Let's build the best privacy network with just our phones
We're building a privacy network so large and ubiquitous it works everywhere.

But we are doing it with a peer-to-peer model to provide a better VPN that costs less money, and works in more places.

BringYour always works on a mobile phone. Anyone with a mobile phone can help build the network just by enabling the provide mode that runs in background when your phone is on (which it almost always is!). You get paid a part of how much the network is used that shows up automatically in your app wallet.

You get to see the activity on your node in the provide section of the app. You're not just a user, but all you have to do is use the app.
Other ways to participate
Sometimes your phone is maxed out with something else and you still want to help build the network. You might have an existing server somewhere or want some small hardware to stash next to your main internet router.
Docker container
Follow these steps to run a BringYour provider inside of a Docker container:
            docker pull bringyour/provider:latest
            docker run bringyour/provider
            Add this device: a-b-c-d
From the app, add the container as a device using the a-b-c-d key that was printed to the terminal. This only needs to be done on the first run of the container. After the container is added as a device, you can control it from the app. To run the container in the background with auto-updates, use the WARP loader.
            warpctl init hsm
            warpctl install main bringyour/provider --use-global-auth
            warpctl log main bringyour/provider
            Add this device: a-b-c-d
Note --use-global-auth means the container credentials are stored in the HSM storage area and shared across all provider containers on the same host, so that auto updates will not need to re-add the container as a device to the network. You can tail the logs of the container using:
            journalctl -u bringyour-provider-main -f
GitHub documentation on running a BringYour provider docker container.
EdgeMax router
EdgeMax is a popular hackable router platform because it is cheap, stable, and globally available.
GitHub documentation on running a BringYour provider on an EdgeMax router.
Strength in decentralized
One of the primary challenges of a private network that promotes privacy and anonymity is that it can be identified and filtered. A malicious agent can join to map the platform hosts and egress points that a typical user would see, and then use that information to label users of the private network as second-class citizens or broken. This is a challenge to any private network that has a finite set of platform hosts and egress points, or a high cost to adding new ones.

However, BringYour is designed to have an extremely low cost to add new platform hosts and egress points. This design changes the equation by making it cheaper to add new platform hosts and egress points that it is to label them.

To label a platform host or egress point means to be able to tell from the internet which hostnames and IP addresses are part of the private network with a low probability of false positives. Relying a model with false positives means that the internet is broken for users who are not on private networks, which has a real cost. Fundamentally, the more that private networks comingle with regular traffic, the harder it is to minimize false positives. Bring Your achieves this by making it extremely easy for private networks and regular traffic to coexist.
The ability to provide egress sites is built into BringYour. Because this opt-in feature is so simple and so powerful, there are a number of security guardrails and access control so that you are in control. To get started with providing, just turn it on in the provide section. There is no further setup or configuration of your environment needed.

The BringYour network is a revenue share where providers take a piece of the total income slice. See the income breakdown.
Provider security guardrails
The following rules are enforced in the sender and receiver side. Any detected abuse by the sender or receiver immediately raises a provider dispute as defined in the whitepaper.
bullet No access to non-public IPv4 and IPv6 subnets as defined by RFC 1918, RFC 4193, and other related RFCs. Only public addresses are allowed to be routed.
bullet Only end-to-end TLS and dTLS encrypted traffic is allowed. Unencypted traffic will not pass through a provider.
bullet Self-signed host TLS certificates are not allowed. There is no inspection or modification of packets allowed.
These rules do not apply when connecting between devices and services on the same network.

Our goal is to automate security and safety rules on the network. If there are rules you think would be beneficial, please give us feedback.
The platform hosts by default live at hostnames *.bringyour.com. Additional edges that help coordinate web traffic (WebRTC-related protocols) live at hostnames edge-*.bringyour.network. These are distributed all over the world to be as close to users as possible. The edges maintain a real-time latency map to help users orient themselves on the network, just like a constellation of stars for sailors.

An extender can join the network and provide platform hosts on a new domain and IP. The owner of the extender controls a domain and an IP, which map to their extender. For example, their anydomain.com could be part of the platform hosts for the entire BringYour network which has several benefits. Firstly, it decentralizes the hostnames and IPs associated with the private network making the network harder to label. Additionally, it puts the platform hosts closer to users in that area and builds a more accurate latency map.

The BringYour network is a revenue share where providers take a piece of the total income slice. See the income breakdown.