We've rounded up the most frequently asked questions on Reincubate Relay here.
We sign white-labelled builds using client certificates on their behalf.
In order to create a trusted white-label build of the desktop component, code-signing certificates are be required. Microsoft publish information on these, and Apple provide certificates as part of their developer program.
Browsers use different techniques for applying a basic level of protection around downloads. Modern browsers do not trust unknown files by default. Chrome shows a message on downloads stating "This type of file can harm your computer. Do you want to keep binary.exe anyway?". Microsoft's Edge browser throws up a "Windows Smartscreen" pane. Browsers use a number of different criteria when understanding whether to warn: they'll look at the domain, the nature of the file, and above all whether they've seen it enough times before to understand whether it is safe.
If one was to download Reincubate's consumer application no warning will be shown as it is well known by the browsers.
When Relay is customised with a client's name and code-signing, it'll be treated as a new application (it won't have Reincubate's certificate) and will start with no reputation, so it'll be flagged by browsers on download. In order to become trusted, the new program needs to get known many of computers as soon as possible. Generally, when making a significant change to a trust factor one can get past those screens pretty rapidly with a few days' worth of downloads and installs.