldn't trust them anymore.
Rashed has many commits in other related projects, like LineageOs. So there may be some hope. But yeah, Copperhead needs to regain the trust lost when Daniel was pushed out (https://www.reddit.com/r/CopperheadOS/comments/8qdnn3/goodby...)
Rashed has been in the CyanogenMod -> LineageOS community for a while. He has quite a bit of experience from this and from all my interactions with him he is a solid Android Systems Engineer.

I would generally trust Rashed's development but I would still question the company until they prove themselves, which may or may not happen.

"Copperhead" can't regain trust, because it's a trademark that was effectively stolen using the legal system.

Anybody who's had experience with plain business-types in their own salad days knows the pattern of what went down with CopperheadOS -

Programmer develops pet project focused on the technicals. Business type sees raw input for his use, offers to partner with Programmer to develop a business around the idea. Programmer isn't terribly interested in what Business type is doing, because it seems boring. Business type goes to work stacking the deck with legal paperwork, because that's his profession. Business type starts dictating to programmer what to work on, undermining original goal of project, likely for quick consulting-style revenue on something tangentially related. Programmer protests this isn't what he signed up for. Business type uses stacked deck to claim legal control over the codebase/etc, converting someone else's real work.

I'm just glad to see that Daniel is still posting, and doubly glad that he's still working on the technicals. The name was cool, but alas there it went.

cool story, but the whole Virtuous Programmer vs Villainous Business-Type narrative is a bit of a tired trope. and daniel having been "pushed out" of more than one project makes things a bit more uncertain (at least to me) on who's "obviously" the good guy and who's "obviously" the bad guy. (if that sort of dichotomy even applies)
It's a "trope" because a personal/community project being turned over to a corporate structure and then being steered into the ground is an all too common occurrence. My understanding is that CopperheadOS, the technical project, was entirely the work of Daniel. Even if Daniel would have run it aground himself, adding one more problem certainly didn't help.

I'm not going to dredge up the reference, but what it basically came down to is while they both owned equal 50% and each had a board seat, the bylaws broke ties by deferring to the CEO (James). This BATNA is exactly the type of thing that someone focused on the details of legal documents and power relationships will have planned for. While both still "own" 50%, Daniel would have had to go on the legal offensive ($$$) to bring a fiduciary claim, and a court would be hostile to the idea that the real value is based on long term development by a specific developer.

The 21st century improvement is that the codebase itself is still available to all, having been permissively licensed.

What other project do you think I was involved in where I was pushed out? Why are you spreading libel about me?

It was a false claim propagated by James that I was pushed out Rust. I left of my own accord and then someone who followed / supported my work created an uninformed Reddit thread demanding answers after I had chosen to leave and removed myself as a repository contributor. Ask one of the core Rust developers like pcwalton what happened. We had various issues leading up to that point because of my strong opinions about how things should be done and tendency to write very strongly worded arguments about it, but ultimately it was me who decided it wasn't working and left the project. They certainly didn't kick me out of the project for writing comments in a very direct 'tone'.

It's not my fault that someone who supported me thought something much different had happened and tried to speak out in support of me when I didn't need or want their help. They should have asked me what had happened before posting on my behalf and creating unnecessary drama. Only the core Rust developers knew that wasn't what had happened so other people tried to justify a decision by them which had not happened.

James is a great manipulator and you prove it by falling for this junk. Again, ask one of the core Rust developers what actually happened. Sure, we had strong disagreements about the direction of the project and were bickering a lot. It's completely false that I was kicked out of the project though.

After that, I committed to only working on projects where I would fully own and control everything, to avoid further experiences of work being judged based on employer and relationships rather than merit behind the ideas and fair and honest discussions / debates about which direction should be chosen. That led to requiring an explicit arrangement with Copperhead where I would be working on my own project, and the company would be focusing on consulting work and attempting to build a business around the open source project to support it. They explicitly did not own or control it themselves, and then betrayed the arrangement.

It's odd that you think it's okay to spread defamation about someone like this without having a clue what actually happened.

are you at all familiar with Daniel's legacy around Rust and mozilla?
Sure, and personality seems relevant to how the relationship between Daniel and James likely broke down. But it's irrelevant when talking about how control of the project was then wrestled away from its author.
What about it? I made a substantial positive impact on Rust, largely because I strongly pushed my ideas and consistently and strongly argued against taking it in directions that I disagreed with. I wasn't happy with the level of control Mozilla had over the project and they weren't happy with someone always questioning their decisions and expecting them to do things fairly based on merit and fair honest discussions / debate. I ultimately ended up deciding to leave the project permanently and removed myself as a collaborator.

Someone followed that up by making a post trying to support me thinking that I had been pushed out which is not what happened. The people there were split between supporting me or supporting the Rust developers but they were all arguing about something which didn't actually happen.

Looks like this post is by the business guy who performed the hostile takeover, so it's some sort of zombie.
James Donaldson (the CEO) effectively kicked Daniel Micay (the then-CTO) out.

Daniel Micay destroyed the signing keys, so any existing users would need to re-format their phone to an image that accepts new signing keys in order to keep receiving updates.

In the opinion of many members of the community, without Daniel behind it, it isn't really CopperheadOS.

In a technical sense (because of the change in signing keys), as far OTA updates are concerned post-Daniel-CopperheadOS is a distinct operating system from with-Daniel-CopperheadOS.

In a social sense (because of the forced change in engineering leadership), as far as many humans are concerned post-Daniel-CopperheadOS is a distinct institution from with-Daniel-CopperheadOS.

The good news is that Daniel has not stopped experimenting with hardened android.

https://github.com/AndroidHardening/

I'm not familiar with what happened from beginning to end, but regardless of the actual chain of events or if the CEO was right or wrong to kick him out, I'm not sure how users can still trust Daniel after destroying signing keys.
He didn't destroy them out of malice. He destroyed them because (from his point of view) they were about to be compromised. If users trust the key because they trust updates coming from Daniel and if Daniel is about to lose control of the key to someone else, then destroying the key before it becomes compromised is the responsible and right thing to do.
> If users trust the key because they trust updates coming from Daniel and if Daniel is about to lose control of the key to someone else, then destroying the key before it becomes compromised is the responsible and right thing to do.

how can you possibly state that when the users have no control or say over this decision?

I state that by clearly stating the premise and assumptions in an if/then format:

> If users trust the key because they trust updates coming from Daniel ..., then

That's a big-ish "if"; I didn't weigh in on whether I think it's true. A reasonable person could go either-way on that. If it is true, then Daniel was justified, if it's not, then he wasn't.

> ... when the users have no control or say over this decision?

If we assume that people trusted Copperhead-the-organization because they trusted Daniel and that Daniel's removal is a change-of-hands, then the decisions is:

- Do nothing (and stop receiving updates)

- Start trusting the new engineering leadership of Copperhead-the-organization

From that perspective, it makes sense that Daniel should destroy the key: Making the active decision to start trusting the new Copperhead requires the active technical step of installing the new key; making the inactive decision doesn't require action.

If on the other hand we assume that Daniel was an implementation detail and that people trust Copperhead-the-organization as an institution, then the decision is:

- Stop trusting Copperhead-the-organization (and stop receiving updates)

- Do nothing

From that perspective, it makes sense that Daniel should not destroy the key: Making the active decision of ceasing trust requires the active technical step of disabling updates.

Exactly, a pretty clever move on his part.
Makes sense. Thanks for the explanation.
He did it to prevent their misuse.

The project is dead. Stop poking it with a stick. It won't rise up again.

I didn't even know about CopperheadOS before this post.

I'm not poking at it with a stick, I'm asking questions as an outsider just learning about it.

just gonna point something out here

> In the opinion of many members of the community, without Daniel behind it, it isn't really CopperheadOS.

> Daniel Micay destroyed the signing keys

it's probably a good thing they aren't involved with the company or product then

To be clear, the signing keys were not Copperhead signing keys but rather signing keys of the open source project they had agreed to support and were trying to take over including coercing turning over personal signing keys used for the project to the company. The project existed before the company was founded, and was largely written before it was incorporated. It wasn't written on company time as an employee.

The original project has continued and the original repositories are the ones in https://github.com/GrapheneOS on GitHub (they were migrated here and have the original stars from before Copperhead even existed), which as you can see is an actual open source project under actual open source licenses with quite active development, just as it was when it started out.

Copperhead only has a barely maintained fork of the legacy code, which they are using in violation of the previous non-commercial license which they themselves convinced the project to use, which required the project to sign off on their business deals - which was actively acknowledged and respected, right up until after the failed takeover attempt where the previous arrangements / deals were simply ignored. The donations of the project were also stolen by Copperhead, which refused to return them to donors when they demanded their money either be passed along to where it was supposed to go or returned. Similarly, the project's Twitter account was stolen, and Copperhead deleted all evidence of what had occurred to cover it up along with sending bogus DMCA takedown notices to users / customers who tried to archive it on GitHub / GitLab. The cover-up was largely successful along with the attempt to take credit for the work and masquerade as the creators and developers of the project via the Twitter account takeover. People don't look closely at what happened, or at the published legal threats, actual proof and of course the still developed code. People just trust that a corporation is in the right, despite the fact that it's screwing over an open source project and co-founder of the company who owns 50% even today. Nothing to see there, clearly.

Copperhead took over the infrastructure that had been provided and it was clear that it would not be possible to ever push out another update from the actual open source project. The only use for the signing keys would have been a compromise of the project.

The CEO of Copperhead had explicitly agreed to an arrangement where they would be supporting the project while having direct ownership and control over it. The company was supposed to building a business around the project and supporting it. They were unfaithful to the agreement and turned on the project, and did immense damage to it that set back years of both technical work and work to forge connections and collaboration with other organizations and individuals. It's going to take a long time to repair the damage done to it.

And by the way, here is a series of 2 tweets for you to consider.

A) https://twitter.com/snowden/status/944244053184524288

I wonder why anyone would want to compromise this OS?

B) https://twitter.com/snowden/status/1047618052089696257

Which is quite a bit after what happened leading up to the keys needing to be wiped, and the project continuing on without Copperhead's involvement.

Here is an archive of some of what was posted, which was then covered up, including via bogus DMCA takedowns (which is noted in the repository):

https://gitlab.com/yegortimoshenko/copperhead-takeover

The person who posted ...

It's a pity they support only Pixel devices. Would be interesting to see less known phones supported (above all, Huawei ones)
Huawei phones are effectively dead as a development platform because Huawei stopped providing a way to unlock a phone's bootloader.
but on xda-developers there's a plenty of custom roms just for Huawei/Honor ones.
Huawei devices are not secure to start with. The modem and radio/GPS stacks in particular do some especially fishy things.
> The modem and radio/GPS stacks in particular do some especially fishy things.

Any sources for those who would like to learn more about this?

Daniel Micay started https://github.com/AndroidHardening after moving on from the CopperheadOS debacle: https://news.ycombinator.com/item?id=17289536
AndroidHardening is quite interesting.

I think that since AOSP is getting better, it's also more sustainable for a single developer to maintain a smaller project rather than a full blown distro.

It's a shame no other phones aside from Pixels are able to run AOSP without significant limitations. Some Sony are quite capable to run AOSP, but there are several hardware glitches [1]. Aside, hardware independent ROMs enabled by Treble are also promising, but there are many pitfalls too [2].

Android would be a much more interesting ecosystem if a significant portion of the phones were capable of running AOSP.

[1] https://developer.sony.com/develop/open-devices/get-started/...

[2] https://github.com/phhusson/treble_experimentations/wiki

What about all the Nexus devices? Don't those run AOSP without issues?
Nexus devices are all pretty old and unreliable right now.
What about Android one devices like Nokia 7?
In light of all the controversy that's being discussed here, what should I install today on my phone if I care about security?
Maemo
Last release was 7 years ago. Clearly not an option.
PureOS

Not sure if any phone other than the Librem 5 will support it though.

Daniel Micay recommends running AOSP on a Pixel 3, for what it's worth. This was about four months ago...

https://old.reddit.com/r/CopperheadOS/comments/9xeo6b/copper...

Interesting. I wonder how it compares with Lineage OS in that regard. I'm currently using Lineage, but the attitude on IRC led me to believe the community might not be as committed to privacy as I've come to expect from FOSS projects (people getting mocked about being "freetards" and such), so I've been looking for alternatives.
Sorry guys. Between the CEO's doing whatever he did to lose the trust of the CTO (whose credibility this whole thing rests on), and the CTO having zero regard for his customers and having the gall to tell us to install a new OS ourselves for our own safety after we paid him to offload the trouble of handling security for us, you get no more of my business.

Obviously I'm an angry customer. But I want to be careful about what I post. So I'll add that I'm open to being shown that I'm wrong about any part of this.

>CTO having zero regard for his customers and having the gall to tell us to install a new OS ourselves for our own safety

I would not call that 'zero regard'. I would personally label it as having the utmost regard, as he was willing to stick his neck out there and do something that would obviously have negative repercussions to his career, etc.

Were mistakes made? Yes, but that is normal. I personally haven't seen anything him do technology-wise or security-trustworthiness-wise that I've hated. Did he maybe trust the wrong guy or perhaps make some un-sound business decisions? Apparently. But that's not why I'm interested in his project.

He had the utmost regard for his craft, which I respect and gives him a lot of credibility there. And as such I sympathized with him initially. I also resent the idea of business interests leading to cutting corners in security (assuming that's what happened here).

But I don't recall any apology from him (though I do recall one from the CEO). It's been a while, but I don't recall him going out of his way to provide hand-holding instructions on installing the next best thing available that he recommends, which I would expect as a _customer_. Whatever happened, whose ever "fault" it is, it's the responsibility of the company to serve the customer, not throw your hands up and say "Well I guess I can't do this anymore. You should do this instead now.".

Resentment aside, if he were working for a company in a technical capacity, I'd trust that company more. But I wouldn't trust a company with him in an executive position.

I'm not sure I get what you mean. If you're talking about Daniel Micay, if I remember correctly, what happened was that the CEO basically betrayed him and kicked him out of the company. He's not part of it anymore, and is now working on https://github.com/AndroidHardening.
I wanted to note that the current CEO of CopperheadOS got wind of this message and reached out to me to see if we could sort things out. I don't expect we can, since the product is tied up in the former CTO's technical reputation. But so long as I've made an issue here about treatment as a customer, I wanted to say that I did appreciate him doing the right thing and at least reaching out to try.
> CTO having zero regard for his customers and having the gall to tell us to install a new OS ourselves for our own safety after we paid him to offload the trouble of handling security for us, you get no more of my business.

I continued development of the OS under the AndroidHardening name and it's available entirely for free as a permissively licensed open source project:

https://github.com/GrapheneOS

It's not a product, and you don't have to pay anything for the replacement. If you have a 1st generation Pixel, that support isn't quite ready yet, but if it's a 2nd generation Pixel the successor has been around since December.

I had no way to reach out to the users and customers once James had taken over, especially after he locked me out of my email account and stole the open source project's Twitter account by rolling back the email from danielmicay@gmail.com to daniel.micay@copperhead.co. He covered up what had happened and heavily misrepresented it. You seem to believe a bit too much of what you were told by them.

If you wanted help installing another OS, you just had to contact me. I often walk people through stuff like this. I'm perfectly willing to do that. It took time to rebuild things, so there wasn't immediately a direct replacement. The infrastructure was all taken over, donations to the project were stolen and this all happened right before Android Pie was released which required a major migration to get it done within a week or so of release to continue releasing full security updates for Pixels.

What exactly was I supposed to do when there was an attempt to take over the project? It was not going to be possible to ever release a non-compromised update again due to loss of the infrastructure, and a complete betrayal by the company that had agreed to support the project while agreeing that I would own and control it. The project would never have had any use for the signing keys again. They were entirely a liability. They obviously weren't going to be turned over to the corrupt company and you see for yourself that they did have not even provided full security updates for almost an entire year and misrepresented that fact to their users. It's a scam now, without any actual work on privacy / security and is simply based on stolen legacy code under a license they don't have permission to use.