# Set up a personal blind oracle with Umbrel Source URL: https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/set-up-a-personal-blind-oracle-with-umbrel Updated: 2026-04-09T09:37:06.000Z Category: Blockstream Jade Section: Add More Security & Functionality --- > **Note:** This application is currently in beta and should only be attempted by those who are confident of their wallet recovery process. Jade uses a powerful security model to protect your device from physical attacks by communicating with a [blind oracle](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/faqs/jade-security-model-faqs) to unlock your device. A [blind oracle](https://glossary.blockstream.com/blind-oracle/) functions as a [virtual secure element](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/faqs/how-does-jade-protect-my-recovery-phrase-with-a-blind-oracle) and instead holds the decryption mechanism to your wallet off-device, which makes Jade **invulnerable** to physical key extraction. This is unlike typical secure element hardware devices, which hold everything needed to extract your keys on the actual device itself. By default, Jade communicates with Blockstream's blind oracle, however you also have the choice to run your own if you'd like. The following guide covers a simple personal oracle setup using Umbrel, however more advanced users can [follow our alternative guide](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/set-up-a-personal-blind-oracle) to run this on other software. ## Pre-Requisites - A machine running [Umbrel](https://umbrel.com/) - An uninitialized Blockstream Jade - If your Jade is already initialized, you will need to perform a [factory reset](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/troubleshooting/perform-a-factory-reset). - Knowledge of Tailscale and/or using Tor - Tailscale is **recommended** for maximum reliability. Make sure the [Tailscale](https://tailscale.com/) app is installed and enabled on Umbrel **and** any devices you want to connect Jade to before continuing. ## Current Limitations The following functionality is not currently available if you run a personal blind oracle: - Accessing Jade using QR PIN Unlock - Upgrading Jade using the [web portal](https://jadefw.blockstream.com/upgrade/fwupgrade.html) - Switching between Tor and clearnet/Tailscale connections when using [third-party apps](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/set-up-transact-recover-your-wallet/download-a-companion-app-for-jade) - You will need to choose either Tor or Tailscale as your primary URL when unlocking Jade with apps that are not the native Blockstream app. The Blockstream app can use your alternate URL as a fallback. ## Personal Oracle Setup Process 1. Navigate to the Umbrel App Store and install the Blockstream **Blind Oracle** app. ![Screenshot 2024-12-05 at 3.34.41 PM.png](https://dxp-backend.devserver.app/uploads/help-center/content/blockstream-jade/add-more-security-functionality/set-up-a-personal-blind-oracle-with-umbrel/41928161473049.png) 2. Open the Blind Oracle app to view your oracle details. The default URL is your onion address, however if you have Tailscale set up, we recommend pasting the following into your browser address bar to set Tailscale as the default. - http://umbrel.local:3344/?urla=umbrel&urlb=\[insert onion address\] > **Tip:** Using the above URL will allow you to unlock Jade while on the local network, as well as remotely if Tailscale is installed on your device (for example your phone that is running the Blockstream app). ![Screenshot 2024-12-05 at 3.36.39 PM.png](https://dxp-backend.devserver.app/uploads/help-center/content/blockstream-jade/add-more-security-functionality/set-up-a-personal-blind-oracle-with-umbrel/41928161478937.png) 3. Turn on Jade and access the boot menu by clicking (**not holding**) the center button once while the logo screen is showing. Select **Blind Oracle** → **Scan Oracle QR**. Confirm the on-screen details and continue setting up Jade with PIN on your preferred companion app. Your Jade will now communicate with your personal blind oracle in order to initialize and unlock your device. ![1.png](https://dxp-backend.devserver.app/uploads/help-center/content/blockstream-jade/add-more-security-functionality/set-up-a-personal-blind-oracle-with-umbrel/41928156255129.png) ![2.png](https://dxp-backend.devserver.app/uploads/help-center/content/blockstream-jade/add-more-security-functionality/set-up-a-personal-blind-oracle-with-umbrel/41928161480985.png) > **Note:** If you have trouble connecting to your personal oracle, you can factory reset Jade to reconnect to Blockstream's oracle. Navigation: Blockstream Help Center > Blockstream Jade > Set up a personal blind oracle with Umbrel ## Related Articles in This Section - [Enable swaps with Jade](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/enable-swaps-with-jade) - [Enable a duress PIN](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/enable-a-duress-pin) - [Use Jade as a stateless signing device](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/use-jade-as-a-stateless-signing-device) - [Use Jade as a 2FA authentication device](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/use-jade-as-a-2fa-authentication-device) - [Use Jade as a Bitcoin miner](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/use-jade-as-a-bitcoin-miner) - [Use Jade with testnet](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/use-jade-with-testnet) - [Add a BIP39 passphrase for Jade](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/add-a-bip39-passphrase-for-jade) - [Create a BIP85 child recovery phrase](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/create-a-bip85-child-recovery-phrase) - [Create a recovery phrase using dice](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/create-a-recovery-phrase-using-dice) - [Calculate the final word from a provided recovery phrase entry](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/calculate-the-final-word-from-a-provided-recovery-phrase-entry) - [Back up a multisig configuration on Jade](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/back-up-a-multisig-configuration-on-jade) - [Disable Bluetooth](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/disable-bluetooth) - [Manually verify firmware binary](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/manually-verify-firmware-binary) - [Set up a personal blind oracle](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/set-up-a-personal-blind-oracle) - [Set up a personal blind oracle with Umbrel](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/set-up-a-personal-blind-oracle-with-umbrel) (current) - [Use cases for Temporary Signer](https://helpcenter.dxp-frontend.devserver.app/blockstream-jade/add-more-security-functionality/use-cases-for-temporary-signer)