The “Expert Views” series of publications allows legal and technical practitioners in the cryptocurrency space to share their insight and opinions. The views expressed here are those of the author and not necessarily those of Coin Center.
With the launch of Bitcoin in 2009, Satoshi Nakamoto demonstrated a means of achieving distributed consensus (agreement over important data like Bitcoin transactions) at a planetary scale without the need for authorities or trust. This ignited a wave of new awareness and technological innovation with Bitcoin at the center and the front. There now exists a rich ecosystem of self-hostable, peer-to-peer, open source, decentralized applications (hereafter “Dapps”), including some that actually preceded Bitcoin such as Email and BitTorrent. What is lacking, however, is a comprehensive computing platform, including physical devices, that could support the streamlined and safe use of Dapps even by non-technical users who wouldn’t typically run their own servers or hold their own bitcoin.
While digital in nature, Dapps depend on a physical world that is filled with real people, and it is silly to think of them as existing outside of such. Every traditional “cloud service” used today, whether it’s storage, email and website hosting, or messaging, utilizes and relies upon centralized server infrastructure. Those critical servers are, more often than not, owned and controlled by a handful of powerful multinational corporations like Amazon, Microsoft, and Google. Even popular end-to-end encrypted messaging services, though vastly more privacy-preserving than typical chat apps, still rely on centralized infrastructure to relay messages. For Dapps to fulfill their promise of privacy and freedom and to stop them from being co-opted for antithetical ends, we need real world infrastructure and operational protocols that align in basic principle. In other words, if the hardware isn’t decentralized, neither are the Dapps that depend on that hardware for functionality. If using Dapps is not safe and easy, people won’t use them.
In an ideal world we’d use Dapps in place of several of the centralized internet services we rely upon today. Dapps, properly designed, depend on two technical paradigms that wildly differ from the typical centralized computing systems: “user-sovereignty” and “verification over trust.”
User-sovereignty means that every user must retain total and absolute control over his or her access to the Dapp, usually by holding a cryptographic private key. To be truly user-sovereign, Dapps should be designed such that users never entrust their keys to third party custodians. This is a longstanding maxim within the Bitcoin and cryptocurrency community and is best encapsulated by Andreas Antonopolous’ “Not your keys, not your coins.” Sovereign control over cryptographic keys can be important for all kinds of decentralized applications beyond Bitcoin: not your keys, not your emails, your files, your messages, your data.
Verification over trust also comes from a popular saying in the crypto-community, “Don’t trust, verify.” Generally speaking, it means that users shouldn’t need to rely on the good behavior of a service provider in order to perform the actions that they want to accomplish using an App. With Bitcoin as the example, users don’t have to trust a bank or any other middleman to send bitcoin to another user. They can directly form a transaction message on their device, broadcast it to the network, and have it recorded into the blockchain. Users can independently verify that their transaction has been completed as directed by checking the blockchain. Miners, in turn, can’t do anything to alter the transaction, all they can do is choose whether to put it in a block that they mine, and, because miners compete for fees, it’s reasonably certain that a valid transaction with competitive fees attached will eventually end up in a block. None of this requires trust, all of it can be verified.
In practice, a truly trustless setup requires running your own physical server to secure keys and download the substantial amounts of data relevant to the decentralized app, for example, the Bitcoin blockchain. That’s generally too much computing work for a mobile device, so if you want to interact with that server when you are out and about, a trustless setup would require communicating with that server over an encrypted and anonymous overlay network such as Tor. Many users struggle with proper key management and almost no one succeeds at setting up self-hosted infrastructure. Try explaining to a non-technical person how to run their own Bitcoin node or private email server over Tor, and you will begin to appreciate the need for a plug-and-play solution such as Start9’s Embassy.
The Embassy is a simple device. It has no moving parts, no buttons, and no screen – just a discrete black box that can be placed anywhere with a reliable internet connection. Owners can manage their Embassies from anywhere in the world using a mobile app on their phone, which acts as a private remote control. Remote communications between the mobile app and the Embassy are encrypted and onion routed over the Tor network; meaning there are no central servers or trusted third parties. No one can see the messages sent from your phone to your embassy and no one person or corporation forms an essential link in moving those messages back and forth. Since the Embassy runs on its own Tor Hidden Service, even potentially compromised Tor exit nodes are kept out of the loop.
Embassy owners can browse and install powerful Dapps with the click of a button. What previously took software developers hours, or even days, to accomplish can now be replicated by non-technical individuals in a matter of seconds. At the time of this writing, there are currently three Dapps available for the Embassy: Bitcoin Core, Bitwarden, and Cups Messenger. The first, Bitcoin Core, is hands down the easiest way to run a Bitcoin full node. By running a full node, Embassy owners are not only contributing to the health of the Bitcoin network, they are also able to use Bitcoin without trusting someone else to validate transactions or gate their access to the network. The second, Bitwarden, is a self-hosted password manager that enables users to have long, complex passwords for all their online logins but not have to remember any of them. All the passwords are encrypted and secured on the Embassy itself, so there is no need to entrust them to a third party. The last, Cups Messenger, is an instant messaging app with an unprecedented degree of privacy. Messages are not only end-to-end encrypted, they are also direct. There are no central servers or trusted third parties involved in the relaying of messages. Even well-regarded private messaging services like Signal and Telegram rely on central servers to relay encrypted messages. With Cups, messages are stored and relayed on the users’ own physical Embassy devices and nowhere else.
The Embassy is a new technology and should be treated with care. But if the model plays out, the implications are radical. The Embassy enables a world of personal clouds, where every user receives the benefits of cloud computing, including finance, messaging, and data storage tools – all without the cloud service providers, their subscription fees, or their inherent privacy and security risks. It also enables the private coordination of other IoT devices such as security cameras, smart speakers, electric cars, thermostats, even drones. Start9 Labs envisions a future where every individual has an entire fleet of personal robot servants, all aware of one another, all sharing data and cooperating, and none of it involving the cloud or trusted third parties.
Matt Hill is the Co-Founder and CEO of Start9 Labs.