How are data encrypted?
Data are encrypted end-to-end from sender to receiver using TLS. Connections are attempted peer-to-peer directly from sender to receiver to minimize latency. In the case where peer-to-peer connections are not possible (for firewall or other technical reasons), encrypted data are routed through the nearest extender. In all cases no matter the transport, only the receiver can decrypt the traffic. The platform hosts never decrypt or analyze your network traffic.
How is my network configuration secured?
BringYour uses client encryption for the network configuration. The network configuration is signed by an admin key, which is stored client side and never shared with the platform hosts. Additionally the access keys to the network are signed by the admin key. Every change to the configuration must be signed by an admin device in order to be recognized by the devices and services on your network. This means that if the BringYour platform is ever compromised, rogue devices and services could not join your network.
How does the platform API work to let me own my data?
The API is applied on the sender side, not the receiver. Every device or service that sends data first consults the list of platform API apps in its configuration before sending the data. The sender connects to the platform API apps using the network routing, which if the app is running on the private network will form a peer-to-peer connection to minimize latency. The platform API allows packets to be inspected, filtered, and modified. Because the app is written in a programming language, arbitrarily advanced rules can be applied, including data-driven decisions. Only the meta data of each packet is sent to a platform API app unless the app subscribes to additional data from that source.

A reference app is provided in Go and Python, but apps can be written in any language.
What does it mean to be a provider or extender?
BringYour allows you to participate in promoting private and anonymous internet access. The purpose of the network is to give private and anonymous internet access to every user. Because only encrypted traffic is allowed in the network, you faciliate the network as a "hop" of encrypted traffic. It is not possible to read or access the content of the traffic because of the encryption. Please see our terms of service.
What do I do with XCH?
XCH is a decentralized digital asset. This page maintains a list of decenralized exchanges (DEX) and centralized exchanges (CEX) that can convert XCH to other digital assets or fiat.

The app has a decentralized wallet built in, or you can use your own wallet address. BringYour does not custody your assets - your keys your coins.
This section is continually updating as common questions surface. Join us in our Discord community.