4.3 KiB
Sovereign Phone · product overview
Pitch
The Sovereign Phone ("Teléfono Soberano") is a digital sovereignty appliance in a pocket form factor — a secure personal node and portable private workstation, not "yet another private Android". It combines local-first computing, minimal external trust, hardware modularity, and practical anonymity into a device that is usable, elegant, professional, and pragmatic.
The combination that makes it distinctive: privacy + self-hosted infrastructure + local AI + resilient communications + hardware modularity. The tone is deliberately safety-first, not prepper cyberpunk — it targets professionals who want sovereignty without the paranoid aesthetic of the privacy niche.
Philosophy
- Local-first: process on device whenever possible; sync is opt-in; cloud dependency is minimized, never assumed.
- Minimal external trust: the user controls what data leaves the device, explicitly and granularly.
- Real Android compatibility: built on the mature Android app ecosystem. Avoids immature mobile-Linux platforms (Librem / Purism, PinePhone) as the primary platform.
- Modularity: functional separation at the hardware level (compute vs radio), extensible over time.
System base
- Built initially on GrapheneOS over supported hardware (Pixel / Samsung across different phases).
- Phase 1 on the Samsung Galaxy S25 (already acquired) does not replace the OS — instead it hardens configuration and stack on the stock device.
- Local-first architecture: on-device processing by default, optional synchronization, minimal cloud footprint.
Privacy & anonymity
Conceptually inspired by GrapheneOS, Blackphone, and "sovereign phone" approaches.
- Zero / minimal telemetry.
- No mandatory Google.
- Sandboxed apps.
- Separate profiles: work, real identity, testing, anonymity.
- Per-app firewall.
- Private DNS.
- Optional VPN / Tor.
- Granular sensor control.
- MAC randomization.
- Storage scopes.
- USB / peripheral deny (port lockdown).
- Automatic reboots to return to BFU (before-first-unlock) state.
Radio & communications
A distinctive part of the concept — reducing the power and exposure of the traditional smartphone baseband.
- Secondary radio via USB-C dongle.
- Logical separation between compute and radio / modem.
- Reduced baseband exposure.
- Future multi-radio capability.
- Support for alternative networks and resilient communications.
Sovereign infrastructure
The device leans on user-owned, self-hosted infrastructure rather than third parties:
- Own NAS.
- Own app servers.
- Self-hosted services.
- Local RAG / document system.
- Selective synchronization.
- Decentralized / lightweight identity.
- User-controlled encrypted backup.
Integrated AI
The phone is not only secure/private — it is AI-augmented, with explicit control over what crosses the cloud boundary:
- Small local LLM for quick tasks.
- Optional cloud LLM for heavy tasks.
- "Smart librarian" assistant.
- Local document indexing.
- Local RAG.
- Explicit control over what leaves the device for the cloud.
Differentiators
| Vs | Sovereign Phone differentiator |
|---|---|
| GrapheneOS (alone) | Adds self-hosted infrastructure, local AI, and a radio-separation hardware path on top of the hardened OS |
| Blackphone / Silent Circle | Modern stack + local AI + sovereign infra + non-paranoid, professional UX |
| Murena / /e/OS | Stronger anonymity model + resilient comms + local-first AI |
| PinePhone / Librem | Real Android compatibility instead of immature mobile Linux as primary platform |
Roadmap
Phase 1 — existing compatible devices. Hardened stock hardware (Galaxy S25 as first target). Short lead time. Initial run: ~4 phones for QA/dev, ~100 units for early adopters.
Phase 2 — custom phone. Built around the MediaTek Dimensity 9300, with deep integration of the radio/privacy stack, more sovereign hardware, and stronger functional separation between compute and radio/modem.
Status
Concept / early design. Phase 1 anchored on hardening the acquired Galaxy S25. Hardware modularity (USB-C radio dongle) and the local-AI + self-hosted infrastructure stack are the defining workstreams. Sources of conceptual inspiration: GrapheneOS, Blackphone, Murena, local-first-phone and sovereign-data-network communities.