Final ranking (composite scores)
Composites are weighted sums of the ten criteria (0–100 each). The top cluster is tight; small weight shifts can reorder the top five. The bottom tier is structurally separated (reseller/upstream dependence + higher entanglement).
| Rank | Provider | Primary signal | Composite |
|---|---|---|---|
| #1 | FlokiNET — flokinet.is | Battle-tested free-speech / “safe harbor” posture, multi-jurisdiction DCs, KYC-light signals (incl. cash option cited in directories) | 81.0 |
| #2 | MyNymBox — mynymbox.io | Email-only account model + crypto-only billing (in-house gateways), Nevis corporate anchor, strong cypherpunk payments stack | 80.6 |
| #3 | 1984 Hosting Company — 1984.hosting | Icelandic jurisdiction + explicit free-software posture + long operational history, with documented (and admitted) logging reality | 79.4 |
| #4 | Host4Coins — host4coins.net | BTC/LN-only + email-only signup + explicit “not a reseller” claim; constrained by EU/CH jurisdiction and stricter abuse posture | 79.3 |
| #5 | Privex — privex.io | Crypto-only rails + Belize corp + explicit minimal collection (aliases allowed), with unusually specific “what we don’t log” claims | 79.0 |
| #6 | Njalla — njal.la | “Privacy as a Service” domain shield model (domain registered to Njalla), strong KYC-light signup options, but high reliability/support controversy | 74.3 |
| #7 | Servers.guru — servers.guru | Cheap anon-ish VPS if paid with crypto; explicitly described as a reseller + Cloudflare-fronted web surface in directories | 68.2 |
Scoring model (criteria + weights)
Each criterion is scored 0–100. Composite score is a weighted sum: Σ(Ni × wi). Weights reflect the adversarial re-audit: logging/retention and abuse/LEA posture are treated as first-class, and “anti-Synthetic entanglement” is explicitly included (even though OSINT visibility varies).
| Code | Criterion | Weight | Definition (what “high score” means) |
|---|---|---|---|
| N1 | Payment sovereignty | 0.13 | BTC/LN purity, crypto-only rails, self-hosted processing (e.g., BTCPay-style), minimal third-party processors |
| N2 | Signup / KYC / PII | 0.13 | Email-only / alias-friendly, no required name/address/ID, explicit minimal account data collection |
| N3 | Logging & retention | 0.14 | Clear “what is logged + for how long” posture; minimal logging; no hidden analytics; honesty rewarded (even if logs exist) |
| N4 | Jurisdiction & corporate structure | 0.11 | Legal distance and/or speech-protective environment (e.g., Iceland; offshore anchors like Nevis/Belize) |
| N5 | Abuse / LEA / censorship posture | 0.14 | High threshold for takedown; strong free-speech posture; explicit resistance to low-grade complaints; clear process for legal requests |
| N6 | Infrastructure control | 0.10 | Own ASN/hardware/network control; not a pure reseller; minimal upstream chokepoints |
| N7 | FOSS / BTC / XMR culture | 0.07 | Explicit free software alignment; cypherpunk money posture; visible alignment with self-hosting/sovereign tooling |
| N8 | Track record & legal history | 0.10 | Years in operation; survival through controversies; transparency around incidents and fixes |
| N9 | Anti-Synthetic-Stack alignment | 0.05 | Lower entanglement with hyperscalers/VC/Big SaaS; fewer external control-plane dependencies (when visible) |
| N10 | Operational reliability & support | 0.03 | Uptime and operational maturity; support pattern evidence (not “tone,” but functional resolution) |
Score matrix (Ni values)
Scores are 0–100 per criterion, followed by the weighted composite. Links to the key policy/evidence anchors appear throughout the provider sections below.
| Provider | N1 | N2 | N3 | N4 | N5 | N6 | N7 | N8 | N9 | N10 | Composite |
|---|---|---|---|---|---|---|---|---|---|---|---|
| FlokiNET | 85 | 90 | 68 | 85 | 88 | 80 | 72 | 82 | 75 | 68 | 81.0 |
| MyNymBox | 92 | 99 | 60 | 85 | 80 | 85 | 85 | 60 | 80 | 78 | 80.6 |
| 1984 Hosting | 75 | 55 | 65 | 92 | 88 | 90 | 95 | 90 | 75 | 85 | 79.4 |
| Host4Coins | 100 | 95 | 60 | 70 | 62 | 88 | 93 | 75 | 80 | 80 | 79.3 |
| Privex | 85 | 80 | 72 | 80 | 80 | 78 | 80 | 80 | 72 | 82 | 79.0 |
| Njalla | 75 | 90 | 55 | 83 | 70 | 78 | 80 | 72 | 80 | 55 | 74.3 |
| Servers.guru | 80 | 85 | 60 | 65 | 70 | 50 | 65 | 70 | 50 | 80 | 68.2 |
Why the top five are so close [expand]
- Host4Coins dominates on N1/N2/N7 but drops on N4/N5 due to EU/CH footprint and strict abuse language (house rules).
- MyNymBox dominates on N2 and is strong on N1/N6, but is capped by newness and incomplete OSINT on runtime logging (privacy policy).
- FlokiNET is strong on N4/N5/N8 (safe-harbor posture + long runway), but reliability reviews are mixed (Trustpilot).
- 1984 wins on N4/N7/N8 (Iceland + FOSS + longevity) but loses on N2 and admits IP/logging in policy (GDPR policy).
- Privex is unusually explicit about “what we don’t log” on ordering/browsing (privacy policy), but collects more order metadata than email-only shops.
Provider deep dives (final)
Each section keeps links embedded exactly where the relevant claim appears (policies, official docs, review surfaces, and third-party directories).
#1 — FlokiNET (Composite: 81.0)
Summary signals: established “safe harbor” narrative for free speech/whistleblowers is repeated in multiple public surfaces (e.g., Trustpilot company text and hosting directories), with multi-jurisdiction DC presence cited in third-party reviews. (Trustpilot “Written by the company”, HostAdvice, KYCnot entry)
Key strengths [collapse]
- N5 (Abuse/LEA posture): consistently marketed as a safe-harbor/free-speech provider across major public surfaces (Trustpilot, HostAdvice).
- N4 (Jurisdiction/DC spread): DCs cited in Iceland + Romania + Netherlands + Finland (HostAdvice summary).
- N2 (KYC-light signals): “cash payment” option highlighted on KYCnot (KYCnot).
- N8 (Track record): established in 2012 (repeated across multiple surfaces) (Trustpilot).
Key weaknesses / trade-offs [collapse]
- N10 (Reliability/support): mixed public review pattern (positive and negative clusters) (Trustpilot, HostSearch review surface).
- N3 (Logging/retention): runtime logging specifics are not uniformly disclosed on public policy pages; conservative scoring applies.
- N1 (Payment sovereignty): strong crypto posture (including Monero per KYCnot), but not “BTC-only” purity (KYCnot payment tags).
Primary links used: official site · KYCnot · Trustpilot · HostAdvice
#2 — MyNymBox (Composite: 80.6)
MyNymBox’s policy surface explicitly ties account registration to an email (aliases allowed) and describes crypto payment handling, including in-house gateways plus third-party processing for “all other crypto payments.” (Privacy Policy, About (founded 2024))
Key strengths [collapse]
- N2 (Signup/PII): account registration processes the provided email; aliases/anonymous email services explicitly allowed (Account registration section).
- N1 (Payment sovereignty): crypto payments include Bitcoin + Lightning + Monero (and more), with in-house gateways for major rails (Payments and payment records).
- N6 (Infra control proxy): provider is listed on KYCnot; real infra signals exist, but OSINT visibility remains limited in this page set (KYCnot entry).
- N4 (Jurisdiction anchor): explicit offshore company naming (“Mynymbox Hosting LLC”) in policy surface (Who we are).
Key weaknesses / trade-offs [collapse]
- N8 (Track record): founded in 2024; limited long-horizon evidence under sustained lawfare/pressure (About).
- N3 (Logging/retention): the policy focuses on account data + payment records + legal requests; runtime traffic logging specifics are not fully enumerated (Policy page).
- N5 (LEA posture): states compliance with “valid, binding, properly scoped legal requests” and limits response to minimal data held (Data sharing and disclosures).
Primary links used: official site · privacy policy · about · ToS (client portal) · KYCnot
#3 — 1984 Hosting Company (Composite: 79.4)
1984’s GDPR policy is unusually explicit about what they log (IP address, time/duration, pages viewed, and system details) when services are accessed. This transparency improves auditability while confirming that logs exist. (GDPR policy, official site)
Key strengths [collapse]
- N4 (Jurisdiction): Icelandic base is a major lever for speech and privacy positioning (site).
- N7 (FOSS posture): strongly framed as a free-software-aligned host (public-facing positioning) (site).
- N8 (Track record): long operation since 2006 is part of the provider’s identity and public footprint (site).
- N6 (Infra control): positioning indicates own Icelandic data center operations rather than a hyperscaler skin (site).
Key weaknesses / trade-offs [collapse]
- N3 (Logging): policy explicitly states logging of IP address, visit duration, page duration, and system info (GDPR policy).
- N2 (Signup/PII): as a conventional host, normal customer and service data are processed; not an email-only model (GDPR policy).
- N10 (Reliability signal is mixed): public reviews include both strong praise and sharp criticism; Trustpilot reflects a moderate average (Trustpilot, HostAdvice reviews).
Primary links used: official site · GDPR policy · Trustpilot
#4 — Host4Coins (Composite: 79.3)
Host4Coins explicitly states BTC-only + Lightning payments and email-only required info, and also states it is not an AWS/OVH reseller (except for domain names) in its docs. (house rules, docs)
Key strengths [collapse]
- N1 (Payment sovereignty): “only accepts Bitcoin and Bitcoin over Lightning Network payments” (house rules).
- N2 (Signup/PII): “only required information is a valid email address” (house rules).
- N6 (Infra control): docs state physical servers + network are owned/managed in-house; “no third party involved” (docs).
- N7 (BTC culture): deep alignment with self-hosted Bitcoin infrastructure, reinforced by their operating model and documentation posture (docs).
Key weaknesses / trade-offs [collapse]
- N5 (Abuse posture): “immediately suspended” on abuse report; terminated if not fixed within 48 hours; explicit warning against illegal activity in EU/CH regions (house rules).
- N4 (Jurisdiction): servers located in France and Switzerland (Zurich) (house rules).
- N3 (Logging): no detailed public logging/retention policy visible on the primary service page; conservative mid-score applied.
Primary links used: host4coins.net · docs.host4coins.net
#5 — Privex (Composite: 79.0)
Privex’s privacy policy is unusually detailed: it lists order form data collected (aliases allowed), and explicitly claims not logging IP for orders, not using tracking cookies, and disabling access logs on web servers. (Privex privacy policy)
Key strengths [collapse]
- N3 (Logging/retention clarity): “We do NOT log your IP address when making an order” + “do NOT use tracking cookies” (policy).
- N2 (PII minimization): “Your name (Pseudonym’s / Aliases are fine)” plus email and service metadata (policy).
- N1 (Payment sovereignty): crypto-centric posture; policy focuses on minimal order data rather than fiat rails (site).
- N8 (Track): multi-year public presence and stable policy footprint (policy (last updated 2019)).
Key weaknesses / trade-offs [collapse]
- N2 trade-off: collects hostname, purpose of use, selected operating system, package, timestamp (beyond email-only) (policy).
- N5 (Abuse/LEA posture): privacy-forward but less “DMCA-resistance / whistleblower host” branding than FlokiNET; treated as mid-high rather than maximal.
- N4 (Jurisdiction nuance): Belize corporate anchor helps, but infra location mix and upstream dependencies remain partially opaque in OSINT.
Primary links used: privex.io · privacy policy
#6 — Njalla (Composite: 74.3)
Njalla’s model is structurally distinct: domains are registered with Njalla as registrant while granting full usage rights to the customer. This provides privacy shielding but creates a single legal choke point (registrant is Njalla). (About, FAQ, DomainIncite explanation)
Key strengths [collapse]
- N2 (Signup options): signup explicitly allows email or XMPP (OMEMO/OTR mentioned) (signup page).
- N5 (controversial content tolerance, bounded): public discourse and historic framing indicate tolerance with subjective political boundaries (DomainIncite).
- Domain shield mechanics: “we will be the actual registrant… you still have full control” (About, FAQ).
Key weaknesses / trade-offs [collapse]
- N10 (Reliability/support controversy): very negative review surface on Trustpilot and similar forums (Trustpilot).
- N8 (entity drift risk): OSINT claims of corporate/jurisdictional change without clear broadcast to customers (Caution post, Hacker News discussion).
- N3 (logging/retention uncertainty): ToS exists, but privacy transparency is widely debated; conservative logging score applied (ToS).
- Structural choke point: because Njalla is registrant, adverse action can instantly sever domains even if customer data is minimal (FAQ model).
Primary links used: njal.la · about · terms · Trustpilot · DomainIncite
#7 — Servers.guru (Composite: 68.2)
Servers.guru is described in major privacy directories as a reseller and is shown as Cloudflare-fronted (ASN details) in the directory’s web check panel. This is the central reason it remains lower-tier for “sovereign base layer” use. (Awesome Privacy entry, privacy policy, Trustpilot)
Key strengths [collapse]
- N1 (Payments): accepts crypto including Monero and Bitcoin plus additional rails (site).
- N2 (KYC-light if paying crypto): privacy policy encourages crypto to minimize identity leakage; card payments tie identity (privacy policy).
- N10 (Operational sentiment): Trustpilot surface contains multiple positive “cheap/reliable/support fast” reviews (Trustpilot).
Key weaknesses / trade-offs [collapse]
- N6 (Infra control): explicitly described as “resell from reputable providers” (Awesome Privacy).
- N9 (Anti-Synth entanglement): directory web check shows Cloudflare surface (ISP/ASN), implying an extra external chokepoint (Awesome Privacy (server details)).
- N5 (Abuse posture): terms reference compliance with US or German laws (conventional posture) (terms).
Primary links used: servers.guru · privacy policy · terms · Awesome Privacy · Trustpilot
Scenario reading: which providers “win” under different priorities
The same matrix produces different champions depending on which objective is treated as absolute. Below are the dominant scenario pivots and why they move the order.
Hard Bitcoin maximalism (BTC/LN purity + email-only) [collapse]
- Host4Coins dominates: BTC/LN-only + email-only signup + explicit “not a reseller” (house rules, docs).
- MyNymBox is the closest peer when “no personal data beyond email” is treated as the hard gate (privacy policy).
Battle-tested free-speech / controversial content tolerance [collapse]
- FlokiNET leads due to persistent “safe-harbor” positioning + long runway (Trustpilot company text, HostAdvice).
- 1984 becomes a strong anchor when Icelandic jurisdiction + long history are weighted above signup anonymity (site, GDPR/logging policy).
Conservative “base layer” infra (jurisdiction + longevity + transparency) [collapse]
- 1984 rises because long track record + explicit policies reduce unknown unknowns (GDPR policy).
- Privex becomes more attractive because it is unusually explicit about what is not logged during ordering/browsing (privacy policy).
Domain shield games (WHOIS privacy + proxy registrant model) [collapse]
- Njalla is structurally unique: Njalla as registrant shields registrant identity, but concentrates legal action risk (FAQ, DomainIncite).
- MyNymBox markets anonymous domain registration + WHOIS privacy, but the legal model differs (policy-first rather than proxy-registrant) (domain registration page).
Limits & uncertainty (what OSINT cannot fully prove)
Even with aggressive scrutiny, several critical properties are partially invisible without direct audits, subpoenas, or insider evidence. The scoring model reflects this by being conservative on runtime logging and by penalizing reseller structures where upstream control dominates.
Snapshot note: This page reflects publicly visible policies and public surfaces as accessed in early 2026. Where a primary policy was inaccessible in tooling (timeouts), corroborating public surfaces were used instead (e.g., Trustpilot company text + KYCnot entries).
Copy/paste usage
This is a single-file HTML page with embedded CSS. Save as sovereign-hosting-atlas.html and open locally.