Stop giving your life to Big Tech. Take it back, one phase at a time.
Start Now · The Journey · FAQ · Why
Skill: Sovereign
You don't need to be a hacker. Each phase takes 30-60 minutes. Follow the guide. Run the scripts. Own your digital life.
5 phases. Each one builds on the last. Start wherever you are.
Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
+------+ +------+ +------+ +------+ +------+
| HERO | ---> |GUARD.| ---> |WARR. | ---> |KNIGHT| ---> |SOVER.|
| | | | | | | | | |
| OS | |Browse| | Apps | | VPS | | Full |
+------+ +------+ +------+ +------+ +------+
~30min ~30min ~45min ~60min ~30min
| Phase | Level | What You Do | What You Gain |
|---|---|---|---|
| 1 | Hero | Install Linux | OS free from Microsoft/Apple telemetry |
| 2 | Guardian | Harden your browser | Browsing without tracking |
| 3 | Warrior | Replace Google apps | Email, cloud, passwords, search — all yours |
| 4 | Knight | Deploy your own server | Self-hosted services on your VPS |
| 5 | Sovereign | Connect everything | Full digital sovereignty, nothing leaks |
curl -fsSL https://raw.githubusercontent.com/Michae2xl/sovereign-stack/main/scripts/install.sh -o install.sh
chmod +x install.sh
# Local machine (phases 1-3):
bash install.sh --local
# VPS (phases 4-5):
bash install.sh --vps --all --domain yourdomain.com
# Pre-flight checks only:
bash install.sh --check
# Uninstall everything:
bash install.sh --uninstallLeave Windows/macOS. Enter Linux.
"The first step to freedom is owning the ground you stand on."
| Before | After |
|---|---|
| Windows 11 (telemetry to Microsoft) | Linux Mint / Fedora / Pop!_OS |
| macOS (locked to Apple ecosystem) | Full control of your hardware |
curl -fsSL https://raw.githubusercontent.com/Michae2xl/sovereign-stack/main/scripts/install.sh -o install.sh
bash install.sh --local-
Choose your distro:
- First time? → Linux Mint (looks like Windows, just works)
- Developer? → Fedora (cutting edge, secure by default)
- Gaming? → Pop!_OS (Nvidia support out of the box)
-
Create a bootable USB:
- Download Ventoy → copy ISO to USB → boot from it
-
Install: Follow the guided installer (15 minutes)
-
Post-install essentials:
sudo apt update && sudo apt upgrade -y # Debian/Ubuntu/Mint sudo dnf upgrade -y # Fedora sudo apt install -y curl wget git htop neofetch
Phase 1 complete. You now own your operating system.
Your browser is the biggest leak. Fix it.
"Every tab you open tells a story. Make sure only you can read it."
| Before | After |
|---|---|
| Chrome (Google sees everything) | Firefox hardened + uBlock Origin |
| Google Search | SearXNG / DuckDuckGo / Brave Search |
| Chrome password manager | Bitwarden (or KeePassXC offline) |
| No anonymous browsing | Tor Browser (maximum anonymity) |
bash install.sh --local-
Install Firefox (comes pre-installed on most Linux distros)
-
Essential extensions:
- uBlock Origin — blocks ads + trackers
- Privacy Badger — learns to block invisible trackers
- HTTPS Everywhere — forces encrypted connections
- Cookie AutoDelete — clears cookies on tab close
- Multi-Account Containers — isolate sites from each other
-
Harden Firefox settings:
- Go to
about:configand set:
privacy.trackingprotection.enabled = true privacy.resistFingerprinting = true network.cookie.cookieBehavior = 5 dom.security.https_only_mode = true geo.enabled = false media.peerconnection.enabled = false # disables WebRTC leak - Go to
-
Change default search engine:
- Settings → Search → Default Search Engine → DuckDuckGo
- Or self-host SearXNG later in Phase 4
Phase 2 complete. Your browsing is now private.
Replace every Google app with something you control.
"Every app you degoogle is a chain you break."
| Google Service | Replacement | Why It's Better |
|---|---|---|
| Gmail | ProtonMail / Tuta | E2E encrypted, no ads, Swiss/German law |
| Google Drive | Nextcloud (Phase 4) or Proton Drive | Your server, your files |
| Google Photos | Immich (self-hosted) | Identical UX, zero cloud dependency |
| Google Calendar | Proton Calendar / Nextcloud | Encrypted, syncs with phone |
| Google Maps | OsmAnd / Organic Maps | Offline maps, no tracking |
| Google Docs | LibreOffice / Nextcloud Office | Full office suite, no cloud lock-in |
| Google Keep | Joplin / Standard Notes | E2E encrypted notes |
| YouTube | FreeTube / NewPipe (Android) | No ads, no tracking, no recommendations |
| Google Authenticator | Aegis (Android) / Ente Auth | Open source, encrypted backup |
| Google Messages | Signal / Element (Matrix) | E2E encrypted by default |
| Chrome passwords | Bitwarden / KeePassXC | Open source, cross-platform |
| Google DNS | NextDNS / AdGuard Home (Phase 4) | No DNS logging |
| Android stock | GrapheneOS / LineageOS | Degoogled Android |
bash install.sh --local- Email — Switch to ProtonMail. Forward Gmail. After 30 days, delete Gmail.
- Passwords — Export Chrome passwords → import to Bitwarden
- Search — Set DuckDuckGo/Brave Search as default everywhere
- Messages — Install Signal, convince your close contacts
- Photos — Set up Immich (Phase 4) or use Proton Drive
- 2FA — Export Google Authenticator → Aegis/Ente Auth
- Phone — GrapheneOS if you have a Pixel (best option)
# Go to https://takeout.google.com
# Select: Gmail, Drive, Photos, Calendar, Contacts, Chrome bookmarks
# Export → Download → Import into new servicesPhase 3 complete. Google no longer has your daily data.
Deploy your own server. Own the infrastructure.
"A knight doesn't rent his castle. He builds it."
This is where you get your own VPS and self-host everything.
| Service | Replaces | What It Does |
|---|---|---|
| Nextcloud | Google Drive/Docs/Calendar | Files, office, calendar — all yours |
| Vaultwarden | LastPass, 1Password | Password manager for the whole family |
| Matrix/Element | WhatsApp, Discord | E2E encrypted chat, your server |
| SearXNG | Google Search | Private metasearch, no tracking |
| Immich | Google Photos | Photo backup with AI features |
| Jitsi Meet | Zoom, Google Meet | Video calls, no account needed |
| AdGuard Home | Google DNS | Network-wide ad blocking |
| WireGuard | NordVPN, ExpressVPN | Your own VPN |
| Stalwart Mail | Gmail (server-side) | Full mail server |
| Forgejo | GitHub | Your own Git hosting |
# SSH into your VPS
ssh root@YOUR_VPS_IP
# Download and run
curl -fsSL https://raw.githubusercontent.com/Michae2xl/sovereign-stack/main/scripts/install.sh -o install.sh
# Install all services
bash install.sh --vps --all --domain yourdomain.com
# Or pick what you need
bash install.sh --vps --nextcloud --vaultwarden --searxng --domain yourdomain.com| Provider | Privacy | Price (8GB) | Notes |
|---|---|---|---|
| Hetzner | GDPR | ~EUR 9/mo | Best price/performance |
| Njalla | Zero KYC | ~EUR 15/mo | Crypto only, Pirate Bay founder |
| 1984.is | Iceland | ~EUR 15/mo | Strongest free speech laws |
| Contabo | OK | ~EUR 6/mo | Cheapest option |
| Minimum | Recommended | |
|---|---|---|
| RAM | 4GB | 8GB+ |
| CPU | 2 vCPUs | 4+ vCPUs |
| Disk | 40GB | 80GB+ |
| OS | Ubuntu 22.04 | Ubuntu 24.04 |
Phase 4 complete. You have your own infrastructure.
Connect everything. Close every leak. Full sovereignty.
"The sovereign answers to no one. Every byte is yours."
- Phone to VPS: Nextcloud sync, Vaultwarden auto-fill, Matrix on Element
- Desktop to VPS: Nextcloud client, WireGuard always-on, SearXNG as default search
- DNS to AdGuard: All devices use your private DNS (blocks ads + trackers network-wide)
- Email to your server: Stalwart Mail receives, ProtonMail forwards
- Backups encrypted: Rclone encrypts + uploads to Mega.nz / Backblaze B2
- Monitoring via Grafana: You see everything, nobody else does
- Tor .onion services: Access your stack from anywhere without exposing your IP
bash install.sh --vps --all --domain yourdomain.com- All devices use WireGuard VPN
- All devices use AdGuard DNS
- All passwords in Vaultwarden
- All files in Nextcloud
- All photos in Immich
- All messages on Signal/Matrix
- All searches on SearXNG
- All email on your server
- Google account data exported and deleted
- Google account closed or empty
- No more Chrome, no more Google DNS, no more Google anything
Phase 5 complete. You are sovereign.
- Google has 15+ years of your data
- Gmail scans 1.8 billion accounts
- Chrome has 65% browser market share
- Google DNS (8.8.8.8) resolves 1 trillion+ queries/day
- Android sends location to Google 340 times/day (even with GPS off)
- Data breaches (Google was breached in 2018, exposed 500K accounts)
- Government requests (Google complied with 83% of data requests in 2023)
- Ad profiling (Google knows your health, politics, finances, relationships)
- Vendor lock-in (try leaving Google — it's designed to be hard)
- Terms of Service change (they can, and do, change what they do with your data)
Sovereign Stack. Step by step. No hacking required. Just follow the guide.
Q: I'm not technical. Can I do this? A: Yes. Phase 1-3 require zero server knowledge. Phase 4-5 have scripts that do the heavy lifting.
Q: How long does the full journey take? A: You can complete all 5 phases in a weekend. But there's no rush — each phase is independent.
Q: Does it cost money? A: Phases 1-3 are free. Phase 4-5 need a VPS (~EUR 6-18/month). That's less than a Netflix subscription for owning your entire digital life.
Q: Can I do this on Mac? A: Phases 2-5 work on macOS. Phase 1 (Linux) is optional if you're on Mac — skip it and start at Phase 2.
Q: What about my phone? A: Phase 3 covers app replacements for Android/iOS. For maximum privacy: GrapheneOS on a Google Pixel.
Q: Is this related to Freedom Stack? A: Yes. Freedom Stack is the Agent Privacy Cloud — infrastructure for AI agents. Sovereign Stack is the human journey — your personal digital freedom. They complement each other: Phase 4 can optionally include the Agent Privacy Cloud.
sovereign-stack/
├── README.md <- You are here
├── LICENSE <- AGPL v3
├── CONTRIBUTING.md
├── skills/
│ └── sovereign/SKILL.md <- Claude Code skill
├── scripts/
│ └── install.sh <- One script does everything
└── docs/
├── phase1-hero.md <- Detailed Phase 1 guide
├── phase2-guardian.md <- Detailed Phase 2 guide
├── phase3-warrior.md <- Detailed Phase 3 guide
├── phase4-knight.md <- Detailed Phase 4 guide
└── phase5-sovereign.md <- Detailed Phase 5 guide
GNU Affero General Public License v3.0 — Free as in freedom.
- Freedom Stack — Agent Privacy Cloud: privacy infrastructure for AI agents (Ollama, n8n, Qdrant, Tor, sandbox)
Your sovereignty starts with Phase 1.
curl -fsSL https://raw.githubusercontent.com/Michae2xl/sovereign-stack/main/scripts/install.sh | bash -s -- --localStar this repo if you believe privacy is a right, not a product.
Privacy costs money. If Sovereign Stack helped you break free, consider supporting the project.
Zcash (Shielded — fully private): Send from any shielded wallet — Mobile: ZODL, Zingo, Ywallet, Zkool — Desktop: Zingo, Ywallet, Zkool
u12rrgyaz7hwyzf0px29ka43tvk7nu92w7mzc99yv9ld3pg96fp4ef0mxe5kd0j5544yc33jqe66fd5s0fjv7uvsxh0uz24c7fuw44wfwcg2g74jgg2ukmpvc0l4a7r56sgjrra35fy4f0k3spjn5uh6kqxx5elmuv3ajd7zjs8s973e0n
Bitcoin:
bc1qus6gvfyepx38apvdxvqh4qj8n3d0jssthzmlnx