Advanced

For when you're past the basics. Targeted-individual threat models, hardware sovereignty, supply-chain integrity, and the resources we link out to instead of trying to compete with.

Honest framing: if you're a journalist, dissident, defender, or otherwise threat-modeled by a capable adversary, the v1 Sovereign Switch site is not enough. These resources are. We point at them rather than rewriting them.

Builders & published work we follow

The people and projects whose published work shapes this site. Not exhaustive — this is the working set we reference, not a directory.

Phones & mobile hardware

NitroPhone (Nitrokey, Germany) — the turnkey solution: arrives flashed with GrapheneOS, ready to use out of the box. EU vendor, EU shipping, EU support. Optional physical removal of microphones and the sensors that can be repurposed as microphones (accelerometer, gyroscope — both can pick up speech vibrations as a side-channel). Nitrokey also offers managed deployments for enterprises (provisioning, MDM-style fleet management, support contracts) — the existing path for organisations that want to issue privacy-respecting phones to staff without becoming a hardware vendor themselves.
Shiftphone (Germany) — ShiftOS-L (AOSP without GMS), 5-year patches, fair-trade hardware. Slower silicon, ideologically aligned.
Fairphone (Netherlands) + Murena /e/OS — turnkey de-Googled Android. Convenience-first; weaker low-level hardening than GrapheneOS but a real lower bar to entry.
Volla Phone (Germany) — Volla OS or Ubuntu Touch. Niche, niche-aligned.
PinePhone Pro / Librem 5 — Linux phones with hardware kill switches (DIPs / sliders) that physically cut modem, WiFi/BT, mic/cam. Daily-use is painful; verifiable from public schematics.
GrapheneOS — the reference Android hardening project. Announced Motorola support (2027 ship) ending the Pixel-only era.

Email, storage, communication

Mailbox.org (Germany) — paid email, calendar, drive. Strong jurisdiction, transparent ownership.
Posteo (Germany) — small, cooperative, anonymous-payment-friendly. CalDAV/CardDAV, end-to-end at rest.
Stalwart Mail Server — modern open-source mail server (JMAP-first). For self-hosters who want to inhabit the email stack themselves.
Proton and Tuta — Swiss / German end-to-end encrypted mail and calendar. Mature, mainstream-usable.
CryptPad — end-to-end encrypted real-time collaboration suite (docs, sheets, slides). NLnet-funded; reference precedent for what aligned EU funding can build.
Immich / Ente — photos. Self-hosted (Immich) or hosted-but-zero-knowledge (Ente).

Infrastructure & hosting

ungleich (Switzerland) — truly private hosting, datacenter-aligned values. Long-running cooperative favoured for sensitive workloads.
Infomaniak (Switzerland) — commercial Swiss provider, B-corp, EU jurisdiction; our default registrar and mail host for v1.
Hetzner (Germany) — dedicated and cloud, mature ecosystem, sane pricing.

Research, journalism, methodology

Privacy Guides — the canonical community-maintained privacy reference. Forum threads (especially on devices like Onyx Boox) are often the freshest signal.
Electronic Frontier Foundation — the long-running U.S. digital-rights org. Their Surveillance Self-Defense guides remain a high-quality starting point.
Mozilla Privacy Not Included — consumer-product privacy reviews, regularly identifies devices that call home to non-obvious places.
Amnesty Tech — the public methodology for Pegasus / NSO forensic detection comes from here. Required reading if your threat model touches state-level adversaries; useful framing even if it doesn't.
Liu et al. (PLOS One) — academic study comparing OEM telemetry across stock Android variants; the empirical basis for treating Samsung OneUI as substantially leakier than stock Pixel.
LINDDUN (KU Leuven) — privacy-threat-modelling framework from Belgian research. Where formal threat-model work for privacy software gets done.
Forbidden Stories — the Pegasus Project investigation sat here. Worth knowing exists.

Tools we recommend along the path

DNS-level filtering: NextDNS (paid, EU jurisdiction option) / RethinkDNS (open-source, on-device).
App sourcing on Android: F-Droid (open-source app store) + Aurora Store (anonymous Play Store proxy).
Sandboxing on Android: Shelter (work-profile sandbox), AFWall+ (per-app firewall, root).
Reading on E-Ink: KOReader — the right reader app when you've hardened an Onyx Boox or similar.
Password discipline: Bitwarden (open-source, EU-hosted instance available) / 1Password (closed but mature if you need teams).
Faraday pouch — an old-school phone case made of RF-blocking fabric. Slip the phone in; nothing in or out. Defends even if device firmware is compromised, because the radio simply can't reach an antenna. Mission Darkness and SLNT are the two well-known brands. Combined with NitroPhone's optional mic + sensor removal, the combination is genuinely powerful: there is nothing on the device that can listen, and nothing reachable from outside while pouched. Defence-in-depth without performance cost.

Resources we trust

Vitalik Buterin's self-sovereign LLM setup (April 2026) — the proof-of-feasibility piece that motivates this whole project. Comprehensive, technical, aimed at engineers.
Privacy Guides (privacyguides.org) — the canonical community-maintained privacy reference. Where we send people who want depth.
Sovereign Tech Fund (sovereigntechfund.de) — the German federal fund supporting open digital infrastructure.
NLnet / NGI Zero — EU funding for open internet projects. Many of the providers we recommend are funded by these mechanisms.
Funkfeuer Wien — mesh network and digital sovereignty community in Vienna. Aligned values, hands-on experience.

Hardware sovereignty

Modern x86 CPUs have a "management engine" (Intel ME) or "platform security processor" (AMD PSP) running beneath your operating system — a closed-source, signed firmware layer with its own network stack and full memory access. You can't audit it, you can't turn it off without consequences, and you can't fully trust it.

For most readers this is fine: your threat model doesn't include the kind of adversary who can exploit Intel ME against you specifically. For some readers it isn't fine. Paths from least to most invasive:

Coreboot / Libreboot on supported ThinkPads (T440p, T480, X230 era). Removes most of the proprietary firmware, neuters Intel ME where possible.
System76 Open Firmware — ships with new hardware, less work than retrofitting.
Talos / RISC-V workstations — if you're willing to leave the x86 ecosystem entirely. Performance and software compatibility tradeoffs.

Strong anonymity

The v1 site doesn't address anonymity — we focus on confidentiality and jurisdiction. If anonymity is what you need:

Tor Browser — the right starting point. Orient against the common anti-patterns (don't log into your real-name accounts over Tor, etc.) before relying on it.
Tails OS — amnesic live OS, runs from USB, leaves no traces. The right tool when the device itself can't be trusted.
Mixnets (Nym, Mixmaster legacy) — stronger than Tor against traffic analysis at the cost of latency. Niche but real.

Supply-chain integrity

Reproducible builds, Sigstore, SLSA, and the broader software supply-chain conversation. Beyond v1's scope but increasingly load-bearing for everyone. The most accessible entry point is reading reproducible-builds.org.

Targeted-individual threat models

If you're protecting yourself from a state-level adversary, an organized adversary, or a stalker with resources, you need professional help and you need it before you change anything technical. We're not equipped to give that help. Resources that are:

Access Now Helpline — rapid-response support for activists and journalists.
Electronic Frontier Foundation — legal and technical help for U.S.-jurisdiction defenders.
Reporters Without Borders / Reporters Sans Frontières — journalist-specific operational security support.

Back to the basics? Home · Methodology