Simplified Privacy

Tutorial: Wireguard Config Rotation

How do we handle Wireguard keys and rotation? How many devices can you have?

Tutorial: Wireguard Config Rotation

The settings tab allows the user to easily manage features and subscriptions.

What is a Wireguard key?

Wireguard keys are used to authenticate a user for a VPN session. However, these keys are NOT revealing or decrypting traffic.

Rotation is purely hiding metadata of who is authenticating.



Background

Other VPNs only give the user one Wireguard key per device. While as we do NOT track the number of devices.

Our Approach

We tie cheap Wireguard subscriptions to a single location and a wireguard key. You can rotate the key, but the location never changes.



Systemwide vs Browser


Layer 1 System-wide

System-wide subscriptions are like a regular VPN, it can be used on a mobile phone, router, or any device for system-wide traffic.

Layer 2 Profiles

Layer 2 profiles is way more than just a VPN, but also includes a browser fingerprint. However, these subscriptions will have issues with phones or routers (outside of our app).

Can Rotate Key

The user CAN rotate that key, and the user can also use the same key on multiple devices or profiles. However, they can not be used at the same time. And if the key is rotated, it must be rotated on all devices using that key.


Keep in mind that rotating these config files do NOT help with traffic decryption.

If the adversary got your WireGuard config file, the only thing they could do is steal your $1 VPN subscription.

Multiple Devices

The user can insert a Wireguard config/key into multiple devices at the same time. Or multiple profiles on a phone, and the billing system would not even know. However, the same key and subscription can NOT be used at the same time.


Automatic WireGuard Config Rotation

The settings tab allows the user to rotate Wireguard keys, keep in mind that this does NOT affect the ability of the adversary to decrypt traffic. This is purely from a metadata standpoint.


When are Automatic Rotations Triggered?

When the user hits “Connect” to that WireGuard Profile, if a rotation is scheduled to take place, then it rotates at that initial connection.


Layer 1 Manual Key Rotation

If you wish to do a manual Wireguard key rotation for Systemwide Layer 1 Profiles, simply go to the /etc/simplified-privacy/profiles folder, and delete the correct wg.conf file. Layer 1 profiles DO NEED sudo privileges to access the files in these folders.

Manually Removing Backups

Also the backup can be deleted as well in .config/simplified-privacy/profiles.


Layer 2 Manual Key Rotation

If you wish to do a manual Wireguard key rotation for Layer 2 Profiles, simply go to the .config/simplified-privacy/profiles folder, and delete the correct wg.conf file. Layer 2 profiles do not need sudo privileges to access the files in these folders.


Negatives of Key Rotation

The negatives of rotating keys are that you’re connecting to the centralized billing server and it’s slower to connect as it coordinates this.

Billing Server

When the Wireguard keys are rotated, you’re connecting to the billing server to do so. And THEN AFTER the country your subscription is in.


Hide IPs from Billing Server

If you’re trying to hide your IP from the billing server, then turn on the Tor toggle in the bottom right. Or be connected to a systemwide Layer 1 connection first, if you’re rotating a layer 2 profile key.


Phones or Routers use Systemwide Profiles

If you’re looking to insert a Wireguard key into a phone, router, or other third party app, then you’d want to get a “Systemwide” layer 1 profile.


Server-side Metadata is Automatically Wiped

ALL Wireguard VPN servers tie the public key to the IP address of the user. ALL VPNs (meaning our competitors as well) solve this problem by removing and re-adding the Wireguard key. Our servers do this every 5 minutes.


If you really want to learn and take your privacy to the next level, subscribe to our new content via: Podcast RSS, Session list, Nostr, Bastyon, Article RSS, or join the Signal Group

Related Posts

Tutorial: Managing Profiles

Tutorial: Managing Profiles

Our settings tabs allow you to easily manage and control your profiles and subscriptions.

[SP]

Feb 19, 2025
Payments 101: Subscriptions vs Profiles

Payments 101: Subscriptions vs Profiles

Profiles and Subscriptions are different concepts, that work together

[SP]

Feb 16, 2025
Systemwide VPN Tutorial

Systemwide VPN Tutorial

How use Wireguard for your entire system

[SP]

Feb 16, 2025
Easy Privacy: Phone vs PC Subscriptions

Easy Privacy: Phone vs PC Subscriptions

How Isolated Subscriptions Can Radically Improve Privacy

[SP]

Feb 14, 2025