Using OpenVPN on an iPhone

2018-05-29 10:50:00

You are being tracked. It is now no secret that on every level your cellphone is being used to compromise your privacy. Not only are the cellphone providers injecting tracking headers they have been selling off your location data to 3rd parties with lousy website security . We have no way to know how much of this data was archived, or who may have access to it. There is no way to ensure that it is all deleted.

Want to ensure that you aren’t tracked? Take a hammer to your phone. Short of that, there isn’t anything that can be done when your cellphone provider is the one exposing your data.

However, you can protect your browsing from 3rd party tracking, and header injection by using a Virtual Private Network (VPN). The EFF has a good article on VPNs. They aren’t perfect, and you do have to trust that they really don’t log your IP when connecting, but it’s better than trusting your cellphone provider or the local coffee shop’s wifi. Mostly.

Using the OpenVPN app on the iPhone along with a commercial VPN provider (DO NOT TRUST FREE VPNs) is fairly easy to setup. You need the .ovpn file from the VPN provider along with the ca.crt, user.crt, user.key files. Edit the .ovpn file to add these 3 files to the configuration so that you can sync it via iTunes or mail it to your icloud account.

Remove the ca, cert, and key lines from the .ovpn file
Add 3 html-like tags for ca, cert, and key.

The final file should have this at the end of it:

<ca>
- -----BEGIN CERTIFICATE-----
CERTIFICATE DATA HERE
- -----END CERTIFICATE-----
</ca>
<cert>
- -----BEGIN CERTIFICATE-----
USER.crt DATA GOES HERE
- -----END CERTIFICATE-----
</cert>
<key>
- -----BEGIN ENCRYPTED PRIVATE KEY-----
USER.key DATA GOES HERE
- -----END ENCRYPTED PRIVATE KEY-----
</key>

Mail this to your icloud account and in the Mail app open the attached .ovpn file with OpenVPN Connect . Enter your password and answer the prompts to allow OpenVPN to create a VPN connection. Until you disconnect it will re-establish the connection whenever the phone is unlocked. The only drawbacks being shorter battery life, and possibly slower network connections. But now your cell provider cannot inject their tracking headers into your browsing, and the sites you visit have no idea where you are connecting from.