Let us start our Psiphon review by saying that it is a hybrid VPN service offered by the Toronto, Canada based company Psiphon Inc. So, what makes it a hybrid VPN service? Simply stated, the service can be used as a full VPN with L2TP/IPsec security. However, this is not its primary purpose. Psiphon is a censorship circumvention tool that utilizes VPN, SSH and HTTP proxy technologies. If you live in a restrictive country and need to bypass some form of Internet censorship, the Psiphon service is one of the best tools available today to allow you to access a more free and open Internet. Using their service can maximize your chances of successfully bypassing state-sponsored censorship.
What is Phiphon?
Psiphon is a free and open-source software product designed for online anti-censorship through the use of VPN, SSH, Obfuscated SSH (OSSH), and HTTP/SOCKS proxy technologies. It can be used to unblock content on local firewalls at businesses and universities. However, it is primarily designed to bypass government enforced restrictions on Internet content in countries like China, Iran and other middle-eastern countries, Russia, and other Internet censored states.
Its ultimate goal is to provide an easy-to-use service that allows everyone an uncensored view of the Internet from anywhere in the world. It aims to provide this access at all times whether said censorship is temporary or permanent in nature. This adaptability was instrumental in allowing users unbiased Internet information in recent elections in Iran and Uganda. It also helped different groups keep in contact during the election process when the respective ruling parties instituted greater Internet censorship of traditional VPNs and other social services.
History of Psiphon
Psiphon began as an idea to utilize a small network of volunteer proxies to help users in restrictive countries to bypass state-sponsored Internet censorship. It was originally envisioned and implemented as a network of friends and family proxy servers providing access to those that they knew in censored countries. It was launched by Citizen Lab and the University of Toronto in December 2006 and released as open source software.
The project grew rapidly. Consequently in 2007, the independent Canadian corporation, Psiphon, Inc. was established. Over the years, they have been awarded various awards as the leading provider in overcoming Internet censorship. Their service has allowed many users to recognize the original promise of the Internet as a forum for the free expression and exchange of uncensored information. As we mentioned previously, this was originally accomplished by letting those in censored countries use proxy connections of friends and family in less restrictive areas for their online activities. This led to local growth in communities with large groups of ex-patriots.
In 2008, Psiphon was awarded a couple of grants from the European Parliament and the US State Department. These grants were to help transform it from a small group of localized proxy server networks to an adaptable circumvention service available to users worldwide. This let them diversify their core group by adding experienced security and software engineers. Consequently, they have evolved from their local beginnings to a commercial service that provides secure online circumvention solutions to millions of users in diverse locations across the world.
How Does Psiphon Work?
The Psiphon service provides a centrally managed, geographically diverse network of thousands of proxy servers. Most of the current infrastructure is hosted with cloud service providers. This allows them to respond to feedback and make necessary changes to the software and distribute updates in a timely manner.
The technology uses a “one hop” architecture to encrypt and securely link censored users to regional proxy servers in unrestricted countries. This allows users in censored states access to a more free and open Internet. It is currently only available for the following platforms: Windows, Android, and iOS.
In simpler terms, users are provided with a private list of regional proxy servers outside of their restricted country. Once the user connects to one of these, it then acts as his proxy for Internet transactions and makes requests on his behalf. The requested uncensored content is then sent to the proxy. This content is then securely forwarded to the user.
If the original proxy drops or becomes otherwise unavailable, then the user will automatically be connected to another. This means you could experience IP changes while using the Psiphon service.
How Does Psiphon Differ From Traditional VPNs?
What sets them apart from traditional VPNs is their ability to utilize different architectures to circumvent government censorship. You can set the Windows software to act as a traditional VPN using L2TP/IPsec for data encryption and security.
However, if your connection to the VPN server fails, you can try to connect using SSH. If SSH is blocked from your location the software also employs obfuscation on the handshake portion of the connection. This aims to hide the fact that you are using a censorship evasion tool to access Internet content. It does this by randomizing static signatures used by SSH to make it harder to recognize and avoid protocol fingerprinting. This allows it to bypass many forms of Deep Packet Inspection (DPI) employed by some governments.
Another thing that sets it apart from many VPNs is that it only provides a subset of its private network of proxy servers to each user. This means that no one user knows the diversity of their network IP addresses. Therefore it makes it difficult to block their network using traditional IP blocking methods.
How Secure Is Psiphon?
Psiphon uses L2TP/IPsec as their VPN protocol for their Windows client. Although slower than OpenVPN, the protocol most commonly used by VPNs, this protocol is still considered to be secure by most people. When in VPN mode all user traffic will be encrypted and tunneled through their service. However, users should be aware that the default protocol used by their service is OSSH.
The OSSH protocol uses SSL along with password authentication to tunnel the information between the client and the server using public-key cryptography. It also allows for remote secure keyword access and authentication of users to increase its server security. Although considered secure in most cases, is not as secure as some other VPN protocols.
Also, be aware that all user traffic may not be transferred through the Psiphon service using this protocol as only those that support it and have been properly configured will use it. Specifically, when VPN mode is not enabled only applications that use the local HTTP and SOCKS proxies will be sent through the encrypted proxy tunnel.
Additionally, some US government agencies (CIA and NSA) have been shown to have tools that let them intercept and even partially decode SSH encrypted transactions. However since securing your data is not the primary purpose of Psiphon, this is not a major concern for many users who are just trying to bypass state sponsored Internet censorship.
Finally, nor does Psiphon guarantee the security of their software. In their own words:
However, please keep in mind that Psiphon is designed to be a censorship circumvention tool, and is not specifically designed for anti-surveillance purposes. Psiphon does not increase your online privacy, and should not be considered or used as an online security tool.
What About Your Privacy While Using Phiphon?
On first look, Psiphon protects your privacy because it does not normally log IP addresses for its users. Additionally since Psiphon does not require user accounts, they do not collect email addresses, usernames, or passwords by default. They do however collect a large amount to aggregated information that they share with their commercial partners.
We collect the following data to find out how well Psiphon is working, what sites are popular, and what propagation strategies are effective. This information is shared with our partners so that they can see, for example, how often their sites are visited through Psiphon and from which countries.
Number of email requests for client download link
Number of upgrades
How often each protocol is used, and error codes after failure
How often new servers are discovered
Session count and session duration
Total bytes transferred and bytes transferred for some specific domains
Client platform (simplified operating system list;…)
Event logs include timestamps, region codes (country and city), and non-identifying attributes including sponsor ID (determined by which Psiphon client build is used), client version, and protocol type. Page views are aggregated by time and/or session before being logged.
All statistics shared with sponsors are further aggregated by date, sponsor, and region.
Psiphon does not provide direct support for individual users but does address concerns common to many users through the FAQ database on their website. They also collect feedback from within their software clients to address some issues like regional connection failures. Consequently, they recommend that if you receive a lot of connection failures that you reload the client to update your list of network proxy servers in case some have been blocked.
Psiphon in Action
Psiphon can be used on the Windows, Android, and iOS platforms. To increase its global impact, these software apps support over twenty different languages. These include English, Spanish, Arabic, Indonesian, Persian, Simplified and Traditional Chinese, Turkish, Vietnamese, and others.
Downloading the Psiphon Software
The download page of the Psiphon website contains links to download their software for all of the platforms that they support. Their iOS app is only available at the iTunes store. The Windows and Android software is available for direct download from their website.
You may have to adjust your Android security settings to allow apps from unknown sources (meaning sites other than the Google Play store) before you can download its “apk” file directly to your Android device and install (“sideload”) it. Alternately, you can use the link to the Google Play store to install it if available from your location. If the Psiphon website or its download links are censored where you are, you may request to have the files sent to you via email using email@example.com.
Psiphon Browser for iOS Users
iPhones and iPads are supported through the Psiphon Browser for iOS app. This is a browser-only application. This means that only Psiphon browser traffic will be tunneled through their network of proxies on your iPhone or iPad. All other traffic will travel through your regular Wi-Fi or cellular connection.
Consequently, if you want to use a blocked Facebook, Twitter, or other social media account on your iOS device, you must first access it through the browser app. If you try to open it directly, it will be blocked by your regular provider.
The app requires iOS 8.0 or later to install. It automatically selects your connection protocols but it does allow you to choose your server location. This makes it easy for anyone to use regardless of their technical prowess.
Psiphon for Windows Users
Psiphon for Windows works on Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 10. First download its executable to your Windows computer. Psiphon does not use installation files but rather uses a signed executable for distribution of its Windows client.
If you download this executable from another source, you can verify its authenticity by comparing its signature to those found in the FAQ on their website. The procedure to do this can also be found there for both their Windows and Android clients.
Using the Windows Psiphon Client
Once you are satisfied that the file you downloaded is authentic, you can copy it to its own directory or simply run it from your download area. You will need to “run it as an administrator” if you want to use it in full VPN mode. This will open the client and automatically connect you to the fastest country from your location. This connection is indicated by a encircled green check, green “Connected” text, and red “Disconnect” button.
The initial connection is always to the fastest location to provide consistent performance. However, if you want to connect to a specific country to take advantage of websites or services using that virtual location, you can click in the box below “Connect via” and select your server location from 17 different countries. This will disconnect you from your current location and then automatically connect you to a server in your new virtual location.
The countries Psiphon has servers in include Austria, Belgium, Canada, Switzerland, the Czech Republic, Germany, Spain, the United Kingdom, Hungary, India, Italy, Japan, the Netherlands, Romania, Singapore, and the United States.
Disconnecting from the service is just as easy, simply click on the “Disconnect” button.
Configuring the Windows Psiphon Client
The Psiphon Windows client has a few manual settings that allow you to configure its operation. These can be accessed by selecting “Settings” in the main client menu located on the left-hand side of the client window.
They include the following single toggle configuration settings:
- Minimize to system tray – This allows you to free up taskbar and desktop space if you are connected to the service for an extended period of time.
- Split Tunnel – Toggling this will exempt requests to servers made within your home country from being tunneled through the Psiphon service. This can allow you to access these sites faster and possibly reduce your data usage costs.
- Disable timeouts for slow networks – Enabling this can reduce unexpected disconnections on slow networks.
- Psiphon server region – This allows you to select a specific country to connect to and provides the same functionality as clicking in the box below “Connect via” on the main connection page.
- Local proxy ports – You will need to set this if you have tools that require manual configuration to work with the Psiphon service.
- Upstream proxy – By default, the Psiphon client will use any pre-configured proxy on your computer to establish its tunnel. The Upstream proxy setting allows you to override this default behavior by manually configuring a proxy for it to use or telling it not to use any existing proxy. Some businesses and universities networks may require you to configure an upstream proxy to access the Internet. If this is the case you can manually enter the settings here.
- Use L2TP/IPsec mode – The last setting allows you set the client to use full VPN functionality. This will disable all the other settings except the minimization one as they are not compatible with this mode. Setting this will tunnel all of your computer traffic through the Psiphon tunnel but could hinder your ability to bypass censorship since it does not provide any obfuscation to the connection and may be easier to block.
If you make changes to the client configuration, you will be prompted to save or discard them before you leave the settings menu. You should probably just accept the default settings unless you have special proxy needs, experience connection problems, or have trouble accessing online websites.
The next two client menu items are Feedback and About. The feedback menu will let you provide positive or negative responses to the Psiphon staff to help them optimize its performance. You can also report issues and request an email reply. Be aware that individual replies could take a while. The about menu displays your current version number and has links to get the latest upgrade or access their website FAQ.
The final two menu items are Logs and Language. The logs menu shows the current session login information and can help you or the Psiphon staff troubleshoot any connection issues. The last menu shows the global scope of the app and will let you change the client language if you need to.
You can clearly see that Psiphon makes it easy for all Windows users to overcome firewalls and government-sponsored censorship in many parts of the world. Their software client is easy to download and use. A few clicks is all it takes to connect to their network for most users and begin enjoying a more open uncensored Internet experience.
Psiphon for Android Users
Unlike its Windows client, the Android app does not support full VPN mode but it does have Tunnel Whole Device mode. It also automatically uses the OSSH protocol to maximize your odds of censorship circumvention without detection.
The Psiphon Android app uses Android’s VpnService along with with tun2socks to provide full device mode for Android devices. The tun2socks subroutine creates a TUN virtual network interface. All incoming TCP connections are intercepted by this interface and then forwarded to the SOCKS server. This allows them to forward all device traffic through their tunneled SSH service without requiring application support.
Sideloading the Psiphon Android App
We decided to sideload the Psiphon Android app directly from their website. First we adjusted our security settings so that we could load apps from places other than the Goggle Play store. We then downloaded the app from the Psiphon website download page. Once downloaded we installed the app. After opening we chose to tunnel the whole device and allowed it to establish a VPN service. Once these preliminaries were taken care of, the Psiphon software automatically connected us to the server with the best performance.
Using the Psiphon Android App
The top of the Psiphon Android app has a small ad space with a menu of tabs below it for its various screens. The first of these is the “Stats” screen which shows a graphical representation of the data sent and received during the session.
The second tab, “Options” allows you to configure how the Psiphon service works. This contains three toggle settings:
- Tunnel whole device – This ensures that all traffic is tunneled through their service. If you toggle this off the app will switch to Psiphon browser mode and open the browser. In this mode, only traffic through the Psiphon browser will be tunneled.
- Download upgrades on WiFi only – Setting this toggle can help save you money from your cellular data bill.
- Disable timeouts for slow networks – You should set this toggle if you experience random disconnects.
The Options tab will also let you select a new virtual country. Similarly to the Psiphon Windows client, once you select a new location the app will connect you to it. Tapping on the “Feedback” button will open a screen which will let you comment on the app performance and report issues to Psiphon technical support.
Now let us take a look at the other Psiphon Android app options. Tapping on the “More options” button will display these. The first two options allow you to set auditory and tactile alerts to let you know when the connection drops so that you can restart it.
Tapping on the “Exclude apps” option, opens a screen which allows you to choose apps you do not want to tunnel through the Psiphon service. Once you select the apps that you want to exclude, tap on “Set” to save them. This may help improve the speed of those apps and increase the app performance by limiting the amount of data it has to tunnel.
By default, the app will use your system network settings to create its SSH tunnel, but you can change this. Tapping on the “Create through an HTTP proxy” option will let you configure an HTTP proxy that it uses when establishing its SHH network. This is similar to the upstream proxy setting used by the Windows client.
Disconnecting from the Psiphon service is as easy as connecting to it. Simply tap on the “Stop” button at the bottom of the app main screen. The blue Psiphon logo will turn white to show that you are no longer tunneling your traffic. There is also a tab that will let you examine the session logs. The last screenshot is of the Psiphon browser.
The Psiphon 3 Android app is easy to use and install. You can set it to tunnel all of your Android traffic through the app or just traffic from the Psiphon browser like the iOS app. It will let you easily exclude apps with just a few taps. Connecting or disconnecting requires just a single tap of the screen. It has features similar to their Windows client and makes it easy for everyone to bypass firewalls or censorship without requiring extensive technical expertise.
Overview of Psiphon Pro Android App
The Psiphon Pro Android App can be downloaded and installed from the Google Play store. It is ad supported and Psiphon’s first attempt to monetize their circumvention software. The first thing that you will notice about it is that over half of the screen is covered by ads. This means that only about one-fourth of the screen is available for displaying screen options and other feature screens.
The Psiphon Pro app is almost identical to the sideloaded Psiphon 3 app that we examined above. It allows you to select new virtual countries and connects you to them. The ability to update only through Wi-Fi is no longer available but the other tabs and options remain the same. It is bandwidth limited to 2 Mb/s. Our speed tests on the free version ranged between 1 and 2 Mb/s.
In addition to the static ads, when you change tabs or connections it displays full page ads and videos. As an example, when trying to change virtual locations we had to cancel two full page ads and watch an eight second video before the app finally connected to our new virtual country. Similar occurrences happened almost each time we tapped on the app. We found these ads to be quite annoying and think that you will too.
If you want to use the Psiphon Pro app, you will probably want to sign up for a subscription quickly. Paying for the app will remove the ads from it. You will also be upgraded to a faster connection speed according to your package level. Payments can be made through the Google Play store. Psiphon offers the service in two models: uninterrupted service and temporary maximum speed passes.
Payments for uninterrupted subscriptions must be made using a credit card and include a free 30-day trial. The prices for it are as follows:
- Maximum Speed – $9.99 per month, approximately 5 MB/s;
- High Speed – $4.99 per month, speed unknown.
Temporary maximum speed passes can be paid for either by credit card or Google Play gift cards or credits. Prices for it are as follows;
- 7 day pass – $4.99
- 30 day pass – $9.99
- 360 day pass – $119.99
Psiphon Speed Tests
We decided to do speed tests on the Psiphon circumvention service using both full VPN mode which uses the L2TP/IPsec protocol and the default OSSH mode. The OSSH test was performed using their “fastest country” option. As we suspected, due to Psiphon’s hybrid nature, these tests had very different results.
Psiphon Full VPN Speed Tests
Psiphon did not perform very well on our full VPN mode speed test. The client chose the location of our VPN server and we were unable to change it to a closer server as enabling this mode disabled our ability to change the region. We expected the test to be slower that some other VPN services because of the L2TP/IPsec protocol that the service uses. Although secure, this is one of the slower VPN protocols due to double encapsulation of the data as well as error checking that it applies.
The speed test shows that the encryption lowered our base connection download speed from 24.09 Mb/s to 4.80 Mb/s. This is a drop of about 80% to a server in London, UK. This is a very large drop in connection speed compared to most VPN services we’ve tested. What is more, using the service in this mode is not encouraged as it decreases your chances of being able to bypass firewalls and government censorship.
Psiphon OSSH Speed Tests
Results for the Psiphon service using the default OSSH protocol were excellent. Although not specifically meant for security, this protocol does provide about the same level of encryption protection as SSL due to its nature. But what is more important to most Psiphon users is that it maximizes their chance of overcoming censorship from the state.
The Psiphon service did much better using its default protocol and settings on our performance test. The speed test shows that it lowered our base connection download speed from 33.82 Mb/s to 30.73 Mb/s. This is a drop of about 9.1% to a server in Ontario, CA. There is a relatively small loss in connection speed when using their proxy servers. With the added ability to circumvent firewalls and state-sponsored censorship, this is a small price to pay in performance.
Psiphon Review : Conclusion
Psiphon is an Internet censorship circumvention service offered by the Canadian company Psiphon Inc. It began as a means to let friends and family provide proxies to people that they knew to help them bypass their country’s censorship and enjoy a more open Internet. Today, it has grown into one of the premier services that people everywhere in oppressed countries can use to overcome government censorship and interact with the outside world.
The Psiphon software is open-source and the service itself is free but ad supported. More recently, they have introduced an enhanced subscription service for their Android users. They have easy to use software for Windows, Android, and iOS to help users connect to their network.
Their software defaults to the OSSH protocol which tunnels traffic from applications that support HTTP/HTTPS and SOCKS proxies. This includes most properly configured browsers. Their Windows client has the ability to run in full VPN mode using the L2TP/IPsec protocol. The Android app can be run in full device or browser mode and the iOS app is browser mode only.
Although Psiphon is not meant as an Internet security tool, it does provide some protection due to its nature. However, its goal is to help overcome firewalls and state-sponsored censorship in restrictive countries across the world. It has been translated into multiple languages to help realize this goal.
What we liked most about the Psiphon service:
- They have custom software for Windows computers.
- Psiphon has mobile apps for Android and iOS devices.
- It can allow anyone to bypass censorship without needing technical knowledge.
Ideas to improve the service:
- Improve the speed of their mobile apps.
- Reduce the number of ads for free Android users.
The Psiphon software is designed for censorship circumvention through the use of VPN, SSH, Obfuscated SSH (OSSH), and HTTP/SOCKS Proxy technologies. The obfuscation technology that it employs can often allow it to fool DPI strategies used by countries like China. If you need to overcome Internet censorship in your country, Psiphon can help to maximize your chances of being successful. This will let you can enjoy a more unfettered Internet.