docs(products): add Sovereign Phone product overview
This commit is contained in:
@@ -0,0 +1,89 @@
|
|||||||
|
# Sovereign Phone · product overview
|
||||||
|
|
||||||
|
## Pitch
|
||||||
|
|
||||||
|
The Sovereign Phone ("Teléfono Soberano") is a **digital sovereignty appliance** in a pocket form factor — a secure personal node and portable private workstation, not "yet another private Android". It combines local-first computing, minimal external trust, hardware modularity, and practical anonymity into a device that is usable, elegant, professional, and pragmatic.
|
||||||
|
|
||||||
|
The combination that makes it distinctive: **privacy + self-hosted infrastructure + local AI + resilient communications + hardware modularity**. The tone is deliberately *safety-first*, not *prepper cyberpunk* — it targets professionals who want sovereignty without the paranoid aesthetic of the privacy niche.
|
||||||
|
|
||||||
|
## Philosophy
|
||||||
|
|
||||||
|
- **Local-first**: process on device whenever possible; sync is opt-in; cloud dependency is minimized, never assumed.
|
||||||
|
- **Minimal external trust**: the user controls what data leaves the device, explicitly and granularly.
|
||||||
|
- **Real Android compatibility**: built on the mature Android app ecosystem. Avoids immature mobile-Linux platforms (Librem / Purism, PinePhone) as the primary platform.
|
||||||
|
- **Modularity**: functional separation at the hardware level (compute vs radio), extensible over time.
|
||||||
|
|
||||||
|
## System base
|
||||||
|
|
||||||
|
- Built initially on **GrapheneOS** over supported hardware (Pixel / Samsung across different phases).
|
||||||
|
- **Phase 1 on the Samsung Galaxy S25** (already acquired) does **not** replace the OS — instead it hardens configuration and stack on the stock device.
|
||||||
|
- Local-first architecture: on-device processing by default, optional synchronization, minimal cloud footprint.
|
||||||
|
|
||||||
|
## Privacy & anonymity
|
||||||
|
|
||||||
|
Conceptually inspired by GrapheneOS, Blackphone, and "sovereign phone" approaches.
|
||||||
|
|
||||||
|
- Zero / minimal telemetry.
|
||||||
|
- No mandatory Google.
|
||||||
|
- Sandboxed apps.
|
||||||
|
- Separate profiles: **work**, **real identity**, **testing**, **anonymity**.
|
||||||
|
- Per-app firewall.
|
||||||
|
- Private DNS.
|
||||||
|
- Optional VPN / Tor.
|
||||||
|
- Granular sensor control.
|
||||||
|
- MAC randomization.
|
||||||
|
- Storage scopes.
|
||||||
|
- USB / peripheral deny (port lockdown).
|
||||||
|
- Automatic reboots to return to **BFU** (before-first-unlock) state.
|
||||||
|
|
||||||
|
## Radio & communications
|
||||||
|
|
||||||
|
A distinctive part of the concept — reducing the power and exposure of the traditional smartphone baseband.
|
||||||
|
|
||||||
|
- Secondary radio via **USB-C dongle**.
|
||||||
|
- Logical separation between **compute** and **radio / modem**.
|
||||||
|
- Reduced baseband exposure.
|
||||||
|
- Future **multi-radio** capability.
|
||||||
|
- Support for alternative networks and resilient communications.
|
||||||
|
|
||||||
|
## Sovereign infrastructure
|
||||||
|
|
||||||
|
The device leans on user-owned, self-hosted infrastructure rather than third parties:
|
||||||
|
|
||||||
|
- Own NAS.
|
||||||
|
- Own app servers.
|
||||||
|
- Self-hosted services.
|
||||||
|
- Local RAG / document system.
|
||||||
|
- Selective synchronization.
|
||||||
|
- Decentralized / lightweight identity.
|
||||||
|
- User-controlled encrypted backup.
|
||||||
|
|
||||||
|
## Integrated AI
|
||||||
|
|
||||||
|
The phone is not only secure/private — it is AI-augmented, with explicit control over what crosses the cloud boundary:
|
||||||
|
|
||||||
|
- Small **local LLM** for quick tasks.
|
||||||
|
- Optional **cloud LLM** for heavy tasks.
|
||||||
|
- "Smart librarian" assistant.
|
||||||
|
- Local document indexing.
|
||||||
|
- Local RAG.
|
||||||
|
- Explicit control over what leaves the device for the cloud.
|
||||||
|
|
||||||
|
## Differentiators
|
||||||
|
|
||||||
|
| Vs | Sovereign Phone differentiator |
|
||||||
|
|---|---|
|
||||||
|
| **GrapheneOS (alone)** | Adds self-hosted infrastructure, local AI, and a radio-separation hardware path on top of the hardened OS |
|
||||||
|
| **Blackphone / Silent Circle** | Modern stack + local AI + sovereign infra + non-paranoid, professional UX |
|
||||||
|
| **Murena / /e/OS** | Stronger anonymity model + resilient comms + local-first AI |
|
||||||
|
| **PinePhone / Librem** | Real Android compatibility instead of immature mobile Linux as primary platform |
|
||||||
|
|
||||||
|
## Roadmap
|
||||||
|
|
||||||
|
**Phase 1 — existing compatible devices.** Hardened stock hardware (Galaxy S25 as first target). Short lead time. Initial run: ~4 phones for QA/dev, ~100 units for early adopters.
|
||||||
|
|
||||||
|
**Phase 2 — custom phone.** Built around the **MediaTek Dimensity 9300**, with deep integration of the radio/privacy stack, more sovereign hardware, and stronger functional separation between compute and radio/modem.
|
||||||
|
|
||||||
|
## Status
|
||||||
|
|
||||||
|
Concept / early design. Phase 1 anchored on hardening the acquired Galaxy S25. Hardware modularity (USB-C radio dongle) and the local-AI + self-hosted infrastructure stack are the defining workstreams. Sources of conceptual inspiration: GrapheneOS, Blackphone, Murena, local-first-phone and sovereign-data-network communities.
|
||||||
Reference in New Issue
Block a user