Private option of rescue from SORM-3

In recent days, the entire Internet is filled with articles on the systematic tightening of nuts regarding the privacy of user traffic, closing torrents and the like. As usual, legislative initiatives are hiding behind noble motives, but we all understand that the true reason lies in the desire to gain control over the information and prevent some undesirable events that threaten the existing regime. The more totalitarian the system, the more restrictions, this is a fact.

However, Habr is out of politics, so I’ll finish the emotional introductory article.

There are many different options for saving the security services from the all-seeing eye, but in my humble opinion, the best solution is VPN. If a person is not looking for anonymity, but is interested in the confidentiality and integrity of his data, then a high-quality VPN in a permanent connection mode is what you need. It does not make sense for a respectable user to encrypt under other names in I2P networks, but it makes sense to protect your traffic from wiretapping by third parties.

The ruVPN service is designed specifically for this use case. Initially, it was positioned as an iOS solution, since only Apple devices “out of the box” supported configuration profiles and received certificates via SCEP protocol. There are still no such standard solutions for Android devices. With the advent of Android 4.0, it became possible to establish VPN connections inside third-party applications. An OpenVPN release was released that does not require root rights on the device and with automatic connection support.

The OpenVPN configuration is a regular test file. You cannot include an access password in the configuration file. But you can use the so-called "inlines", they can place a pair of client keys, a key for TLS authorization and a bunch of server certificates. With this configuration, you need your own certificate authority and a user profile generation server.

When loading a profile, a MIME-type is used application/x-openvpn-profile, so the profile is immediately recognized by the pre-installed OpenVPN Connect application .
Installing a profile takes place in a minimum number of steps:

1. After loading the profile, OpenVPN automatically offers to install it:



2. After import, the profile becomes available inside the application:



3. After clicking the “Connect” button, the system requires confirmation of the application’s rights to establish a VPN connection. This is a one-time request and with a positive answer, such questions will no longer be.



4. Everything, the connection is established! You can close the application, the connection status will be visible in the system tray.



5. In the notification area you can always see the details of the secure connection:



As you can see, no names / passwords are required, and the profile can only be accessed via HTTPS via the secure link. The chances of compromising credentials are very slim.

OpenVPN automatically initiates a secure connection to the VPN server for any outgoing traffic. You can be sure that "Comrade Major" with his SORM-3 will sit and bite his elbows, trying to read your traffic.

Connection parameters were selected with an emphasis on maximum connection security, with the participation of advanced hawkers. Thank you very much for the recommendations and testing!

I want to note that a VPN cannot be free. This is the cost of the server, communication channels, infrastructure, maintenance staff. If there is something completely free with a bunch of options, entry points and the like, then you need to clearly understand the sources of financing. Obviously, such projects pursue completely different interests than the struggle for the freedom of dissemination of information. Most likely, such funds are indirectly financed by the same special services in order to collect all the “secret” traffic under their wing.

ruVPN- the project is purely commercial, is outside the jurisdiction of the Russian Federation, with open data on the ultimate owners. As the owner of the project, I guarantee that information about the traffic of my users will not be available to any special services, all logs will be deleted after 24 hours, automatically.

I ask to test, try, connect: https://ruvpn.net/ru/product/details/1/

All readers of Habr are given a 10% discount on connection by codehabr102013