Psiphon Guide

This guide is also available in PDF and .pptx format


Contents:



Section 1:How Psiphon Works
Psiphon Inc. has provided open access to the Internet for millions of citizens around the world since 2006. Psiphon operates a proxy system known as “Psiphon 2” as well as “Psiphon 3,” which is an application (“app”) for Android, Windows, and iOS. The following documents focus on the Psiphon 3 network, which is the most widely used. Psiphon is a free, open-source, censorship circumvention software. It uses a combination of secure communication and obfuscation technologies to allow users to connect with apps and content which would otherwise be blocked.
The Internet
The Internet is a global network of billions of computers (or “routers”) which communicate with one another. These connected systems allow people to share (or “serve”) information to others. The Internet can be visualized as a web, with multiple routes and connections. If one connection is severed, the redundancy of the web infrastructure allows people to connect by finding another route. To get from one location to another, web traffic (messages sent on the Internet) make many hops. Traffic travels from router to router before arriving at their destination. In order to do this, specific networking and routing equipment is required. This is provided by Internet Service Providers (“ISPs”). ISPs allow Internet users to use their infrastructure, including ‘serving’ content or providing access to other content that other ISPs ‘serve’, usually for a fee.

Filtering & Censors
Filtering can occur at one or many points in the network, such as, the Internet backbone (often the international gateway), ISPs, institutions (such as companies or schools), and even on an individual’s device (such as a phone or desktop computer).

Censors are actors implementing filtering at any level. They could be implementing filtering on behalf of another body, such as when an ISP filters content under orders of a government.

In order to block only certain types of traffic, the traffic must first be identifiable. When a system can differentiate between types of traffic passing through the network, it is potentially able to make decisions about that traffic. Filtering can be done through devices and programs that analyze and forbid certain types of traffic to pass. In some places technical blocking affects everyday Internet use.
Circumvention Tools
Psiphon is part of a category of technology known as circumvention tools. Circumvention tools are designed to bypass interceptive technical forms of blocking online. Circumvention tools usually work by either diverting web traffic so it avoids the machines that filter or by disguising the traffic to appear like traffic that is not subject to filtering. The Psiphon app does both. As filtering techniques become more sophisticated, circumvention tool providers must always update their technology and so methods and strategies are continually evolving.

Psiphon Traffic
As a censorship circumvention tool, the Psiphon app’s primary objective is to establish a connection to the Internet. The Psiphon app attempts to connect to known Psiphon servers using various methods. Sometimes the Psiphon traffic is obfuscated, meaning that it is disguised to look like a different or less identifiable type of traffic.

Because it is encrypted, censors are unable to see the content of traffic passing through the tunnel. Censors may still attempt to block encrypted traffic based on other characteristics, such as communication protocols. Communication protocols are a set of rules used to route data and ensure it arrives at the intended location.

The Psiphon app has the ability to relay traffic through various communication protocols. It attempts to connect through different protocols until a connection is made. That way, if a censor is blocking one communication protocol, Psiphon is still able to connect by using another protocol.

To ensure that Psiphon’s traffic is not identifiable, it is important to make it appear as generic and normal as possible to an external observer. The Psiphon app has the flexibility to adapt dynamically to changing network conditions by trying multiple strategies to connect, even when certain types of content or traffic are being filtered.
Psiphon Servers
Psiphon operates a large network of servers. Each Psiphon app needs to know some information about the servers it’s trying to reach in order to make a connection. Newly downloaded Psiphon apps contain a short list of known servers within the network that it attempts to connect to. Censors may routinely try to block some Psiphon servers, therefore many need to be available.

The network is always changing. Psiphon continuously deploys new servers across numerous locations worldwide. The Psiphon app will receive updated information about how to access them. Over time, a single Psiphon app may eventually gain knowledge of hundreds of new Psiphon servers.
What makes Psiphon different than a VPN?
Virtual private networks (VPNs) are designed to allow users to send and receive data through a secure network tunnel. VPNs may even make use of very strong encryption, however, the majority of VPNs are not designed for circumvention purposes. VPNs are created for normal network conditions. VPN tools don’t do anything special to disguise the nature of their traffic and communicate through one type of protocol. VPN traffic can be identified, so censors are able to block VPN traffic. Several countries are known to filter or degrade VPN connections, and others have been observed blocking VPNs in response to events such as elections or political protests. Today, modern censorship technology has made this kind of blocking relatively simple for censors.

Psiphon allows users to send and receive data through a secure network while also disguising the type of traffic being transmitted and even where it is coming from. Psiphon technology is designed to be resilient to censorship, including attempts to interfere with Psiphon network traffic directly. The numerous secure protocols used by Psiphon apps all appear different to censors, making it difficult to differentiate between Psiphon traffic and other types of Internet use. Even if one traffic type is filtered on a network, Psiphon is able to connect through another protocol. Psiphon works where many other tools do not.
How do I know I can trust Psiphon?
Psiphon is an open source application which means that its source code is available for anyone to review and comment on how the system is implemented and the underlying cryptographic technologies. Psiphon not only performs internal code reviews, but also has regular code audits and penetration tests performed by various external firms.

Psiphon encourages feedback and collects little to no personally identifiable information by default. For example, Psiphon does not require users create accounts and does not log client IP addresses. User-generated feedback is opt-in and best done through the app. This information is kept as anonymous as possible and does not include personal or account information.

More information about privacy and security can be found in Section 3: Security and Trust.
Section 2:Getting & Installing Psiphon

Psiphon technology is made available through multiple propagation strategies. If one method is blocked or unavailable in your country, there are other techniques you can use to obtain the app.
Psiphon is available on Android, iOS, and Windows.

Psiphon Website
Apps for all of the platforms we support are available on our download page
Android and Windows are also available through email. Send a blank email to [email protected].



Android
Play Store: Search for “Psiphon” in the Google Play store or visit
https://play.google.com/store/apps/developer?id=Psiphon+Inc

Email Responder: Send a blank email to [email protected].

Depending on your region, you may have the option of purchasing Psiphon Pro. For a subscription fee, this upgrade allows you to increase speed, remove ads, and receive other benefits.

Installation: Search for Psiphon in the Google Play store or click on the apk file for direct downloads. If you requested Psiphon via email, an email from [email protected] will arrive in your inbox momentarily. Check your spam folder if you don’t see it in your inbox. Visit the download link or download the file ‘PsiphonAndroid.ap_’ attached to the email and rename it to have a “.apk” extension, if necessary. Download Psiphon. Find the Psiphon icon on your phone and click on it to open.



iOS


Installation: Search for Psiphon in the App Store and click ‘Get’ to download and install. You may be asked to re-enter your Apple ID and password. Find the Psiphon icon on your phone and click on it to open.



Windows

Email Responder: Send a blank email to [email protected]

Installation: An email from [email protected] will arrive in your inbox momentarily. Check your spam folder if you don’t see it in your inbox. Visit the download link or download the file ‘psiphon3’ attached to the email and rename it to have a “.exe” extension.Open and run as you would any other app, no installation is necessary.


Section 3:Security & Trust

Having trust in an Internet tool or service begins with trust in the company that provides it. There are several important indicators to help gauge trustworthiness of tools and services. This document outlines Psiphon’s data collection policy, source code, revenue strategy, and external audits.


Data Collection and Retention Policy
When data is collected by online services, users supplying the data no longer have control over their personal information. The collected data is usually stored, categorized, and can be sold to other companies for marketing or other purposes. Sometimes governments or law enforcement agencies demand that certain data is handed over to them. Occasionally, data is breached and misused by hackers.

Psiphon collects only enough data to determine how the network is working and nothing more. Psiphon is not interested in what websites users visit and keeps no personally identifiable user data. Using Psiphon does not require account creation.

Psiphon DOES:
  • Collect data that reveals the health and success of the Psiphon network. This includes:
    • - Number of connections.
    • - Regional location of connections.
    • - Amount of data being transferred.
    • - If there are any connection issues.
  • Aggregate all data that is collected.
  • Encrypts all data in transit
  • Minimize privacy sensitive data that is collected.
Psiphon DOES NOT:
  • Collect or store any data that is not mentioned in the privacy policy.
  • Collect personally identifiable information.
  • Collect IP addresses.
  • Modify the contents of the data for tracking purposes.
  • Share any sensitive or user-specific data with third parties.
More information about the data collected by Psiphon are detailed in the privacy policy

Source Code
Psiphon is an open source project. Open source means that the source code is shared publicly and anyone is able to review and make suggestions. By allowing interested parties access to inspect the source code, open source applications can increase confidence in how applications are designed.

Find the source code and design documents here: https://psiphon.ca/open-source.html

Sustainability Model
Psiphon has always been free to users. It is our mission to reach as many people as possible, which in part means eliminating economic barriers.

Psiphon does not sell user data. So how does the company maintain a worldwide network?

Psiphon is able to sustain operational costs by maintaining a diversity of income sources,
  • Winning international grants for technology development and network maintenance.
  • Working with media partners to distribute content using branded Psiphon clients.
  • Collaborating with ad networks in certain regions.
  • Offering subscriptions for premium service in certain regions.



External Security Audits
A software audit is the internal or external review of a software program to check its quality, progress, standards, and security. Internal code audits are performed regularly, and external code audits are generally triggered by major code changes such as the development of new features. External security audits are rigorous assessments conducted by third-party vendors to identify and record vulnerabilities and external threats in the source code. Audits help ensure the security of Psiphon users.

During an external code audit, Psiphon will work closely with the vendor. Any issues found are addressed based on importance, and then retested by the vendor. It is Psiphon’s policy to make code reviews public. Find Psiphon’s blog posts about these assessment events and the corresponding reports below.

links required
2014 - “Independent Security Assessment of Psiphon3” – Blog –“iSEC Partners Final Report-Psiphon3”– Report
2017 – “Psiphon Completes Another Third Party Security Review” – Blog – “Pentest-Report Psiphon06.-07.2017” – Report
2019 – “Pentest-Report Psiphon Apps & Server 10.2019”– Report


Section 4:Connection Troubleshooting


Best Practices for Optimal Connections
Use the latest version. The most current version of the Psiphon app has the most up to date connection capabilities. See Document 2 Getting and Installing Psiphon for more information about how to obtain authentic versions of Psiphon.
Update the Psiphon app when new updates become available.

Anrdoid:
If you have installed Psiphon for Android through the Google Play Store, it will be automatically updated by the Play Store when an update is available. If you have sideloaded Psiphon for Android, the Psiphon client will download updates as they are available, and a notification will appear asking you to install the update.

Windows:
The Psiphon for Windows client will download and install updates as they are available.

iOS:
The Psiphon for iOS client will automatically download and install updates via the App Store as they are available.

Manually updating:
If the Psiphon self-updating mechanism isn't working (for example, if it has been blocked), follow the instructions outlined in Section 2: Getting and Installing Psiphon to get a fresh version.
Connecting in a Strained Environment
Under certain network conditions, Psiphon might take up to a few minutes before finding the best way to connect. Do not interrupt it (by hitting the start/stop button). Psiphon uses a variety of protocols and they differ regionally. Not only does the Psiphon app have a variety of connection techniques, it will learn from previous attempts and the successful connection method will be used the next time the app is run.

Frequent Disconnections
If you experience frequent disruptions, try the following:
  • Check your Internet connection or make sure you have data.The app needs to be connected to the Internet to work.
  • Make sure you have the latest version.(See above).
  • Restart the Psiphon app.
More Troubleshooting
For more answers to additional troubleshooting topics, visit: https://psiphon.ca/en/faq.html
Send Feedback
Please send us feedback through the app if connection issues persist

Feedback on Windows


Feedback on iOS

Feedback on Android

Section 5:Settings

Language
By default, the Psiphon app will automatically open in your selected device language (the language on your phone or computer). There are more than 30 languages available to choose from if you would prefer to use the Psiphon app in another language.

Connection Performance
When connected, all traffic from your device will be tunneled through Psiphon by default. To reduce latency and increase connection performance, you may choose to exclude some traffic from the Psiphon tunnel.
Android
Psiphon Android users can either individually include or exclude specific apps from the tunnel on devices Android 5.0 and higher. To select which apps use or do not use the Psiphon tunnel, go to OPTIONS, then choose VPN settings. Select specific apps to include or exclude from the Psiphon tunnel.
Windows
In Psiphon’s Windows application, users have the option to exclude local websites from the Psiphon tunnel. The Psiphon app will disregard local websites, so the local websites can be accessed faster. To do so, go into SETTINGS > Split Tunnel > and select ‘Don’t proxy websites within your home country.’

Slow Networks
To stay connected on a slow network, opt in to ‘Disable timeouts.’ This option is available on Android, Windows, and iOS.

Psiphon Server Location
Psiphon servers are located across the globe. The app automatically chooses the server with the best connection performance. There are more than 20 countries to choose from should you wish to change server location.


Settings on Windows


Settings on iOS

Settings on Android