The Sovereign Stack - HCPP23
Table of Contents
First, get the slides at imgur.
Introduction
The venerable investor and creator of Mosaic, the first browser, Marc Andreessen, said about 10 years ago that “Software is eating the world.”1
And that’s true.
More and more professions and aspects of everyday life are first simulated in the digital world before materializing into the physical one.
The number of Internet users grew from just 413 million in the year 2000 to over 4.9 billion in 2021. That’s more than a 1,100% increase in just over two decades.2
Software is indeed eating the world, but it has made a Faustian bargain in its insatiable hunger. The software stack has become grotesquely centralized, with a minuscule number of players controlling most of the infrastructure.
The Kubernetes scale is a nightmare regarding its deployment complexity and carries a profoundly troubling philosophical implication.
It’s one cloud to rule them all, and by all, I mean everyone.
This is not just about technology; it’s about power, control, and the very nature of our digital and physical sovereignty.
During Hurricane Maria that hit the Caribbean in 2017, most of Puerto Rico lost power, but not a data center in the center of San Juan. The whole island was plunging into darkness, disconnected from the rest of the world but not the data center.
Workers mention that people around the island visited the data center for shelter. They charged their phones to talk with loved ones, used the facilities, and even the Government set up a call center to coordinate rescue operations.3
Does that image sound familiar?
It’s like a church.
A data center fulfilled the same function that churches did in the past, offering shelter to displaced people and coordinating food and medical care.
A data center worker said the following:
“Our data center was like a congregation, and we were like the priests.”
But there are other parallels we can find with religion.
Many years before creating OpenAI, Sam Altman wrote, “Successful people create companies. More successful people create countries. The most successful people create religions.”4
Well, with OpenAI increasingly becoming one and chatGPT its first missionary, a handful of companies control the training and application of AI. A kind of technology that is only rivaled by the Internet itself or even Nuclear power.
And Religions are usually centralized.
But how centralized is the Internet, exactly?
In 2023, Amazon, Microsoft, and Google had over 50% of the cloud market.5
Apple currently has Over $2 trillion market capitalization, which puts it immediately into the G8.6
Apple made 12.5 Billion dollars in 2022 selling Airpods7. For comparison, Dassault Aviation, which builds the known Rafale, one of the most advanced jets worldwide, had a net revenue of around 7 billion dollars.8
Apple made more on selling Airpods than Dessault from selling Rafale.
Finally, let’s see the concentration of data centers9, which is heavily skewed to the US, and the graphic looks suspiciously a lot like the distribution of Nuclear warheads worldwide.[^nuclear_warcheads]
Billions of users and millions of applications are reduced to a few thousand data centers and tens of operators and hardware providers.
The future is bleak, and there is no reason to sugarcoat this.
A new hope
Counter to the dystopian reality, another breed of software rapidly expands in peer-to-peer, end-to-end encryption, and blockchains.
Peer-to-peer systems with improved ergonomics and UX. Platforms that are cloud-based but offer cryptographic solid primitives with end-to-end encryption.
Blockchains emerged with Bitcoin as an attempt for a decentralized and open settlement layer. Ethereum is built on that premise and can settle any state, not only value, expanding on the use cases.
Hardware is cheaper than ever, and with the proliferation of open-source hardware, self-hosting applications is again practical.
In this talk, we will address “The Sovereign Stack”. The Stack of technologies is required to support and enable Sovereign Individuals and Communities.
We have all this digital centralization; where does the individual stand? This leads us to an essential discussion on sovereignty. After, we will discuss the distinct layers of the Stack.
What is sovereignty
Traditionally, the term “sovereign” has been associated with the unyielding power or authority vested in a monarch or state, as illustrated by Thomas Hobbes in his seminal work Leviathan.
However, the sovereignty narrative is being rewritten as we transition into the digital epoch.
The Sovereign Individual, a term coined in the eponymous book, symbolizes a departure from centralized sovereignty to a decentralized, individual-centric sovereignty.
In Hobbes’ Leviathan, subjects are part of a centralized authority. However, the Sovereign Individual stands apart. They are self-governed entities.
This new breed of individuals possesses the digital autonomy to control their own data, privacy, financial assets, and even their governance structures, unbound by the dictates of centralized entities.
As we go deeper into the Sovereign Stack, we’re not merely exploring a technological construct but embarking on a journey towards a societal paradigm where empowering individuals and communities is not an aberration but the norm.
Sovereignty is a spectrum
Moreover, we must remember that sovereignty is a spectrum, not binary.
This simple realization will be helpful as we discuss tools offering a different degree of sovereignty.
The Sovereign Stack
Clearly, centralized technologies and services cannot serve the Sovereign Individual.
The new tools need to:
- be private
- be permissionless
- be non-KYC based, aka pseudo-anonymous friendly
- be censorship resistant
I won’t mention any new groundbreaking piece of technology. The value we discuss is talking about these technologies as a whole.
Let’s go through the sovereign Stack.
- Hardware
- Network
- OS
- Network Privacy
- Blockchain
- Wallet & Identity Management
- Wealth Management
- Coordination
- Work
- AI
Hardware
Our journey towards software sovereignty begins with the basics - the hardware we run our applications. It’s crucial to remember that all our efforts towards software sovereignty could be in vain if our hosting provider, like Hetzner, decides to shut us down without warning.
Over the last few years, the cost of computing has fallen dramatically. Single-board computers like the Raspberry Pi and BeagleBone have enabled vast experimentation in home computing and the Internet of Things. Due to their affordability and versatility, these devices have made it perfectly viable to self-host essential services, like Nextcloud for storage or Mail-in-a-Box for your mail server.
Another critical piece of hardware is the security keys and hardware wallets, such as YubiKey or Trezor. These devices, no larger than a small USB stick, can safeguard millions in value.
In digital sovereignty, hardware wallets and security keys serve a similar purpose. They allow us to control our digital assets and identities independently of any centralized authority or platform.
Finally, hardware that follows the open-source ethos is vital. Framework and System76 enable their users to know precisely what hardware their computer runs on and what software can be installed, and of course, they safeguard their right to repair the hardware.
Network
This layer is trickier, as it’s currently far more centralized and regulated than the hardware layer, but it’s equally important.
Network sovereignty can also be achieved on the software level, which we will discuss later. Solutions like Starlink will be crucial for Sovereign Communities and individuals. Given how valuable it is to be connected to the Internet, people must have options between providers, not from a product point of view, but from a regulatory one.
It’s much simpler for a Government to impose some regulation or censorship upon the land-based ISPs than to attempt to coordinate on an international level and enforce their rules to Starlink or similar.
Network providers NOT physically headquartered in the country where we operate will offer a powerful arbitrage opportunity.
You may prefer a landline because it’s cheaper but heavily censored. You could use Starlink because of the opposite.
OS
It’s the software that directly interacts with our hardware and makes it possible for other applications to run. Therefore, our operating system must respect our sovereignty.
Regarding operating systems prioritizing privacy, freedom, and user control, Linux and BSD distributions are the obvious answers, as they have matured enough to offer a great UX for most people; for example, they come with an App Store.
Another great option is the various distributions of Android, the only pragmatic way forward for mobile phones.
Finally, an exciting approach to this would be Urbit, a new OS system that includes a new p2p network stack and an identity system. Explaining Urbit would require another slot in the conference, so I will leave this as an exercise for you all.
Network Privacy
The prominent first tools are simple VPNs that leverage the coordination cost to make it hard enough for some jurisdictions to curb Internet freedom. In essence, it delegates trust to the VPN provider. When we decide on what VPNs to use and suggest, we need to answer two questions:
- How much “sovereignty” do we want? Do we want to download torrents for movies or something else?
- What jurisdiction does the VPN reside in, and how likely is it to be forced to comply?
Then, we have projects like Tor and Nym that offer much more robust protection and, thus, sovereignty, but with a higher cost or worse UX. For example, Tor is notoriously slow.
Blockchain Settlement Layer
Now, this layer is crucial.
It enables all the sovereign communities and individuals to agree on a shared world view. That’s the crux of it.
It could be as simple as who owns which Bitcoins or something far more complex like MakerDAO in Ethereum.
Although most of the L1s are not private, there are lots of projects that are working on tackling the problem of privacy in public ledgers:
- Some projects offer privacy on top of a blockchain that doesn’t show it natively, like Tornado Cash, Railgun, Umbra cash
- Other projects build new L1 or L2s with Privacy built-in, like Monero, Zcash, Penumbra, Aztec, and DarkFi
Finally, the crackdown on Tornado saw 2 developers jailed and, with a substantial legal battle ahead, could be the canary in the mines.
I am confident that it’s intended as a warning shot for those who work in enabling privacy for users. In a panel with Snowden during DevCon Bogota, I remember that he mentioned that before we start a project and think of whether we should launch it anonymously or eponymously, we should ask the following question:
“How disruptive is the project to the status quo?”
If it is disruptive, you should do it anon because the system will trample any pretence of legitimacy to make an example out of people.
They don’t want you working on privacy.
Wallet & Identity
The wallet is the interface with the blockchain. It’s responsible for:
- managing our keys, like a password manager
- issuing the appropriate transactions
One thing we have yet to see a lot in wallets is wallets with privacy in mind. Although most wallets like Rainbow or Metamask offer excellent user experience, they log user activity everywhere.
The first generation of identities was based on Certificate Authorities and PGP keys. The Certificate Authorities, although practical, offer a centralized system that can be freely censored and manipulated. PGP keys offered an alternative web of trust model, where people would sign one another’s public key.
Using the blockchain as a PKI offers a universal interface that we can use to verify our identity. Using applications that support such identification, the identity ownership passes from the applications back to the users without compromising the User Experience.
Finally, new developments in zero knowledge technology enable users to attest to something without revealing specific information. In the world of pseudo-anonymity, it’s invaluable to prove something about one of my identities without revealing the particular identity. For example, Mismo, Semaphore by PSE, and zkLogin by Sui.
Wealth Management
DeFi platforms, such as MakerDAO, can offer sovereign individuals safe and trustless vehicles to invest and grow their wealth, as anyone can do in the TradFi world. In this category, we put the DeFi protocols that live on blockchains and enable users to acquire debt, lend money, and perform financial and wealth management actions without an intermediary party.
To understand the importance of this, think of the infamous truckers incident in Canada, where the Government simply removed their access to their bank accounts to curb their resistance.
A bank account is a 2 of 3 multi-sig between you, the bank, and the Government.10
Of course, it’s important to mention that it’s not trivial to analyze the true extent of the sovereignty of these protocols and how they would behave in the event of extreme crackdowns.
MakerDAO, for example, is currently collateralized by USDC at around 10% and approximately 20% with Real World Assets. That makes it vulnerable and limits its absolute sovereignty.11
Generally, it is hard to say which protocols are not susceptible and exposed to centralized points of failure due to the money-lego nature of the space.
Coordination, Communication & Social Media
The most critical and challenging aspect of the human condition is coordination. I advise everyone to read “Meditations on Moloch” as an introduction to why it is so important and challenging at the same time.
We need tools to:
- Signal our preferences
- Attest for something
- Communicate
- Socialise
All of these require the same principles we discussed, like ownership and privacy.
One of the most important slices of the Stack. We are social beings, and we need to communicate and socialize. While people usually focus on secure encrypted messaging apps like Signal, that is half the story. For better or worse, we want to have social media. People want to share their lives with people they care about.
The goal is to use applications where we own our identity.
Applications that don’t harvest our private data because they are encrypted end-to-end.
Applications that are built on protocols so that you are never locked into a single app. Use applications that we can host ourselves.
Examples are Farcaster, Mastodon, Lens, Nostr, and Bluesky (which spun out of Twitter).
Moreover, self-hosted forums like Discourse offer an excellent foundation for governmental work. Slow, long-form communication for the most important of decisions.
Tools for the Job
Digital tools are essential for our work as sovereign individuals and knowledge workers.
We need tools to write, present, and manipulate data. For example, Libre Office is an alternative to Microsoft Office, and Skiff is an alternative to Google’s suite of tools.
We need tools to write and share code, like Radicle. Tools to track our work internally, like Plane, an open-source version of Linear.
I recently went through the exercise of creating the usual business tools suite out of either encrypted end-to-end or self-hosted tools.
Recently, I read something from the CEO of Obsidian. Obsidian is this open-source, note-taking app, and he wrote that we should always choose file over app. Use tools that store information in open formats, where we control how we write and read them. Prefer git-based tools, markdown-based tools, etc.
AI
I chose to add AI on its own slice and not alongside the previous one because its impact is second to none.
I have been using chatGPT and chatGPT-powered tools in my daily flow, and how I code and learn has changed dramatically. We must fight and disconnect the power of AI from open AI as the monopoly of it.
In a few years, AI-powered tools will be everywhere, and we won’t be able to remember how it was when we couldn’t chat our way out of a problem. As I have said, it will bring unprecedented personal leverage, and the sovereign individual can’t afford to use it.
The way out is not to dismiss the technology altogether but to work and invest in making local AI approach the quality chatGPT.
And already, models like Alpaca and LlaMa by meta-research have shown that a model trained on the cloud and then run locally can offer comparable features. Stable Diffusion has been equally performant to models like MidJourney and Dall-E if trained and tuned correctly.
Finally, access to hardware like NVIDIA’s H100 cards is crucial for training and tuning models. However, with the USA already initiating export restrictions on such chips, there’s a looming threat that governments might tighten control, akin to weaponry regulations, hindering our capacity to fully harness AI for digital sovereignty.
On a broader scale
Finally, if we zoom out, there are several technologies that we all know, and if you think about it, they are essential to sovereignty.
Asymmetric Violence: The ability to exert an asymmetric amount of violence. The most poisonous animal in the world is a tiny octopus with enough venom to kill 18 people. Ultimate sovereignty comes from other people NOT BEING ABLE to harm you, either because it’s impossible or irrational. Without violence in some form (for example, cyber warfare), it’s impossible to be one hundred percent sovereign.
Nuclear nations are the only genuinely sovereign ones. The others have a varying degree of sovereignty gained through a complex system of laws and relations.
Startup cities and network states are an excellent tool for sovereign individuals as they offer jurisdictional arbitrage. Communities and individuals can leverage the coordination failure at an international stage to have a way out, an exit plan to a friendlier jurisdiction. For example, Switzerland has been a hub for privacy companies because it’s easy to set up a company there, and they have strong privacy laws.
Call to Action
Star Wars Andor is a TV series set in the world of Star Wars after the fall of the Republic and the rise of the Empire. We follow a band of rebels as they try to start the Rebellion.
One of the protagonists says:
The Empire has been choking us so slowly we are starting not to notice
This is precisely what’s happening worldwide about freedom. Digital surveillance is increasing under the guise of protection, but nobody is paying attention.
In the aftermath of 9/11, the US pushed through the PATRIOT Act, a bill allowing unprecedented citizen surveillance. The full extent of this surveillance only became apparent with Edward Snowden’s revelations in 2011.
Recently, the UK introduced legislation requiring companies to scan their content for “child abuse content,” a task impossible with end-to-end encryption. It effectively outlaws encryption.
Civil and online liberties are being eroded under the guise of anti-terrorism, child protection, or convenience. Cash, the ultimate privacy currency, is being phased out.
It’s not just in countries like Iran12 or China13. It’s also happening in Turkey14, Greece15, Russia16 and Hungary17.
Ideas that were once considered fringe and dystopian are now becoming mainstream.
Even in crypto, centralization is creeping in with the introduction of Central Bank Digital Currencies (CBDCs). Stablecoins are currently leading in value settlement, ahead of Bitcoin.18
This is another quote from the same Star Wars series:
The Empire is a disease that thrives in darkness; it is never more alive than when we sleep […]
The more everyday people disregard freedom or individual sovereignty, the more these liberties disappear.
We need to talk about the Stack as a whole, not because it’s an excellent idea, but because all layers are required for true sovereignty.
You can’t just use Signal and then have your bank account frozen.
You can’t use crypto for everything, but use telegram and google for all your work.
Break a single link, and the whole chain is compromised. Your sovereignty as an individual or group is only as strong as the weakest link.
Thus, we should
- Use the tools of the Sovereign Stack
- Contribute to these tools, either with funds or development time
- Advocate for digital privacy and sovereignty to friends, community, and policymakers
Build them now. So they are ready then.
Because when we need them, it will already be too late.
“Love responsibility. Say: It is my duty, and mine alone, to save the earth. If it is not saved, then I alone am to blame.”
Thank you for joining this critical discussion and for your commitment to preserving digital sovereignty
References
-
https://datareportal.com/global-digital-overview#:~:text=There%20are%205.19%20billion%20internet,higher%20in%20many%20developing%20economies ↩
-
https://aeon.co/essays/downtime-is-not-an-option-meet-the-stewards-of-the-cloud ↩
-
«https://blog.samaltman.com/successful-people> ↩
-
https://www.statista.com/chart/18819/worldwide-market-share-of-leading-cloud-infrastructure-service-providers/Â ↩
-
https://www.dassault-aviation.com/en/group/finance/consolidated-financial-operating-highlights/Â ↩
-
https://www.statista.com/statistics/1228433/data-centers-worldwide-by-country/Â ↩
-
https://www.wired.com/story/iran-mahsa-amini-internet-shutdown/Â ↩
-
https://en.wikipedia.org/wiki/Internet_censorship_in_China ↩
-
https://www.hrw.org/news/2022/10/14/turkey-dangerous-dystopian-new-legal-amendments ↩
-
https://www.politico.eu/article/christos-rammos-greece-privacy-chief-fighting-prime-minister-kyriakos-mitsotakis-spyware/Â ↩
-
https://en.wikipedia.org/wiki/Internet_censorship_in_Russia ↩
-
https://freedomhouse.org/country/hungary/freedom-net/2021Â ↩