Sovereign Cloud Manifesto
History
In the early 2000s, open source software embodied a universal ideal: technology for everyone, by everyone. Pioneered by movements like the Free Software Foundation (FSF) and the GNU Project, it promised liberation from proprietary silos. Linux distributions flourished, source code was shared freely across borders, and communities collaborated without regard to nationality or politics. The ethos was simple—software as a global commons, empowering individuals to control their digital lives.
The Erosion of the Open-Source Ideal
The original vision of open source as a universal, borderless commons has come under serious threat. Google's Android, once celebrated as an open-source success story, has steadily become more proprietary since 2013. Core components such as Google Play Services are now closed-source, creating powerful dependencies that effectively lock users into Google's ecosystem.
This erosion has been greatly accelerated by geopolitical forces. The United States has increasingly weaponized technology since 2017 through tools such as OFAC sanctions, restricting access to software platforms and code repositories for nationals of Russia, Iran, and other countries—most visibly through limitations on GitHub and the exclusion of Huawei from global technology markets. Meanwhile, China maintains its Great Firewall and enforces strict data localization rules, further fragmenting the global internet.
Open source began as a global, collaborative ideal. Corporate cloud platforms then delivered extraordinary convenience and integration—but at the price of growing lock-in and external control. After a decade of trading privacy and autonomy for convenience, a growing number of users are now reconsidering the bargain.
The Hidden Cost of Convenience
Imagine you are an Australian software developer in Dubai, an American teacher in Tbilisi, a British consultant in Bogotá, a Canadian designer in Istanbul, or a Dutch product manager in Hong Kong. Your entire digital life—passwords, family photos, work documents, 2FA codes, banking apps—is tied to Google, Apple or Microsoft accounts. Then one day a new regulation, sanctions list update, platform policy change or even a mistaken fraud flag locks you out. Suddenly you cannot log into your bank, show proof of address, access family memories, or even receive your next freelance payment.
The risk isn't only legal—it's also technical. Consider a major Gmail outage due to a scaling failure, or a catastrophic data loss at a popular password manager. For someone whose life is built on that single service—storing passwords, family memories, and work correspondence—such an outage isn't just an inconvenience; it's a complete digital blackout. Self-hosting your critical passwords and photo archive across redundant, independent servers isn't just about avoiding sanctions; it's about eliminating the single point of failure that a billion-user platform inevitably becomes.
The Vision: Practical Digital Resilience
You are not collateral damage in someone else's conflict.
The Sovereign Cloud project offers a prudent backup strategy for your digital life. It lets you keep using convenient services while ensuring continuity of access when those services become unavailable.
By self-hosting your essential data—emails, contacts, passwords, and documents—on inexpensive, globally distributed servers, you create a personal safety net. This is about taking real ownership of the 10–20 GB of data that actually runs your daily life.
What Sovereign Cloud Is Not
- Not a complete rejection of big tech services
- Not a zero-maintenance solution; it requires occasional care
- Not for everyone—but for those who value long-term control, it's worth the modest effort
Key principles:
- Open Source First: Use auditable, community-driven software to avoid vendor lock-in.
- Low Cost, High Resilience: Leverage cheapest global services while enabling local backups on USB drives or home servers.
- Multi-Region Flexibility: Mirror data across diverse hosts to evade sanctions or outages.
- Privacy by Design: End-to-end encryption, zero-knowledge proofs, and minimal data exposure.
- Built on Enduring Foundations: This project builds upon the work of organizations like the EFF and GNU Foundation, which have long championed verifiably free software and digital rights.
- Ease for All: Step-by-step markdown guides make setup accessible, even for non-experts.
This path requires some upfront effort and ongoing care—it is not zero-maintenance. Setting up the initial stack usually takes a few hours to a full day. Ongoing maintenance averages 1–4 hours per year once everything is stable. Backups only protect you if you verify them periodically. If you want completely hands-off convenience, the big clouds are still easier today. Sovereign Cloud is for people who value long-term control and independence enough to invest a modest amount of time—the same way many people choose to maintain their own home, car, or garden instead of outsourcing everything.
The Integrated Alternative: Yunohost
The services outlined in this manifesto—mail servers, password managers, cloud storage—are typically deployed as separate components. This approach offers maximum flexibility, but it also requires assembling the pieces yourself. During our research, we discovered that Yunohost offers a compelling alternative: a unified graphical shell that integrates these core services into a single, coherent system. It transforms a bare Linux server into a personal cloud appliance, complete with single sign-on, automated TLS certificates, and unified backups.
Under the hood, Yunohost relies on the very same battle-tested software we document—Postfix and Dovecot for mail, Nextcloud for files, Vaultwarden for passwords—but wraps them in a user-friendly interface. For the majority of users, this dramatically lowers the barrier to sovereignty. Instead of spending days configuring and integrating each service, you can deploy the full stack in hours. The underlying ownership remains yours; the complexity is simply organized.
Importantly, Yunohost does not lock you out of the manual refinements that this manifesto champions. For specialized needs—such as routing outgoing mail through SMTP2GO to ensure deliverability from VPS hosts—you can still drop into the command line and adjust Postfix configurations directly. Yunohost thus represents the best of both worlds: the accessibility of an integrated platform with the transparency and control of handcrafted open-source software.
Use Cases: Empowering the Individual
- For the Prudent Professional: You live a global life. You might be a European in Hong Kong, an American in Dubai, or a freelancer traveling through Southeast Asia. Your concern isn't revolution—it's continuity. Sovereign Cloud allows you to:
- Self-host a password manager (Vaultwarden) so your bank logins are never held hostage by a third party.
- Maintain a private email server for critical communication, independent of Gmail or Outlook policies.
- Keep documents in a self-hosted cloud (Nextcloud/Immich) with automatic backups to a local drive.
- This setup acts as an insurance policy, ensuring access to your digital essentials regardless of geopolitical shifts or platform outages.
- Privacy by Design: End-to-end encryption, zero-knowledge proofs, and minimal data exposure. When data leaks can lead to legal exposure or physical risks, minimizing what any single service knows about you is a rational precaution.
- For families who want to own their photo and video archive for decades.
- For globally mobile people who want continuity no matter where life takes them.
Core Services & Guides
Self-hosted sovereign cloud setups usually start at USD 2–5/month for the server, plus about USD 0.04–0.10 per extra GB of storage. By contrast, Google One and iCloud+ look extremely cheap—sometimes almost free for small amounts, and still very low-cost even at several terabytes. The real cost, though, is lock-in: getting data in is frictionless, but getting it out again is slow, fragmented, technically painful, and sometimes outright unreliable. Once your life's photos, videos, and files are trapped inside their ecosystems, the low monthly price becomes an expensive form of dependency.
This project provides practical guides for the following essential services, prioritized by foundational importance.
| Title | Description | Typical Use Case | Storage/Bandwidth Needed (typical light personal use) |
|---|---|---|---|
| Cloud Provider Choice for Minimal Always-On Services | Choosing cheap VPS providers (Hetzner, Vultr etc.) for always-on services like email, storage, proxies | Foundational for everything | 10–50 GB disk, 500 GB–20 TB/month BW |
| YunoHost | All-in-one preconfigured solution with graphical install | Beginner-friendly on-ramp | 20–40 GB disk, 500 GB–1 TB/month BW |
| Sovereign Cloud – Backup Strategy | Low-cost home-centered backups (Borg/Restic to 2 TB SSD + off-site) | Essential protection layer | 600 GB–1.8 TB on home SSD; cheap off-site (~€3–12/mo) |
| Password Manager Setup for Sovereign Cloud | Vaultwarden/Bitwarden self-hosted (or free tier) | Security core | ~10 MB disk, <100 GB/month BW |
| MailServer (Email Setup) | Hybrid self-hosted receive + free SMTP relay (Brevo/SMTP2GO) | Independent communication | 5–15 GB disk (attachments), low BW |
| Self-Hosted Cloud Storage | Nextcloud / Seafile / Immich (file sync + photos) | File access and sync | 20–100+ GB (Nextcloud/Seafile), 300 GB–1.5 TB (Immich photos) |
| Self-Hosted Photo & Video Management | Immich (Google Photos replacement, often with Nextcloud) | Preserving memories | 300 GB–1.5 TB (photos/videos) + thumbnails |
| Alternatives to Google Calendar | Nextcloud Calendar / Radicale / Proton Calendar | Schedule ownership | <200 MB (calendar data) |
| Self-Hosting Phone Contacts | Nextcloud CardDAV + DAVx⁵ (or Radicale/Baïkal) | Contact portability | <5 MB |
| Two-Factor Authentication (2FA) | Aegis (Android) + Gnome Authenticator (Linux) + backups | Account security | Negligible |
| Self-Sovereign Social Identity | Nostr (primary) + Keyoxide/WKD | Decentralized social presence | Almost zero (optional relay ~5–10 GB) |
| Private End-to-End Encrypted Chat | Matrix (Dendrite) primary; SimpleX / Nostr White Noise alternatives | Private communication | 1–3 GB RAM/disk for family scale |
| Reverse Proxy with Nginx | Nginx + Tailscale for exposing home LLM securely | Secure remote access | 5–10 GB disk, 100–500 GB/month BW on VPS |
| Network-Wide Ad & Tracker Blocking | AdGuard Home / Pi-hole | Privacy at network level | 1–5 GB disk |
| Simple Web Proxy with Tinyproxy | Tinyproxy forward proxy for bypassing blocks, or use Squid for light ad filtering | Regional access needs | 5–20 GB (with cache) |
| Self-Hosted Notes & Personal Knowledge Base | Joplin / Logseq / Obsidian + Syncthing (or TriliumNext) | Knowledge ownership | ~1–50 MB per 1000 notes |
Call to Action: Build Your Sovereign Cloud
The Sovereign Cloud is not a product—it's a practice. Start with one server, one password manager, one backup. Then add another. The goal isn't perfection; it's resilience.
Join the conversation—fork, contribute, and share. Together, we restore the universal promise of open source.
| Tweet |
|