A Noob's Guide to Self Sovereignty
A Noob’s Guide to Self Sovereignty
What’s that? You’re tired of massive corporations eating up all your data and selling it? Me too!
This is a super simple guide to privacy and self soveriegnty for both your Average Joe and your professional Arch Linux enthusiast, it’s all in laymans terms so don’t worry about getting lost along the way.
Super simple guide also naturally means summarized, so if you’re truly interested, I recommend doing your due diligence and researching about the things I mention, this is simply the barebones basics. I’ll be giving resources to guide you and some links at the bottom.
With that being said, let’s get started.
Big Corporate Owns You!
Every app you use, every search you run, every message you send is being logged, analyzed, sold, and used to build a “profile” of you that knows you better than your own mum does. Google knows what you ask. Facebook knows who you’re stalking. Your phone knows where you sleep.
And the wild part? Most people just shrug and say “I’ve got nothing to hide.” BUT WHY!!!
Anyways, this guide isn’t for those people. This guide is for you, the person who just started asking “wait, why does a free flashlight app need access to my contacts?” You don’t need to be a hacker or a tech wizard. You just need to care enough to make a few changes. Let’s go.
What Even Is Self Sovereignty?
Self sovereignty just means owning your own stuff. Your data, your money, your identity, your digital life. It means not being dependent on corporations who can delete your account, freeze your funds, or sell your info at any time just because their quarterly earnings looked a bit sad.
It’s not about being paranoid. It’s about being free.
Step One: Owning Your Money
If you’ve heard of Bitcoin and rolled your eyes, you’re the target here. No it’s not gambling, no it’s not betting, and YES it’s different from crypto.
Every bank account you have exists because a bank allows it to exist. They can freeze it, close it, flag it, report it, and in some countries governments can just straight up seize it. Your money isn’t really yours. Same goes for software like PayPal.
Bitcoin is different. Bitcoin is a system where you can hold money that nobody can take from you, block, or inflate away, as long as you hold your own keys.
A common misconception is that Bitcoin is just an investment like stocks or something, but no. It’s real deinfaltionary currency that people trade with every single day.
That phrase “not your keys, not your coins” gets thrown around a lot, but it’s genuinely true. If your Bitcoin is sitting on an exchange like Coinbase or Binance, you don’t actually own Bitcoin. You own a promise. Get your own wallet.
I don’t wanna hear “Lol that’s literally a criminal’s dream!” Just don’t be a criminal.
Getting started:
1. Getting a wallet: Go on your phone and install Phoenix Wallet or AQUA Wallet or BlueWallet, mobile wallets are preferred because they’re generally more secure and private, but there’s also web/desktop wallets like Sparrow and Rizful that are less secure but still work.
However, some wallets can be very trustworthy but not self-custodial like Wallet of Satoshi and Rizful. It’s recommended to only keep small amounts in those wallets.
2. Learn about self custody: After making your wallet, you’ll usually be prompted to save your “seed phrase”, it’s basically just writing down a 12 or 24 word phrase and keeping it safe. That phrase IS your wallet. Guard it like it’s cash, because it is. Your seed phrase is the password to your wallet.
Do NOT save your seed phrase on your phone’s notepad or a messaging app or something, because if a hacker gets a hold of your seed phrase it’s all downhill from there. Write your seed phrase on a paper.
3. Buy:
Now 1 bitcoin is worth tens of thousands of USD, but you dont deal with whole bitcoin. Every bitcoin is divided up into smaller units called “satoshis” or “sats” for short, think of them like cents. $1 is equal to around 1000-2000 sats usually.
It’s also not necessary to buy bitcoin to have it. It’s currency. You can get it by selling something or donations, or zaps (we’ll get into what zaps means later).
To buy bitcoin, use an exchange like Bisq or another low-KYC (verification) exchange. Then immediately send the bitcoin you bought to your wallet.
Bitcoin has a smaller learning curve than people claim, and it’s the only real decentralized currency we have today. I recommend reading the Anti-Riba Money by Abdullah ibn Oda to go in depth.
Step Two: GrapheneOS
Your phone is a surveillance device. Sorry. It just is. iOS and Android both phone home constantly, your location is tracked, your app usage is monitored, and advertisers know your daily routine better than most of your friends do.
GrapheneOS is a version of Android that strips all of that Google surveillance out while keeping the good stuff, like apps working, good performance, and a solid user experience. It’s built for privacy and security from the ground up.
The only downside, it currently only runs on Google Pixel phones, which is a bit ironic. But the hardware is solid and GrapheneOS completely replaces the software, so Google’s involvement basically ends when you buy the device.
However, the tradeoff is still great:
No Google spyware baked in. You can install Google apps in a sandboxed environment if you need them, but they can’t touch the rest of your phone. You get a hardened browser, better permission controls, and the ability to run multiple separate profiles on your phone. So your “banking” profile and your “personal” profile never mix.
Installation is genuinely not that hard. The GrapheneOS website has a web based installer that walks you through it step by step. If you can follow instructions and plug in a USB cable, you can do it.
Step Three: Linux
Windows is a mess, really, its convenient and popular but it also comes with forced updates, bloat, and ads literally in the Start menu now. Also, yeah, Microsoft knows what you do on your computer when you use Windows.
macOS is beautiful but it’s a walled garden that Apple controls completely. If you want a computer that actually respects you, Linux is where it’s at.
“But Linux is for programmers and nerds,” I hear you saying. Yeah, that’s true, but it’s also for YOU! Anybody can use linux and be happy.
Operating systems like Linux Mint, Zorin OS, and Pop!_OS are all built on the Linux kernel and are genuinely easy to use. If you can use Windows, you can use these. They look clean, they work well, and they don’t spy on you. You will have to learn a bit about the terminal and some stuff, but you’ll get the hang of it really fast.
Any tutorial on YouTube will teach you how to install Linux and use it comfortably.
No activation keys. No forced telemetry. No “we’re updating your PC, please don’t turn it off” at 11pm before an important meeting. No ads. Full control over your system. Free forever. Private.
Try out different operating systems in a virtual machine, see what you like. Then commit.
Most everyday things just work. Gaming has even gotten incredibly good on Linux thanks to tools like Proton, Lutris, and Steam Deck pushing things forward.
Step Four: Social Media
Twitter (or X if you’re a weirdo), Instagram, Facebook. You’ve poured years of thoughts, memories, and connections into platforms that own all of it. One policy change, one ban, one acquisition by some billionaire with weird vibes, and poof. Your account gone. Your followers gone. Your archive gone.
Now, the website you’re reading this article from is built on a social media protocol that’s different from all of these. It’s called Nostr.
Nostr is different in a way that’s kind of hard to wrap your head around at first.
Nostr is a protocol, not a platform. Think of it like email. Nobody owns email. Gmail and Outlook are just apps that connect to the same underlying system. Nostr works the same way. You have a keypair (a public key and a private key) and that IS your identity. Not an account on a server. Your keys.
Your public key holds your username and profile picture and description, basically the identity you show.
Your private key, that’s your password.
Your posts exist on multiple servers called relays. If one relay bans you or shuts down, your identity moves on. Nobody can “unperson” you. Nobody can take your followers away.
So how do I get started with Nostr, you ask?
First, go to https://nostr.com/ and press the join button, you’ll be given your key.
Your Nostr key starts with “npub” for your public address and “nsec” for your private key. Guard your nsec like your Bitcoin seed phrase. Losing it means losing your identity. There are no password resets.
The keys you were given are used on platforms to log in.
Apps that connect to Nostr include Yakihonne, Primal, NoorNote, etc. You can look up nostrapps to find more.
The thing about Nostr, if you make a post on Yakihonne for example, your post will also be visible to users on Primal, because every post you make or article you write is built on the protocol and relays, not individual centralized servers.
Bitcoin and Nostr also connect in a cool way through something called Zaps, which are tiny Bitcoin payments you send to appreciate someone’s post. It’s like a tip jar but instant and global and nobody takes a cut.
You can connect your wallet to Nostr to receive donations from other Nostr users, I recommend just using a web wallet like Rizful for ease of use and convenience. Zaps aren’t meant to be big, so don’t expect to get rich off them.
Step Five: Replace the Software That’s Watching You
This is the most practical section. Here’s a quick hit list of popular tools and what to use instead.
Browser
Instead of Chrome: use Firefox with some hardening, or Brave Browser. Both block trackers by default. There are also some great Firefox forks like Zen Browser that are open source, so it works out great.
Instead of Gmail: try Proton Mail for an easy upgrade. Tutanota is another solid option. Both encrypt your mail and don’t read it to serve you ads. If you’re feeling ambitious, you can even run your own mail server, but that’s advanced territory.
Messaging
Instead of WhatsApp or iMessage: Signal is the gold standard for encrypted messaging. Your messages are end to end encrypted and Signal knows virtually nothing about you. For group chats and communities, SimpleX Chat is a newer option that doesn’t even require a phone number.
Also, there’s apps built on Nostr which we talked about.
Cloud storage
Instead of Google Drive or Dropbox: Proton Drive is easy and encrypted. Nextcloud lets you run your own cloud on your own server if you really want to go deep. Syncthing syncs files between your own devices without any cloud at all.
Maps
Instead of Google Maps: Organic Maps is beautiful, works offline, and is based on OpenStreetMap data. OsmAnd is another option with more features.
Password manager
Instead of saving passwords in Chrome: Bitwarden is open source, audited, and has a great free tier. KeePassXC is a local only option if you don’t want a cloud anywhere near your passwords. Proton Pass is also alright.
Office suite
Instead of Microsoft Office or Google Docs: LibreOffice is a full desktop suite that handles Word, Excel, and PowerPoint files just fine. OnlyOffice is another option with a cleaner interface.
VPN
A VPN doesn’t make you anonymous but it does stop your internet provider from logging your traffic and it helps on public wifi. Mullvad is the privacy community favourite. They accept cash and even Bitcoin, don’t log anything, and don’t require an email to sign up.
You Don’t Have to Do All of This Tomorrow
What you really need is the mindset shift. Own what you own!
Self sovereignty is a journey not a destination, and you don’t have to overhaul your entire life this weekend. Pick one thing from this guide and do that first. Maybe it’s switching your browser. Maybe it’s making a Nostr account. Maybe it’s buying a small amount of Bitcoin just to understand how it works.
Every step you take is a step away from being a product and toward actually owning your digital life.
The tools are better than they’ve ever been. The community is huge and welcoming. And honestly, once you start down this path, it becomes kind of fun to see how far the rabbit hole goes.
Welcome.
✊
Minimum hardware is 1 CPU, 512MB RAM, 10GB storage (or I guess more more if you get huge mail). It’d easily run on a $15 raspberry pi.
I could say a lot on the topic of whether it’s worth it, but I think the cost side of the equation really boils down to two points:
- Needing reverse DNS and setup costs
- Basically zero maintenance cost after that
The only way I could get rDNS was to pay for a static IP address. Not a dynamic one that only changes once a year, an actual static IP. It’s an extra $15/month.
It took some work to set up qmail, but once it was set up, I’ve been good for years. I run as close to stock qmail as possible, but with TLS, thread-safe errno, and a few other patches. So things like the recent qmail vuln… didn’t affect me at all. I’ve vetted all the patches myself and I would have flagged using popen() to create an empty file as a huge risk.
The only issue I have is that I don’t have a secondary MX server off-site for when my ISP goes down and that can result in some other people’s mail servers freaking out and giving up on delivery early. They should wait 2 days, and warn the sender of a delay, and wait another 2 days before failing. If they give up within hours, it can result in getting a letter in the mail from a business who says I need to update my email address. Mildly annoying, but not the end of the world.
The other side of the equation is the benefit. That’s entirely subjective. I think it’s worth it for me, but I concede that it’s one of the hardest services to justify too. If email doesn’t work, it mucks up so many things: poorly implemented two-step verification for logins, signing up for nearly anything online, and so on.
On the flip side, I know I can get the rug pulled out from under me by an email provider. There’s no 3rd party acting as a potential central point of failure. I can spin up as many aliases as I want, or even have a catchall. When there is a problem, I can investigate it and fix it (sans things like Google’s spam filter policies, that’s on them). It’s also kinda fun to get an email saying the internet is down (since it just goes across the LAN). 😝
Would I run email for peole I don’t trust? Absolutely not. I don’t want to deal with allegations of abuse, getting put on spam lists and so on. But for me & my family? One hundred percent!
If people actually want to run qmail, I’d be willing to help mentor them, and provide some scripts, configs and the like. I’ll give you some of my time and help you 1:1, but the deal is that you have to pull your own weight. Try to figure it out yourself first. Tell me what you think is going on and why you believe that’s the case. What was your debugging process? But as long as you’re willing to put in the effort, I’m willing to lend a hand.
Reply to Dr. Hax…
Or you’re @d30ea...a9511 and run your own email server. Teach me your ways Doc. Minimum hardware and the real question, Is it worth it?
Write a comment