Circumvention Tools
Psiphon is part of a category of technology known as circumvention tools. Circumvention tools are designed to bypass interceptive technical forms of blocking online. Circumvention tools usually work by either diverting web traffic so it avoids the machines that filter or by disguising the traffic to appear like traffic that is not subject to filtering. The Psiphon app does both. As filtering techniques become more sophisticated, circumvention tool providers must always update their technology and so methods and strategies are continually evolving.
Psiphon Traffic
As a censorship circumvention tool, the Psiphon app’s primary objective is to establish a connection to the Internet. The Psiphon app attempts to connect to known Psiphon servers using various methods. Sometimes the Psiphon traffic is obfuscated, meaning that it is disguised to look like a different or less identifiable type of traffic.
Because it is encrypted, censors are unable to see the content of traffic passing through the tunnel. Censors may still attempt to block encrypted traffic based on other characteristics, such as communication protocols. Communication protocols are a set of rules used to route data and ensure it arrives at the intended location.
The Psiphon app has the ability to relay traffic through various communication protocols. It attempts to connect through different protocols until a connection is made. That way, if a censor is blocking one communication protocol, Psiphon is still able to connect by using another protocol.
To ensure that Psiphon’s traffic is not identifiable, it is important to make it appear as generic and normal as possible to an external observer. The Psiphon app has the flexibility to adapt dynamically to changing network conditions by trying multiple strategies to connect, even when certain types of content or traffic are being filtered.
How do I know I can trust Psiphon?
Psiphon is an open source application which means that its source code is available for anyone to review and comment on how the system is implemented and the underlying cryptographic technologies. Psiphon not only performs internal code reviews, but also has regular code audits and penetration tests performed by various external firms.
Psiphon encourages feedback and collects little to no personally identifiable information by default. For example, Psiphon does not require users create accounts and does not log client IP addresses. User-generated feedback is opt-in and best done through the app. This information is kept as anonymous as possible and does not include personal or account information.
More information about privacy and security can be found in
Section 3: Security and Trust.
Section 2:Getting & Installing Psiphon
Psiphon technology is made available through multiple propagation strategies. If one method is blocked or unavailable in your
country, there are other techniques you can use to obtain the app.
Psiphon is available on
Android,
iOS, and
Windows.
Psiphon Website
Apps for all of the platforms we support are available on our
download page
Android and Windows are also available through email. Send a blank email to
[email protected].
Android
Play Store: Search for “Psiphon” in the Google Play store or visit
https://play.google.com/store/apps/developer?id=Psiphon+Inc
Email Responder: Send a blank email to
[email protected].
Depending on your region, you may have the option of purchasing Psiphon Pro. For a subscription fee, this upgrade allows
you to increase speed, remove ads, and receive other benefits.
Installation: Search for Psiphon in the Google Play store or click on the apk file for direct downloads. If you requested Psiphon via email, an email from
[email protected] will arrive in your inbox momentarily. Check your spam folder if you don’t see it in your inbox. Visit the download link or download the file ‘PsiphonAndroid.ap_’ attached to the email and rename it to have a “.apk” extension, if necessary. Download Psiphon. Find the Psiphon icon on your phone and click on it to open.
iOS
Installation: Search for Psiphon in the App Store and click ‘Get’ to download and install. You may be asked to re-enter your
Apple ID and password. Find the Psiphon icon on your phone and click on it to open.
Windows
Email Responder: Send a blank email to
[email protected]
Installation: An email from
[email protected] will arrive in your inbox momentarily. Check your spam folder if you don’t see it in your inbox. Visit the download link or download the file ‘psiphon3’ attached to the email and rename it to have a “.exe” extension.Open and run as you would any other app, no installation is necessary.
Section 3:Security & Trust
Having trust in an Internet tool or service begins with trust in the company that provides it. There are several important indicators to help gauge trustworthiness of tools and services. This document outlines Psiphon’s data collection policy, source code, revenue strategy, and external audits.
Data Collection and Retention Policy
When data is collected by online services, users supplying the data no longer have control over their personal information. The collected data is usually stored, categorized, and can be sold to other companies for marketing or other purposes. Sometimes governments or law enforcement agencies demand that certain data is handed over to them. Occasionally, data is breached and misused by hackers.
Psiphon collects only enough data to determine how the network is working and nothing more. Psiphon is not interested in what websites users visit and keeps no personally identifiable user data. Using Psiphon does not require account creation.
Psiphon DOES:
- Collect data that reveals the health and success of the Psiphon network. This includes:
- - Number of connections.
- - Regional location of connections.
- - Amount of data being transferred.
- - If there are any connection issues.
- Aggregate all data that is collected.
- Encrypts all data in transit
- Minimize privacy sensitive data that is collected.
Psiphon DOES NOT:
- Collect or store any data that is not mentioned in the privacy policy.
- Collect personally identifiable information.
- Collect IP addresses.
- Modify the contents of the data for tracking purposes.
- Share any sensitive or user-specific data with third parties.
More information about the data collected by Psiphon are detailed in the
privacy policy
Source Code
Psiphon is an open source project. Open source means that the source code is shared publicly and anyone is able to review and make suggestions. By allowing interested parties access to inspect the source code, open source applications can increase confidence in how applications are designed.
Find the source code and design documents here:
https://psiphon.ca/open-source.html
Sustainability Model
Psiphon has always been free to users. It is our mission to reach as many people as possible, which in part means eliminating economic barriers.
Psiphon does not sell user data. So how does the company maintain a worldwide network?
Psiphon is able to sustain operational costs by maintaining a diversity of income sources,
- Winning international grants for technology development and network maintenance.
- Working with media partners to distribute content using branded Psiphon clients.
- Collaborating with ad networks in certain regions.
- Offering subscriptions for premium service in certain regions.
External Security Audits
A software audit is the internal or external review of a software program to check its quality, progress, standards, and security. Internal code audits are performed regularly, and external code audits are generally triggered by major code changes such as the development of new features. External security audits are rigorous assessments conducted by third-party vendors to identify and record vulnerabilities and external threats in the source code. Audits help ensure the security of Psiphon users.
During an external code audit, Psiphon will work closely with the vendor. Any issues found are addressed based on importance, and then retested by the vendor. It is Psiphon’s policy to make code reviews public. Find Psiphon’s blog posts about these assessment events and the corresponding reports below.
links required
2014 - “Independent Security Assessment of Psiphon3” –
Blog –“iSEC Partners Final Report-Psiphon3”–
Report
2017 – “Psiphon Completes Another Third Party Security Review” –
Blog – “Pentest-Report Psiphon06.-07.2017” –
Report
2019 – “Pentest-Report Psiphon Apps & Server 10.2019”–
Report
Section 4:Connection Troubleshooting
Best Practices for Optimal Connections
Use the latest version. The most current version of the Psiphon app has the most up to date connection capabilities. See Document 2 Getting and Installing Psiphon for more information about how to obtain authentic versions of Psiphon.
Update the Psiphon app when new updates become available.
Anrdoid:
If you have installed Psiphon for Android through the Google Play Store, it will be automatically updated by the Play Store when an update is available.
If you have sideloaded Psiphon for Android, the Psiphon client will download updates as they are available, and a notification will appear asking you to install the update.
Windows:
The Psiphon for Windows client will download and install updates as they are available.
iOS:
The Psiphon for iOS client will automatically download and install updates via the App Store as they are available.
Manually updating:
If the Psiphon self-updating mechanism isn't working (for example, if it has been blocked), follow the instructions outlined in Section 2: Getting and Installing Psiphon to get a fresh version.
Connecting in a Strained Environment
Under certain network conditions, Psiphon might take up to a few minutes before finding the best way to connect. Do not interrupt it (by hitting the start/stop button). Psiphon uses a variety of protocols and they differ regionally. Not only does the Psiphon app have a variety of connection techniques, it will learn from previous attempts and the successful connection method will be used the next time the app is run.
Frequent Disconnections
If you experience frequent disruptions, try the following:
- Check your Internet connection or make sure you have data.The app needs to be connected to the Internet to work.
- Make sure you have the latest version.(See above).
- Restart the Psiphon app.
More Troubleshooting
For more answers to additional troubleshooting topics, visit:
https://psiphon.ca/en/faq.html
Send Feedback
Please send us feedback through the app if connection issues persist
Feedback on Windows
Feedback on iOS
Feedback on Android
Section 5:Settings
Language
By default, the Psiphon app will automatically open in your selected device language (the language on your phone or computer). There are more than 30 languages available to choose from if you would prefer to use the Psiphon app in another language.
Connection Performance
When connected, all traffic from your device will be tunneled through Psiphon by default. To reduce latency and increase connection performance, you may choose to exclude some traffic from the Psiphon tunnel.
Android
Psiphon Android users can either individually include or exclude specific apps from the tunnel on devices Android 5.0 and higher. To select which apps use or do not use the Psiphon tunnel, go to OPTIONS, then choose VPN settings. Select specific apps to include or exclude from the Psiphon tunnel.
Windows
In Psiphon’s Windows application, users have the option to exclude local websites from the Psiphon tunnel. The Psiphon app will disregard local websites, so the local websites can be accessed faster. To do so, go into SETTINGS > Split Tunnel > and select ‘Don’t proxy websites within your home country.’
Slow Networks
To stay connected on a slow network, opt in to ‘Disable timeouts.’ This option is available on Android, Windows, and iOS.
Psiphon Server Location
Psiphon servers are located across the globe. The app automatically chooses the server with the best connection performance. There are more than 20 countries to choose from should you wish to change server location.
Settings on Windows
Settings on iOS
Settings on Android