Static version, no JavaScript.FRENView the animated version
onsecret.

Monero · EU · upstream open-source

Hardened hardware, documented line by line.

De-Googled phones, sovereign-OS laptops, anti-tracking routers and privacy tools — assembled on top of published open-source projects (GrapheneOS, Qubes, Tails, OpenWRT, blue-merle) and documented without superlatives. Each page states what the device changes, and what it does not. Monero payment.

View productsRead our threat models
Single origin
No third-party scripts
Payment
Monero (XMR)
Sources
Upstream, dated
Monero payment, no logsVerifiable upstream sources.onion service readyPII encrypted at rest

Three lines

One line per use, not a catalogue.

Each line starts from a defined adversary. We assemble to order and document every choice.

Three lines

Phone

Pixel running GrapheneOS. Verified boot, per-app network and sensor permissions.

grapheneos.org
Three lines

Laptop

ThinkPad with coreboot + Heads. Measured boot, attestation via a secret only you know. Qubes or Tails.

coreboot.org
Three lines

Router

OpenWRT with WireGuard and a kill-switch. No traffic leaves if the tunnel drops.

openwrt.org
Full catalogue

Our approach

Harden what can be hardened. Say so when it can't.

We do not invent cryptography. We reduce attack surface on top of auditable work — and we show the limits with the same weight as the features.

What we do

  • Replace the stock firmware/OS with a hardened, open build and verify it boots.
  • Document every choice and link to the upstream project, so you can verify it yourself.
  • Start from a sober threat model: the adversary we help against, not a promise of safety.

What this does not protect against

  • No device is “unbreakable”; given time and resources, hardware can be attacked physically.
  • A VPN is not anonymity; encryption does not protect an unlocked, running device.
  • Cellular basebands and most radios remain proprietary and are not audited by us.
Read our full approach

Threat models

For whom, against what.

A device is only useful against a defined adversary. Start from the profile closest to yours.

JournalistProtect your sources: targeted surveillance, seizure, metadata.ActivistState surveillance, arrest, compartmentalising sensitive use.TravellerBorder checks, hostile Wi-Fi, device out of your sight.ExecutiveEconomic espionage, targeted intrusion, interception.
See all threat models

Transparency

What makes our claims verifiable.

PaymentMonero, no logs

The only payment method. No visitor IP logs, no analytics, no trackers.

ProvenanceDated upstream sources

Every build links to published open-source projects, with a last-verified date.

Access.onion service ready

The site loads only from its own origin: no external fonts or CDNs, no third-party scripts.

DataPII encrypted at rest

The shipping address is encrypted and decrypted only to print a label; email is optional, then purged.

See the Transparency page

Choose by your adversary, not by a promise.

Start from your threat model, then compare what each line actually changes.

View productsRead our threat models