Sovereignty Audit Protocols for Client Platforms

Version: 1.0 | Type: Professional Practice Framework

Context: Diagnostic Toolkit for the Anvil

1. Executive Summary

This protocol provides a standardized methodology for auditing digital platforms to determine their Sovereignty Score. Unlike traditional UX or security audits, a Sovereignty Audit evaluates the power dynamics between user and platform. It determines whether a system treats the user as a Sovereign Citizen (with rights to identity, data, and exit) or a Digital Tenant (subject to arbitrary eviction and extraction).

The audit assesses three fundamental dimensions—Declaration, Connection, and Ground—to identify control points, dependencies, and vulnerabilities.

2. The Diagnostic Framework (The Three Pillars)

Pillar I: Declaration (Identity Sovereignty)

Principle: The user must be able to declare their identity and existence without permission from any platform or intermediary.

Audit Checklist:

Identity Ownership: Does the user own their username/handle (e.g., via a domain or key), or is it leased from the platform? (e.g., you@yourdomain.com vs. twitter.com/you).
Portability: Can the identity be moved to a different provider without breaking?
Authentication: Can the user authenticate without the platform's permission (e.g., via DID or WebID), or is access dependent on a central authority?
Persistence: If the platform shuts down or bans the user, does the identity survive?

Red Flag: Identities that are revocable at will by the platform (e.g., "Real Name" policies, arbitrary suspensions).

Pillar II: Connection (Communication Sovereignty)

Principle: The user must be able to communicate directly with others without platform mediation, monitoring, or monetization.

Audit Checklist:

Direct Communication: Do messages pass peer-to-peer or through neutral infrastructure, or must they route through corporate servers?
Social Graph Portability: Can the user export their list of followers/friends and reconnect with them on a different platform?
Algorithmic Interference: Is the connection mediated by an opaque algorithm (The Feed) that determines visibility?
Surveillance: Does the platform read/scan messages for advertising or training data?

Red Flag: "Walled Garden" architecture where users cannot message or follow users outside the platform.

Pillar III: Ground (Infrastructure Sovereignty)

Principle: The user must own the infrastructure their digital life is built on, not rent it from a landlord who can evict them.

Audit Checklist:

Data Ownership: Does the user legally and practically own their content? Can they export it in a standard, usable format (JSON/CSV/HTML), or is it locked in a proprietary garden?
Self-Hosting Capability: Can the user run their own instance of the infrastructure if they choose? (e.g., WordPress vs. Medium).
Exit Costs: How difficult is it to leave? Are there technical or social penalties for migrating?
The Shutdown Test: If the company goes bankrupt tomorrow, does the user's data and digital presence survive?

Red Flag: Systems where export tools are missing, broken, or provide incomplete data (e.g., PDF dumps without metadata).

3. The Power Analysis

Beyond technical features, the auditor must analyze the political economy of the platform.

Who Benefits? Identify the beneficiaries of sovereignty violations. Is it the platform (ad revenue), third parties (data brokers), or governments (surveillance)?
Who Loses? Identify the harms to users, creators, and communities (e.g., loss of audience, censorship, demonetization).
The Landlord Test: Does the platform have a fiduciary duty to investors that conflicts with user sovereignty? (e.g., the "Enshittification" cycle where user surplus is harvested for profit).

4. Scoring Methodology

Platforms are rated on a 5-point "Sovereignty Spectrum".

Score	Classification	Description	Example
1 Star	Feudal/Serfdom	Total platform control. Identity is leased, data is locked, exit is impossible without total loss.	Facebook, TikTok
2 Stars	Digital Tenancy	High convenience, low control. Limited export exists, but social graph is trapped.	Medium, Substack
3 Stars	Hybrid/Federalist	Portable data, but reliant on centralized servers. Exit is possible but painful.	Ghost (Managed), Signal
4 Stars	Sovereign Network	User owns identity and graph (federated). Infrastructure is shared but portable.	Mastodon (Hosted)
5 Stars	Sovereign Ground	Total ownership. User controls domain, data, and server. Uncensorable.	Self-hosted Website

5. Remediation Recommendations

The audit concludes with a "Preservation Action Plan" or "Sovereignty Roadmap" for the client.

1.Immediate Mitigation

Export data immediately. Set up parallel "owned" channels (e.g., email list, personal site).

2.Structural Shift

Begin migrating community to a protocol-based system (e.g., ActivityPub) or self-hosted infrastructure.

3.Bridge Building

Use tools to syndicate content from owned ground to rented platforms (POSSE: Publish on Own Site, Syndicate Elsewhere).

Final Deliverable: A "Sovereignty Audit Report" detailing vulnerabilities in Declaration, Connection, and Ground, with a specific roadmap for moving from Tenant to Architect.

Source Note

This protocol is derived from "Module 3: Designing for Sovereignty" and "Textbook Chapter 4: The Three Pillars."