Open protocol · verifiable encryption
BanditKin's privacy is a matter of architecture, not promises. The complete protocol our app speaks — and the exact format we use to encrypt your data before it leaves your phone — is published in the open. You can read the spec, run the proof, and watch the wire yourself. Here's how to check our claims without taking our word for anything.
Read the protocol on GitHub →Open protocol · Verifiable encryption · Publicly documented · MIT licensed
Three ways to check
Three independent ways to confirm BanditKin does what it says — none of which require trusting us.
Our complete relay API and the byte-level encryption envelope — AES-256-GCM via Google Tink — are documented in the open. It's a real specification, detailed enough that an independent developer could build a working client from it without ever seeing our code. It's in API_CONTRACT.md, and it includes an honest table of exactly what the relay can and cannot see.
Don't take the format on faith. Our published reference implementations — in Python and in JavaScript (WebCrypto) — ship with a runnable proof. Run prove_interop.py and it round-trips them against the exact crypto engine inside the Android app, Google Tink, in every direction. If our encryption weren't what we say, the proof would fail.
Capture BanditKin's own network traffic from your phone and see for yourself: it talks only to documented hosts, and the content on the wire is ciphertext, not readable locations or messages. Our guide, VERIFY_THE_WIRE.md, walks you through it with a standard tool (PCAPdroid) — no trust required.
Full candor
We state what the relay can see as plainly as what it can't — and the published spec backs every line of it. That's the whole point of documenting it.
Operational metadata, and we say so: that a device is online, its battery level, and that an alert fired. For map and area downloads, the host sees your IP address and the coarse region you requested. Encrypted traffic still has a size and a time. We don't pretend otherwise — the spec spells it out.
Where anyone in your circle is. What any message says. Your destination or searches in the offline navigation modes. The relay only ever holds ciphertext it has no key to open — the key lives on your paired devices and is shared in person by QR code. That's privacy by construction, not by policy.
Straight talk
BanditKin is not open source, and we won't call it that. The app and the relay's own source code are not public today. What is public is the layer where “trust us” isn't good enough: the encryption envelope and the wire protocol — fully specified, and independently verifiable. That is the part that proves your data is sealed on your device before it ever leaves it. If that balance ever changes, it changes in the open direction — never the other way.
It's all on GitHub, MIT licensed — read the spec, run the proof, audit the wire. And if you want to know exactly what we collect and how, our privacy policy spells it out in plain language.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.Read our Privacy Policy →