Encrypted data and files can be synchronized with Edgi Base using privacy-preserving technology, including with other users or groups.
Data synchronization can happen peer-to-peer between different browsers and users and as a fallback in case of an outage of Edgi Base.
Data can be shared with other users/group through workspace/folder/document shares on Edgi Base or through peer-to-peer sharing.
Collaborative Apps support concurrent multi-user sessions on shared data.
Edgi OS supports many different types of apps and extensions. Apps can be built-in, installed from the Edgi Store, or simply loaded onto the filesystem by the user.
Some built-in apps are:Registered users can install free or paid apps from the Edgi App Store.
Apps are either compiled to javascript or WASM, and can be run sandboxed and with limited permissions, with or without UI.
The API available to apps emulates the Linux syscall API, and we are aiming to achieve increasing coverage and compatibility. For UI apps, Edgi OS uses the Block Protocol to load and interface with exported components.
The create-edgi-app
command can be used to quickly get started with any of the above.planned: 0.0.1
#!/bin/bash echo Hello, Bash World!
#!/usr/bin/perl print("Hello, Perl World!\n");
#!/usr/bin/env edgi-run --worker import { STDOUT } from "@edgi-sdk/syscall-api"; import { init, process } from "@edgi-sdk/node-api"; export function main(task) { task.syscall.pwrite(STDOUT, "Hello, Syscall API World!\n"); init(task); process.stdout.write("Hello, Node API World!\n"); return 0; }
#!/usr/bin/env node process.stdout.write("Hello, NodeJS World!\n");
#!/usr/bin/env edgi-run --window import { LitElement } from "@lit"; export function main(task) { task.wm.createWindow(); return 0; } export class MyWindow extends LitElement { }
#!/usr/bin/env edgi-run --service export function main(task) { const notify = () => { task.wm.showNotification('hello', 'Hello, Service World!') setTimeout(notify, 3000); } setTimeout(notify, 500); return new Promise(() => {}); }
#include <stdio.h> int main(int argc, const char** argv) { printf("Hello, C World\n"); return 0; }
#!/bin/bash -e emcc $CFLAGS $LDFLAGS -o myapp myapp.c
# 1. Install docker and npm # 2. Install edgi-scripts package npm install -g edgi-scripts # 3. Run build.sh in docker with emscripten npx run -g edgi-scripts embuild
Edgi OS uses encryption keys derived from your password & account key to encrypt all data before it leaves your device.
When you sign in to Edgi Cloud, it releases your encrypted account key which is decrypted inside your browser using your password. This way, Edgi Cloud never has access to your private account key and cannot read your encrypted data. The Edgi Cloud Vault is designed to operate on encrypted data only, and to retain as little metadata about the structure and access to your content as possible, meanwhile providing secure persistent data storage and real-time synchronization and sharing between devices and users.
If you lose your password, your data cannot be recovered unless you set up one or more key recovery procedures, such as:
Apps that you run are isolated (sandboxed) from each other and the Edgi OS core in a similar way to how the browser isolates different websites you visit. Apps are granted access to your data through a fine-grained permission system that you control. The code and data for apps are integrity checked each time they are loaded, against a digital certificate signed by the package maintainer and saved at install time.
Depending on the type and trust level of different apps and extensions, they can be sandboxed and restricted through various mechanisms all of which leverage the strong security assurances afforded by modern browsers.
Apps installed from the official Edgi Marketplace and Edgi OS itself go through a review process, but even then, security incidents may happen, which we disclaim responsibility for. The permission system may help to limit damage in case of a compromised 3rd party application. Any software or data originating from other sources are your own responsibility. This is all as you would expect from an operating system. Apps can also be granted "trusted" status, in which case they can run directly in the browser context of the window manager or of other apps, without iframe sandboxing, potentially giving them access to the data of other apps should the misbehave. This is used by built-in apps to increase performance.
No tracking cookies or other tracking mechanisms are used. Saved browser data/history cannot be used to identify you unless you sign in. When you sign in to Edgi Cloud, we obviously know about it.
In order for us to have the slightest clue of how people are using the website, we collect anonymous information about where the website is accessed from, and we may also collect anonymous usage data on the front page of edgiweb.com. No automatic analytics are performed within Edgi OS, unless you specifically request and send it for a bug report or similar.
You can optionally choose to store your encrypted account keys and cached/modified data in your local browser storage for the page.
Risk:
Mitigations:
Risk:
Mitigations:
Risk:
Mitigations:
planned: 0.2.0
In order to keep data private, background tasks that process data cannot be handled directly by Edgi Cloud, e.g., processing media files and maintaining a private search index. For this reason it can be useful to run background tasks on a remote device with access to your encrypted data.
In this case, the remote device could also back up your data and make it available when logging in from other devices, either as a fallback or substitute for the Edgi Cloud Vault service. (see this guide)
Apps can run as background tasks in remote Edgi OS sessions. A remote session could be on a different, logged-in device, either in a browser tab or running in NodeJS or Deno.
A cheap setup could be an old phone or laptop on a charger, with the Edgi website open and logged in. (see this guide)
Or, you could run Edgi OS using NodeJS or Deno on any server, for example on fly.io. (see this guide)
An option that will be offered by Edgi Cloud is running background tasks in an AWS nitro instance that can be certified to run an unmodified Edgi OS release. After validating the instance, you can securely send it encrypted login/sharing keys, data files, and commands needed to perform the desired tasks.
Edgi OS supports IPv4, IPv6 and UNIX domain sockets, and can connect to Tailscale VPN networks.
Different Edgi OS sessions, in different tabs, browsers, devices or servers can be networked together.
The following IP features are supported:planned: 0.1.0
planned: 0.1.0
At its core, Edgi OS is a static website which can trivially be hosted anywhere, and even exported to a html file on a USB stick along with your dataplanned: 0.2.0.
If you wish to log in to Edgi Cloud Vault from a self-hosted site, you need to register a custom domain with the Edgi Cloud.planned: 0.2.0
Use your own internet domain name to directly access your customized private, team, or corportate Edgi workspace.planned: 0.2.0
Edgi will likely be relased under the BSL 1.1 source-available license with AGPLv3 as change license 4 years after a release.planned: 0.1.0
Official Edgi Cloud pricing will be confirmed after the beta. Draft prices:
Price: FREE
Price: from $5 /month
Price: from $20 /user/month
Enterprise: Contact sales.
Guest mode will always remain free.
Edgi makes money in the following ways: ads to free users, premium services, service contracts for businesses