Daemonet Personal Cloud
Your private cloud, everywhere.
Turn the computers, servers, storage, games, and applications you already own into a private cloud you can securely reach whenever an approved path is available.
No permanent public management ports. No provider-held root identity. No hidden relay.
Your private cloud already exists
The hardware is already there. The missing piece is safe reachability.
A desktop has the graphics hardware. A NAS already holds the archive. A workstation has the applications, repositories, and local models. Daemonet gives those resources persistent identity, explicit access policy, and a path that does not require making their management interfaces public.
The destination remains the source. Applications become interchangeable ways to reach it.
Carry the work environment
Reach a remote desktop, terminal, editor, or private dashboard without copying the entire machine onto a travel device.
Machine serves the sessionOpen the NAS from anywhere
Browse, mount, synchronize, preview, or share only the folder and actions an approved identity is allowed to use.
NAS remains the sourceStream from your hardware
Run the game on the computer you own. Prefer a low-latency direct route and make any later relay a visible choice.
Host renders the gameGive local services stable names
Open a home dashboard, media server, photo gallery, source forge, or local AI interface without inferring public access.
Origin terminates HTTPSKeep the environment intact
Use existing containers, databases, build tools, certificates, and test data without exposing a public SSH or database port.
Exact services, not a flat LANShare infrastructure, not passwords
Give each family member, guest, or device its own service scope, duration, and revocation path.
Separate authority per relationshipUse a browser without trusting it forever
Your phone can approve the smallest useful session.
A trusted device keeps the durable identity. A new or borrowed browser receives a short-lived right to one service, not a copy of the root key or permanent membership in the whole network.
- Service
- Home gaming computer
- Requested
- Video · audio · controller input
- Not requested
- Files · clipboard · administration
- Browser
- New session · hotel Wi-Fi
- Duration
- 4 hours · no reusable credential
Use a locally authorized Daemon identity or device key while the owner policy permits it.
Review the service, persona, actions, duration, download policy, and whether the browser may be remembered.
Limit authority to one service or action, disable persistence, and expire it when the session ends.
A web page does not become an operating-system WireGuard client. Native WireGuard and typed browser-direct transport remain separate, visible paths.
Where the bytes travel
Introduction is not transportation.
Daemonet separates identity, policy, and discovery from the application path. A failed direct path stops visibly unless the owner has separately selected and authorized another route.
- Approved clientdevice-held identity
- WireGuard + origin HTTPSauthenticated direct route
- Your hostterminates TLS · serves bytes
1Man role: optional introduction, verified records, entitlement evidence, and operations. It is not in this application path.
- Authorized browserone-use proof
- Typed WebRTCDTLS data channel · no TURN
- Your originexact selected service
1Man role: encrypted, TTL-bounded signaling only. Application frames travel browser to customer origin.
- Entitled clientroute chosen deliberately
- Named capacitymetered ciphertext path
- Your servicestill owns application authority
Status: future and separately purchased. It is never an undeclared fallback for Community or Verified Access.
Encryption makes content unreadable and modification detectable to passive observers on the protected path. It does not prove that encrypted packet timing was unobserved, repair a compromised endpoint, or make direct peers unaware of network addresses.
One stable service identity
Move the cloud without changing what it is.
An address describes where a service can be reached now. The owner-approved service identity describes what it is, which key speaks for it, who may use it, and which paths are permitted.
- Online + direct path
- CONNECT DIRECTLY
- Online + direct path blocked
- STOP OR USE AN EXPLICITLY SELECTED MODE
- Powered off
- UNAVAILABLE UNLESS SUPPORTED WAKE IS CONFIGURED
- Origin lost
- RESTORE ONLY FROM A TESTED OWNER-SELECTED COPY
Managed without surrender
Choose how much plumbing you want to operate.
Daemonet is the open system. 1Man can operate bounded supporting services. A later capacity provider can carry or preserve encrypted bytes only when selected as its own data-path product.
You operate the support layer
- Device and service keys stay with you
- Profiles and application policy stay with you
- Direct traffic stays between endpoints
- You operate discovery, names, and availability
Managed control-plane operations
- Enrollment coordination and verified records
- Entitlement and availability evidence
- Certificate and naming workflows
- No identity, topology, application, or normal traffic custody
Selected data-path services
- Relay, gateway, storage, backup, or compute
- Own scope, operator, meter, and threat model
- Visible price and exit behavior
- Never inferred from a failed direct path
The promise without the fantasy
Private infrastructure still obeys physics.
Daemonet can reduce exposure, make authority precise, and keep providers replaceable. It cannot make a powered-off computer answer, turn poor connectivity into a local cable, or secure a source device that is already compromised.
Some networks block UDP, peer discovery, unknown ports, or long-lived sessions. Not every permitted path works everywhere.
Latency, upload speed, packet loss, distance, encoding hardware, and congestion determine experience.
An untrusted browser may capture screen output, downloads, input, or plaintext it is explicitly allowed to receive.
Providers and peers may learn the minimum route, timing, service, or usage facts required for their explicit role.
Encryption does not create durability. Enough independent material, protected keys, repair, and clean-device restore tests do.
Third-party software remains subject to its licenses, capabilities, authentication, and terms.
Your cloud is not a location
It is everything you own, securely connected.
Start with one machine and one private service. Prove the direct route, portal outage, reconnect, and revocation before expanding.
Third-party applications mentioned are compatibility examples only. Daemonet is not affiliated with or endorsed by their owners.