Overview

Data Sync & Sharing

Encrypted data and files can be synchronized with Edgi Base using privacy-preserving technology, including with other users or groups.

Data synchronization can happen peer-to-peer between different browsers and users and as a fallback in case of an outage of Edgi Base.

Data can be shared with other users/group through workspace/folder/document shares on Edgi Base or through peer-to-peer sharing.

Collaborative Apps support concurrent multi-user sessions on shared data.

Apps

Edgi OS supports many different types of apps and extensions. Apps can be built-in, installed from the Edgi Store, or simply loaded onto the filesystem by the user.

Some built-in apps are:

App Store

Registered users can install free or paid apps from the Edgi App Store.

App Development

Apps are either compiled to javascript or WASM, and can be run sandboxed and with limited permissions, with or without UI.

The API available to apps emulates the Linux syscall API, and we are aiming to achieve increasing coverage and compatibility. For UI apps, Edgi OS uses the Block Protocol to load and interface with exported components.

• C/C++ apps are compiled to WASM with a patched version of emscripten.Emscripten SDK (@edgi-sdk/emsdk)
• Javascript/Typescript apps can use the Node APIplanned: 0.0.1 or the lower-level Edgi Syscall API.tested: 0.0.1
• UI apps and components are implemented as Reacttested: 0.0.1 or Littested: 0.0.1 components that implement the Block Protocol, and can also use the Node or Syscall APIs.
• Node appsplanned: 0.1.0
• Rust appsplanned: 0.1.0
• Python appsplanned: 0.1.0
• Go appsplanned: 0.2.0

The create-edgi-app command can be used to quickly get started with any of the above.planned: 0.0.1

Hello-World Apps

Bash Script

#!/bin/bash
echo Hello, Bash World!

Perl Script

#!/usr/bin/perl
print("Hello, Perl World!\n");

Javascript Command-Line Tool

#!/usr/bin/env edgi-run --worker
import { STDOUT } from "@edgi-sdk/syscall-api";
import { init, process } from "@edgi-sdk/node-api";
export function main(task) {
    task.syscall.pwrite(STDOUT, "Hello, Syscall API World!\n");
    init(task);
    process.stdout.write("Hello, Node API World!\n");
    return 0;
}

NodeJS app

#!/usr/bin/env node
process.stdout.write("Hello, NodeJS World!\n");

UI app

#!/usr/bin/env edgi-run --window
import { LitElement } from "@lit";
export function main(task) {
    task.wm.createWindow();
    return 0;
}
export class MyWindow extends LitElement {
}

Background Service

#!/usr/bin/env edgi-run --service
export function main(task) {
    const notify = () => {
        task.wm.showNotification('hello', 'Hello, Service World!')
        setTimeout(notify, 3000);
    }
    setTimeout(notify, 500);
    return new Promise(() => {});
}

C Hello World app

#include <stdio.h>
int main(int argc, const char** argv) {
    printf("Hello, C World\n");
    return 0;
}

#!/bin/bash -e
emcc $CFLAGS $LDFLAGS -o myapp myapp.c

# 1. Install docker and npm
# 2. Install edgi-scripts package
npm install -g edgi-scripts
# 3. Run build.sh in docker with emscripten
npx run -g edgi-scripts embuild

Data Encryption

Edgi OS uses encryption keys derived from your password & account key to encrypt all data before it leaves your device.

When you sign in to Edgi Cloud, it releases your encrypted account key which is decrypted inside your browser using your password. This way, Edgi Cloud never has access to your private account key and cannot read your encrypted data. The Edgi Cloud Vault is designed to operate on encrypted data only, and to retain as little metadata about the structure and access to your content as possible, meanwhile providing secure persistent data storage and real-time synchronization and sharing between devices and users.

If you lose your password, your data cannot be recovered unless you set up one or more key recovery procedures, such as:

• Paper/QR code backup (optionally with security questions)planned: 0.1.0
• E-mail recovery (with security questions)planned: 0.1.0

App Isolation

Apps that you run are isolated (sandboxed) from each other and the Edgi OS core in a similar way to how the browser isolates different websites you visit. Apps are granted access to your data through a fine-grained permission system that you control. The code and data for apps are integrity checked each time they are loaded, against a digital certificate signed by the package maintainer and saved at install time.

Depending on the type and trust level of different apps and extensions, they can be sandboxed and restricted through various mechanisms all of which leverage the strong security assurances afforded by modern browsers.

• UI window tasks and components can be sandboxed using iframes.planned: 0.1.0
• Command-line / background tasks can be executed in WebWorkes running in separate Javascript Isolates.tested: 0.0.1
• Tasks can only communicate through a Linux syscall-like API with well-understood semantics and permission checks.

Apps installed from the official Edgi Marketplace and Edgi OS itself go through a review process, but even then, security incidents may happen, which we disclaim responsibility for. The permission system may help to limit damage in case of a compromised 3rd party application. Any software or data originating from other sources are your own responsibility. This is all as you would expect from an operating system. Apps can also be granted "trusted" status, in which case they can run directly in the browser context of the window manager or of other apps, without iframe sandboxing, potentially giving them access to the data of other apps should the misbehave. This is used by built-in apps to increase performance.

Tracking, Cookies and Data stored in the Browser

No tracking cookies or other tracking mechanisms are used. Saved browser data/history cannot be used to identify you unless you sign in. When you sign in to Edgi Cloud, we obviously know about it.

In order for us to have the slightest clue of how people are using the website, we collect anonymous information about where the website is accessed from, and we may also collect anonymous usage data on the front page of edgiweb.com. No automatic analytics are performed within Edgi OS, unless you specifically request and send it for a bug report or similar.

You can optionally choose to store your encrypted account keys and cached/modified data in your local browser storage for the page.

• Data cached in browser storage/memory is encrypted using a key derived from the password.planned: 0.1.0
• This key is cleared from memory when the session times out, and offline password re-validate is required to access locally cached data.planned: 0.1.0
• Different users' sessions use different domain names, derived from a hash of the username.planned: 0.1.0

Security Threats

• The Edgi Web OS code base, distribution channel or web host is compromised.

  Risk:
  

  • If the Edgi Web website code cannot be trusted, it can do anything with your data and whatever systems you access through EdgiOS.

  Mitigations:
  

  • Source code: Edgi is source-availableplanned: 0.1.0, and only uses a few trusted external dependenciesplanned: 0.1.0.

  • Binary code: Builds are 100% reproducible from source releases, and are digitally signed to prevent tamperingplanned: 0.1.0.
  • Integrity Protection: After first page load on device, a service worker verifies that data from the web-server and peers is correctly signedplanned: 0.1.0.
  • Verification: Files served from the web-server can be compared against the public release.

• Priviledge Escalation of Untrusted Application Code.

  Risk:
  

  • If an untrusted application can perform unauthorized actions or tamper with the execution of the kernel, the entire system becomes untrusted and could compromise the user.

  Mitigations:
  

  • Strict sandboxing for non-system applications.tested: 0.0.1planned: 0.1.0
  • Enhanced application permission system.planned: 0.1.0
  • Security audit of syscall API.planned: 0.1.0

• Evil maid attack: Exfiltrate data or tamper with website code during user's absence from device.

  Risk:
  

  • A previously opened browser tab is re-used to login to Edgi OS, and it could have been previously tampered with by an attacker.
  • An open or locked session is left behind, and an attacker can access the browser.

  Mitigations:
  

  • TBD: reload page when logging in?
  • Logged-in sessions are by default set to timeout after a configurable period of inactivity, after which the password is required to decrypt data cached in memory or browser storage.planned: 0.1.0
  • A hard timeout can be enabled, after which apps are requested to save their state and sleep, workers are stopped and tabs are reloaded to clear memory.planned: 0.2.0

Teams

planned: 0.2.0

Background Tasks

In order to keep data private, background tasks that process data cannot be handled directly by Edgi Cloud, e.g., processing media files and maintaining a private search index. For this reason it can be useful to run background tasks on a remote device with access to your encrypted data.

In this case, the remote device could also back up your data and make it available when logging in from other devices, either as a fallback or substitute for the Edgi Cloud Vault service. (see this guide)

Apps can run as background tasks in remote Edgi OS sessions. A remote session could be on a different, logged-in device, either in a browser tab or running in NodeJS or Deno.

A cheap setup could be an old phone or laptop on a charger, with the Edgi website open and logged in. (see this guide)

Or, you could run Edgi OS using NodeJS or Deno on any server, for example on fly.io. (see this guide)

An option that will be offered by Edgi Cloud is running background tasks in an AWS nitro instance that can be certified to run an unmodified Edgi OS release. After validating the instance, you can securely send it encrypted login/sharing keys, data files, and commands needed to perform the desired tasks.

Networking

Edgi OS supports IPv4, IPv6 and UNIX domain sockets, and can connect to Tailscale VPN networks.

Different Edgi OS sessions, in different tabs, browsers, devices or servers can be networked together.

The following IP features are supported:

• TCP
• UDP
• ICMP ping
• DNS (including support for Tailscale MagicDNS)
• Routing tables and rules (netlink and "ip" command support still missingplanned: 0.2.0)
• Raw sockets

The following IP networks are supported:

• localhost - between apps in current tabtested: 0.0.1
• tabnet - between different browser tabstested: 0.0.1
• session - between different browsers/users using WebRTCplanned: 0.1.0
• tailscale - connect to tailscale VPN networktested: 0.0.1

Work Offline

planned: 0.1.0

Embed

planned: 0.1.0

Self-Hosting

At its core, Edgi OS is a static website which can trivially be hosted anywhere, and even exported to a html file on a USB stick along with your dataplanned: 0.2.0.

If you wish to log in to Edgi Cloud Vault from a self-hosted site, you need to register a custom domain with the Edgi Cloud.planned: 0.2.0

Custom Domain

Use your own internet domain name to directly access your customized private, team, or corportate Edgi workspace.planned: 0.2.0

Roadmap

Source Code

Edgi will likely be relased under the BSL 1.1 source-available license with AGPLv3 as change license 4 years after a release.planned: 0.1.0

Pricing

Official Edgi Cloud pricing will be confirmed after the beta. Draft prices:

Enterprise: Contact sales.

Guest mode will always remain free.

Edgi makes money in the following ways: ads to free users, premium services, service contracts for businesses