What is the Embassy? What does it do?
The internet as we know it is organized into questioners, or clients, and answerers, servers. When you open a mobile email app, say Gmail, the app (client) begins asking questions: "have I received new mail?", "what are my last 50 messages?", "what drafts am I in the midst of writing?", and so on. Your app's questions are sent to and heard by a Google-run server which then provides answers back to the client and are subsequently displayed to the screen.
The Embassy is exactly that: your very own "answerer", just like Google's, except managed simply and with ease by and for you alone.
Why would someone want an Embassy?
When you see your credit card information on your banking app, your messages in your texting app, your passwords in your password management app, all of that information comes from somewhere in the cloud: some server run by some company somewhere on the planet. Who can see the data stored in that server? Who can edit it? -- It's not always clear, but the increasingly common practice of selling your data to advertisers and the high-profile cyber-security breaches of the last decade suggest a pessimistic outlook.
One thing is for certain though: if you control your server, then you control your data. Your finances, your communications, all of it is actually yours -- and only yours -- with an Embassy.
How do I communicate with my Embassy?
Your Embassy is communicated with in two distinct ways. The Start9 Companion App communicates with your server over your local area network (LAN). This means that your phone and your server must be in physical proximity and connected to the same wifi network in order to communicate. It also means that a malicious 3rd party would have to actually be in the room with you in order to snoop your communications with your server.
In contrast, the sovereign apps installed to your Embassy are accessible to your phone anywhere in the world via the Tor network.
What is the Tor network?
When your phone makes a request of your Embassy, that request is first bundled in layers of encryption like the layers of an onion, giving Tor it's name: The Onion Router. That bundled request is then sent into the Tor network itself, a collection of volunteer "onion router" nodes which ricochet your request between themselves peeling off one layer of encryption at a time. If a malicious third party were to intercept your request, they would see a garbled mess of the remaining onion encryption, and would only know that it came from some onion router and was heading to some other onion router. In this way, the contents, source, and destination of the message are totally anonymized.
Finally the request is picked up by your Embassy fully decrypted so that it can reply to you with its own onion wrapped message.
What is a keychain? And what is a 12 word mnemonic?
A 'keychain' refers to a collection of cryptographic keys. These keys -- sequences of random letters and numbers -- can be used for many purposes, but in the context of your Embassy they are used to prove your identity. This is essential as only you should be able to access your Embassy.
The 12 word mnemonic is itself a key of sorts, but this one is far easier to read and remember than the generated random characters. Rather than used directly, this 12 word mnemonic is used to generate the various other keys your Embassy employs.
Warning! If someone else gets a hold of your 12 word mnemonic, they will be able to access your Embassy. Write down a backup, keep it secret and keep it safe.
What is EmbassyOS?
EmbassyOS refers to a custom Linux distribution along with a suite of software tools installed on your Embassy which makes it easy to:
- Install new sovereign apps
- Uninstall sovereign apps
- Upgrade sovereign apps
- Upgrade your Embassy software to future versions
- Manage your sovereign app data
I'm having trouble connecting to the Embassy with my Companion App. What can I do?
- Check that your phone is connected to the same wifi network as the router giving internet access to your
- Embassy via ethernet. This means in particolar you cannot be using cellular data.
- Ensure that your server has been running long enough for the startup chime noise to sound.
- Rarely, your Companion App may drop out of sync with your server. If this is the case, simply close the app and reopen it and you will see you are connected to your Embassy once again.
- If all of the above fail, please contact us at firstname.lastname@example.org.
I accidentally removed an Embassy from my Companion App. How can I reconnect?
You'll need to re-perform the initial setup of your server. With your Embassy plugged in nearby and connected to the same network as your phone, re-enter the product key in the Companion App when prompted and select a new friendly name. You should reconnect without issue.
I first installed the Companion App and connected to my Embassy with one phone, but now I have a different one. How can I communicate with my Embassy using my new phone?
Download the Companion App onto your new phone. When first opening the app, select “Restore Keychain” and enter the mnemonic passphrase you received when you first connected on your old phone.
I’ve lost my mnemonic passphrase, how can I connect to my Embassy?
First perform a soft reset on your Embassy (see below). Afterwards, simply re-add and connect to your server as with the initial setup of your server.
I’ve moved houses or changed wifi networks, how can I connect to my Embassy?
Simply connect your Embassy into the new router’s ethernet jack and power it on. As long as your phone is connected to the same network, your Companion App will be able to connect to it. Sovereign apps will be able to connect from anywhere.
What internet speed is optimal to run the private server?
Of course the faster the happier when it comes to internet speed, but ultimately the question boils down to the sovereign apps running on your Embassy. Your network speeds (and other server metrics) can be monitored within the Companion App.
What is a Soft Reset, and how do I do it?
Performing a Soft Resets requires physical access to your server and is necessary when you lose your mnemonic. It clears out the old master key from the server and it allows you to re-register a new one. No apps are removed and no data is lost during a soft reset.
- Unplug the server from power if it is currently plugged in.
- Perform a power cycle on the server: plug it back in, wait for the first beep, then unplug from power immediately.
- Perform a second power cycle just as above.
- Finally, plug the server back in once more, and after a few moments you will hear a distinct melody. This indicates a soft reset has been successfully completed. Keep the server plugged in and the server will start up with the typical chime. Now using the Companion app, you'll need to repeat the original setup with your server.
Warning! Continuing to power cycle your server will result in more and more destructive resets, ending in a fully factory reset Embassy with no apps or data remaining. Power cycle your server beyond the soft reset WITH EXTREME CARE.
Can I SSH into an Embassy?
Yes. After having setup your Embassy, navigate to its settings page and select "Developer Options". You will be able to add an SSH key at this point. Navigate to back to the settings page and select "Server Specs" to find your server's LAN IP address. “pi@” will be your ssh target.
Warning! SSH-ing into your server and making changes is roughly the equivalent of popping open your watch and fiddling directly with the clockwork. We can make no guarantees about the functioning of the server once you’ve SSH-ed in, and as such, adding an SSH key will void your warranty.