At Start9, we see great value in maintaining clear and accurate documentation for our already simple and friendly products. These docs are a continuous work-in-progress, and we welcome contributions from our partners and customers.
@@ -18,6 +18,7 @@ Install sphinx and dependencies:
Embassy is a new kind of personal computer - one that sits quietly on your shelf and runs all day and night. It has no screen and no keyboard. You access your Embassy from anywhere in the world in total, trustless privacy, simply by visiting its unique Tor address (.onion URL) right from the browser.
Embassy is composed of commonly available hardware components that can be sourced and assembled by anyone, anywhere, for a marginal fee. Embassy is powered by EmbassyOS, the open-source operating system by Start9 Labs.
Embassy is composed of commonly available hardware components that can be sourced and assembled by anyone, anywhere, for a marginal fee. Embassy is powered by EmbassyOS, the open-source operating system by Start9.
So, what do you do with your Embassy? You use it to run services: Bitcoin, Lightning, personal cloud storage, P2P messaging, password management, etc. The list of available services is growing quickly and will eventually encompass the entirety of open-source, self-hosted software.
Every communication between you and your Embassy is end-to-end encrypted and onion routed over the Tor network. All services are open-source and self-hosted, meaning there are no trusted third parties of any kind.
To get an Embassy, you can :ref:`purchase<purchasing>` one directly from Start9 Labs, or you can :ref:`build one yourself<diy>`.
To get an Embassy, you can :ref:`purchase<purchasing>` one directly from Start9, or you can :ref:`build one yourself<diy>`.
For maximum convenience, you can purchase an Embassy device directly from Start9 Labs through our `Shopify Store <https://store.start9.com>`_. The device comes in a beautiful box, fully-assembled, and pre-installed with the latest version of EmbassyOS. We do our own hardware assembly and fulfillment, and we only collect the minimal information necessary to fulfill your order. And yes, we accept Bitcoin.
For maximum convenience, you can purchase an Embassy device directly from Start9 through our `Shopify Store <https://store.start9.com>`_. The device comes in a beautiful box, fully-assembled, and pre-installed with the latest version of EmbassyOS. We do our own hardware assembly and fulfillment, and we only collect the minimal information necessary to fulfill your order. And yes, we accept Bitcoin.
If you prefer to build your own Embassy, you can follow the :ref:`DIY Guide <diy>`.
@@ -21,7 +21,7 @@ Setting up Firefox with Tor on Desktop
Windows:
Click `here <https://registry.start9labs.com/sys/proxy.pac>`_ to get the file and save the file somewhere you won’t delete it. For this example:
Click `here <https://registry.start9labs.com/sys/proxy.pac>`_ to get the file and save the file somewhere you won’t delete it. Please remember the location you save the file in if you do not use our example location. For this example:
@@ -6,4 +6,4 @@ Setting up Firefox with Tor on iOS
Unfortunately, Apple does not allow tor to be run natively on iOS. This means that Firefox cannot be configured to use tor. This leaves the following options for iOS users:
You can use Start9 Labs' own Consulate Browser, which is available `here <https://apps.apple.com/us/app/start9-consulate-browser/id1528124570>`_, or you can select another Tor Browser by searching the `App Store <https://www.apple.com/us/search/onion-browser?src=serp>`_.
You can use Start9's own Consulate Browser, which is available `here <https://apps.apple.com/us/app/start9-consulate-browser/id1528124570>`_, or you can select another Tor Browser by searching the `App Store <https://www.apple.com/us/search/onion-browser?src=serp>`_.
Some apps, such as Tor Browser or Cups Messenger, have Tor built in. They do not require additional software or configurations to utilize Tor. Most apps, however, do not have Tor built in. They require an app called Orbot to be installed in order to utilize Tor.
Unfortunately, Apple does not allow tor to be run natively on iOS. This leaves 2 options for iOS users:
You can use Start9 Labs' own Consulate Browser, which is available `here <https://apps.apple.com/us/app/start9-consulate-browser/id1528124570>`_, or you can select another Tor Browser by searching the `App Store <https://www.apple.com/us/search/onion-browser?src=serp>`_.
You can use Start9's own Consulate Browser, which is available `here <https://apps.apple.com/us/app/start9-consulate-browser/id1528124570>`_, or you can select another Tor Browser by searching the `App Store <https://www.apple.com/us/search/onion-browser?src=serp>`_.
We have some work planned to improve the wait times, which we think is the better way to deal with painful sync times without sacrificing the trust minimization.
We have improvements on the way in mid-2021 to vastly improve the painful sync times, without sacrificing trust minimization.
I'm getting this error: unable to connect to bitcoind: -28: Loading block index... What do I do?
The block index error is normal and goes away after the Bitcoin blockchain has synced. If you have completed the Initial Blockchain Download (IBD), this will be a few minutes at most.
The Bitcoin Service is different from the GUI version I am used to using (bitcoin-qt). How to I use this like I used to?
At present, the Embassy does not offer its own node visualization tool. You can view certain properties about your node inside the "Properties" section, but not in an animated GUI. If you want to use bitcoin-cli, you may do so by adding an SSH key onto your Embassy and exec-ing into the bitcoind docker container. Otherwise, the main way to actually *use* your node is through a wallet. The QT GUI is not usable because it cannot be served through the browser (which is necessary here), and last we checked, the QT desktop client was incapable of connecting to a remote node over Tor. As far as we are aware, the only wallets that support this are Specter, Fully Noded, and Sparrow.
Does the Embassy run a full archival Bitcoin node?
The Embassy runs a full node, but does not run a full *archival* node, it's pruned. This means it does not store the entire Blockchain. As it syncs, it discards blocks and transactions it does not need.
It is fully validating and verifying consensus all the way from Genesis. Really, the only reason to store the entire Blockchain is if you want to run a block explorer. Learn more here: :ref:`node`.
It is fully validating and verifying consensus all the way from Genesis. Really, the only reason to store the entire Blockchain is if you want to run a block explorer. Learn more here: :ref:`node`. All this being said, it will be possible to run a full archival node on the Embassy in mid-2021, bringing this addtional functionality to those that would like it.
What actions, specifically, are only possible with an archival, or ‘unpruned’ node?
@@ -32,6 +28,69 @@ Is it insecure to run a pruned node?
------------------------------------
As a user, pruned nodes and archival nodes provide you the same security. In a larger sense, if 100% of people ran pruned nodes, the security of the network could be in dire circumstances and be put at risk if no nodes kept history, as then no one could bootstrap new nodes. The reality however, is that most Embassy owners are new node operators, so there is no net systemic risk introduced.
The Bitcoin Service is different from the GUI version I am used to using (bitcoin-qt). How do I use this like I used to?
At present, the Embassy does not offer its own node visualization tool. You can view certain properties about your node inside the "Properties" section, but not in an animated GUI. If you want to use bitcoin-cli, you may do so by adding an SSH key onto your Embassy and exec-ing into the bitcoind docker container. Otherwise, the main way to actually *use* your node is through a wallet. The QT GUI is not usable because it cannot be served through the browser (which is necessary here), and last we checked, the QT desktop client was incapable of connecting to a remote node over Tor. As far as we are aware, the only wallets that support this are Specter, Fully Noded, and Sparrow.
Is a wallet vulnerable to hacking if it’s always online??
Funds are not stored on the node typically. The node simply serves as a source of truth for the state of the blockchain. Attacks depend on where the keys are and where the signing happens. You can use something like a hardware wallet for better security. Though, to be fair, a lot of attacks depend on you or your machine being targeted specifically, and a whole bunch of attack vectors are highly theoretical and obscure.
Most successful attacks seem to be either fake/doctored software or a social attack (tricking you into installing some malware or giving your seed outright or something like that).
Keep in mind, however, the more value there is out there to steal, the more sophisticated attacks will get automated (bots, crawlers etc). So its not just the risk profile of today, but also tomorrow you have to consider. That’s why something like a hardware wallet or dedicated mobile device for key signing is a good idea.
Even if your wallet is plugged into your Embassy, whether your wallet is hot or cold depends on the hardware that stores the keys.
How does Bitcoin Proxy request (and verify) data when that data is needed by some app using it?
Proxy fetches blocks from your pruned node if it still has them, and fetches them from peers when it does not. Proxy can ensures the fetched block is valid by comparing it to its header, which is retained by the pruned node. The header is a product of the hash of the block itself, amongst other things, so it can't be
What is the difference between the Bitcoin Wallet Tracker and the Electrum Personal Server?
Bitcoin Wallet Tracker and Electrum Personal Server are 2 services that do the same thing, similar to bitcoind vs btcd, or lnd vs c-lightning.
Both work with your Bitcoin node to provide a richer set of information to wallets than could be done with bitcoind alone. They are basically identical in purpose, their differences are notably in the software memory requirements and how snappily they can answer the same questions.
Electrum (and some other wallets) require more than just a Bitcoin node to run in a sovereign way, they require an “Electrum Server”. Both Electrum Personal Server and Bitcoin Wallet Tracker are “Electrum servers”.
How do I use Bitcoin Core as a wallet?
--------------------------------------
Bitcoin Core is a full node that also contains wallet functionality. Some will be familiar with Bitcoin-QT, which is a Bitcoin Core GUI that for a long time was the only available wallet. This is currently not compatible with the Embassy.
You can use the wallet in Bitcoin Core, however it is for advanced users and is only available in the command line via SSH.
It is helpful to think of the Bitcoin Core service on the Embassy as your own personal Bitcoin Server. This is your own verified source of truth of the Bitcoin ledger, that requires no permission for you to set up and own. The job of your Bitcoin server is to verify that the transactions you want to make and receive are valid.
There are modern wallets that have the ability to use your personal Bitcoin node as a source of truth, and with the advantages of additional security and advanced features. This also follows the Linux mantra of "do one thing and do it well." The recommended way to use Bitcoin with your Embassy’s Bitcoin node is with an external wallet.
The available wallets are listed in the following FAQ.
Which wallets can I use that sync with my Embassy Bitcoin node?
The only currently available external options are FullyNoded and Specter. Within the Embassy, BTCPayServer is available, which offers a wallet that is automatically connected to your Embassy's Bitcoin Core node. Keep in mind that this first and foremost a payment gateway, rather than a personal wallet. Unforutnately, this is still not a popular functionality in Bitcoin wallets. We are in communication with several wallet developers about adding Tor full node support.
Is there a guide for connecting Specter Wallet to my Embassy?
There is. Please follow the integration guide `here <https://github.com/Start9Labs/bitcoind-wrapper/tree/master/docs/integrations/specter>`_ and select the tutorial based on your operating system.
More guides, particularly in video form, are forthcoming.
Is BlueWallet an option?
------------------------
BlueWallet requires a separate backend service called LNDHub, which is not available on the Embassy at this time.
I want to use my hardware signer, such as Coldcard or Trezor, with my Embassy. How does this work?
You would use your hardware signer with your wallet, then instruct that wallet to use Embassy as its node.
- Nodes are for interacting with the Bitcoin network: enforcing consensus rules, validating and relaying blocks/transactions, and broadcasting transactions.
- Wallets are for constructing and viewing transactions, as well as generating addresses.
- Signers are for generating and storing keys, as well as signing transactions.
The reason there is so much confusion about these 3 concepts is that the Bitcoin Core Node comes with its own Wallet (which you should not use), and that wallet is also a signer. In fact, most wallets double as signers, and most wallets do NOT support connecting to your own node. So, most wallets are actually serving as a wallet, a node, and a signer, which might be convenient, but it is neither trustless nor maximally secure. Ideally, you are using a wallet that supports both integrating with a hardware signer (like Coldcard or Trezor) AND a backend node (like on the Embassy).
Please note: of the wallets listed (Specter/Sparrow/Electrum), only Specter is currently able to use Embassy as it's node, but the other two should be available soon.
Why would I want to run a lightning node?
-----------------------------------------
The Lightning Network (LN) is a second 'layer,' built on top of the Bitcoin Protocol. As a result all transactions on LN are backed up by the full security of the Bitcoin network. Lightning is designed for instant payments between nodes, but similar to running a Bitcoin node, running your own is the only way to be sovereign. When you have your own node, you will have the convenience of linking a Lightning wallet, for use on the go. It is also possible to earn an income (granted a very small one at this time), if you are willing to learn how to become a 'routing node.'
@@ -53,55 +112,6 @@ Is there a solution to this?
----------------------------
Yes, the concept of a Watchtower was originally conceptualized in the LN whitepaper. A Watchtower is simply a lightning node to which you can give the authority to monitor transactions associated with your open payment channels.
Is a wallet vulnerable to hacking if it’s always online??
Funds are not stored on the node typically. The node simply serves as a source of truth for the state of the blockchain. Attacks depend on where the keys are and where the signing happens. You can use something like a hardware wallet for better security. Though, to be fair, a lot of attacks depend on you or your machine being targeted specifically, and a whole bunch of attack vectors are highly theoretical and obscure.
Most successful attacks seem to be either fake/doctored software or a social attack (tricking you into installing some malware or giving your seed outright or something like that).
Keep in mind, however, the more value there is out there to steal, the more sophisticated attacks will get automated (bots, crawlers etc). So its not just the risk profile of today, but also tomorrow you have to consider. That’s why something like a hardware wallet or dedicated mobile device for key signing is a good idea.
Even if your wallet is plugged into your Embassy, whether your wallet is hot or cold depends on the hardware that stores the keys.
How does Bitcoin Proxy request (and verify) data when that data is needed by some app using it?
Proxy fetches blocks from your pruned node if it still has them, and fetches them from peers when it does not. Proxy can ensures the fetched block is valid by comparing it to its header, which is retained by the pruned node. The header is a product of the hash of the block itself, amongst other things, so it can't be
What is the difference between the Bitcoin Wallet Tracker and the Electrum Personal Server?
Bitcoin Wallet Tracker and Electrum Personal Server are 2 services that do the same thing, similar to bitcoind vs btcd, or lnd vs c-lightning.
Both work with your Bitcoin node to provide a richer set of information to wallets than could be done with bitcoind alone. They are basically identical in purpose, their differences are notably in the software memory requirements and how snappily they can answer the same questions.
Electrum (and some other wallets) require more than just a Bitcoin node to run in a sovereign way, they require an “Electrum Server”. Both Electrum Personal Server and Bitcoin Wallet Tracker are “Electrum servers”.
I want to use my hardware signer, such as Coldcard or Trezor, with my Embassy. How does this work?
You would use your hardware signer with your wallet, then instruct that wallet to use Embassy as its node.
- Nodes are for interacting with the Bitcoin network: enforcing consensus rules, validating and relaying blocks/transactions, and broadcasting transactions.
- Wallets are for constructing and viewing transactions, as well as generating addresses.
- Signers are for generating and storing keys, as well as signing transactions.
The reason there is so much confusion about these 3 concepts is that the Bitcoin Core Node comes with its own Wallet (which you should not use), and that wallet is also a signer. In fact, most wallets double as signers, and most wallets do NOT support connecting to your own node. So, most wallets are actually serving as a wallet, a node, and a signer, which might be convenient, but it is neither trustless nor maximally secure. Ideally, you are using a wallet that supports both integrating with a hardware signer (like Coldcard or Trezor) AND a backend node (like on the Embassy).
Please note: of the wallets listed (Specter/Sparrow/Electrum), only Specter is currently able to use Embassy as it's node, but the other two should be available soon.
Which wallets can I use that sync with my Embassy Bitcoin node?
There are many wallets that support linking to your own full node. You will need one that supports Tor. Here are a few options that are compatible: FullyNoded, Samourai, Specter, Wasabi, Zap, and Zeus.
Is there a guide for connecting Specter Wallet to my Embassy?
There is. Please follow the integration guide `here <https://github.com/Start9Labs/bitcoind-wrapper/tree/master/docs/integrations/specter>`_ and select the tutorial based on your operating system.
More guides, particularly in video form, are forthcoming.
Is BlueWallet an option?
------------------------
BlueWallet requires a separate backend service called LNDHub, which is not available on the Embassy at this time.
Is it possible to run c-lightning and lnd parallel on the Embassy?
@@ -51,12 +51,12 @@ EmbassyOS is a custom-built Linux distribution, which is a stripped down and bee
* Upgrade your Embassy software with the latest features and security updates
* Backup services, and restore from backups if needed
Start9 Labs augmented the original Raspbian OS to include:
Start9 augmented the original Raspbian OS to include:
* a custom application management layer, specialized for installing, running, and backing up .s9pk packaged services
* a layer responsible for Embassy specific operations, such as Tor, Backups, and Notifications
The .s9pk extension is Start9 Labs' custom package format based on tar. It encompasses the necessary components to compress, host, and install a service on the marketplace.
The .s9pk extension is Start9's custom package format based on tar. It encompasses the necessary components to compress, host, and install a service on the marketplace.
What are EmbassyOS Services?
----------------------------
@@ -76,7 +76,7 @@ Yes.
Is the software Open Source?
----------------------------
Yes! EmbassyOS is open sourced under the `Start9 Personal Use License <https://start9labs.com/license>`_. Some of our other projects are currently open sourced under MIT. You can find these in the Start9 Labs `GitHub repository <https://github.com/Start9Labs>`_.
Yes! EmbassyOS is open sourced under the `Start9 Personal Use License <https://start9.com/license>`_. Some of our other projects are currently open sourced under MIT. You can find these in the Start9 `GitHub repository <https://github.com/Start9Labs>`_.
Cups does not have multiple accounts support. Each person would need their own Embassy. We are considering adding multi-account support to Cups, but it's just not a priority at the moment.
Is the embassy able to connect to Sphinxchat?
---------------------------------------------
We have added Sphinx as an Embassy service. Please see the announcement `here <https://start9labs.medium.com/new-service-sphinx-chat-2cd4f40d3f05>`_ and check the Marketplace to start using Sphinx!
How can I fix issues with Sphinx?
---------------------------------
If you are on Android, make sure Orbot is setup correctly, and if it is, try to restart it or your device. If you still have issues, *back up your keys,* delete all app data from your phone, uninstall, restart the Sphinx service on your Embassy, then reinstall and import your keys.
I get an error ("Unlock Wallet Failed") when trying to log in to RTL, what can I do?
Yes, but only in a tor-enabled browser. Just add your .onion address as the server in the extension.
Yes, but only in a tor-enabled browser. Just add your .onion address as the server in the extension. Make sure that http:// is at the beginning, and NOT https://, as this will not work.
I want to use BTCPayServer on my website, but Tor is the only option, how can visitors access my BTCPay on clearnet?
@@ -36,7 +36,7 @@ Unfortunately, no. Google has not included support for .local addresses via mDN
Is the software Open Source?
----------------------------
Yes! EmbassyOS is open sourced under the `Start9 Personal Use License <https://start9.com/license>`_. Some of our other projects are currently open sourced under MIT. You can find these in the Start9 Labs `GitHub repository <https://github.com/Start9Labs>`_.
Yes! EmbassyOS is open sourced under the `Start9 Personal Use License <https://start9.com/license>`_. Some of our other projects are currently open sourced under MIT. You can find these in the Start9 `GitHub repository <https://github.com/Start9Labs>`_.
EmbassyOS supports accessing alternative marketplaces by configuring a system file. Start9 Labs is not responsible for issues encountered by downloading services from alternative marketplaces.
EmbassyOS supports accessing alternative marketplaces by configuring a system file. Start9 is not responsible for issues encountered by downloading services from alternative marketplaces.
After SSH-ing into the Embassy, run the following commands::
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Lucy C
