| Developer(s) | Psiphon Inc. |
|---|---|
| Stable release | 3.0 / August 4, 2011 |
| Operating system | Cross-platform |
| Type | Censorship circumvention |
| License | GNU General Public License |
| Website | http://psiphon.ca/ https://s3.amazonaws.com/2bmh-cisb-58r3/en.html |
Psiphon is a web proxy designed to help Internet users securely bypass the content-filtering systems used to censor the internet by governments in places like China, North Korea, Iran, Syria, Myanmar, Saudi Arabia, United Arab Emirates, Vietnam, Pakistan, Belarus and others. Psiphon was originally developed by the Citizen Lab at the University of Toronto, building upon previous generations of web proxy software systems, such as the "SafeWeb"[1] and "Anonymizer" systems.
In 2008 Psiphon was spun off as a Canadian corporation that continues to develop advanced censorship circumvention systems and technologies. Psiphon and the Citizen Lab at the Munk School of Global Affairs, University of Toronto occasionally collaborate on research and other projects, through the Psi-Lab partnership.
Psiphon currently consists of two separate but related open source software projects:
Contents |
Psiphon was written by Nart Villeneuve and Michelle Levesque (currently a software engineer at Google[2]) emerged as the output of a research and development project undertaken by the Citizen Lab as part of work undertaken by the Open Net Initiative. The intent of the experiment was to develop a lightweight, easy to use tool designed to defeating emerging forms of state censorship. The project was initially funded by the Open Society Institute.
Psiphon 1.X is best described as an easy-to-use and lightweight Internet proxy, and was designed to be installed and operated by individual computer users who would then host private connections for friends and family in countries where the Internet is censored. It was recommended for use among private, trusted relationships that span censored and uncensored locations (such as those that exist among friends and family members, for example). Psiphon software "... turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages anywhere."[3] The original Psiphon code (version 1.X) was implemented in Python, but subsequently re-designed and re-written in C++, and designed as a cross-platform (Windows and Linux versions are currently available), user friendly proxy server tool which uses a https protocol to transfer data.
According to Nart Villeneuve "The idea is to get them to install this on their computer, and then deliver the location of that circumventor, to people in filtered countries by the means they know to be the most secure. What we're trying to build is a network of trust among people who know each other, rather than a large tech network that people can just tap into.".[4] Psiphon 1.X was not designed or recommended to be used as a open public proxy by its developers.
Psiphon 1.X was released on 1 December 2006 by the Citizen Lab. In early 2008, the source code was released under the GNU General Public License. 1.X is no longer actively supported by Psiphon Inc., or the Citizen Lab, but the source code can be accessed on line. Psiphon 3 was released in August 2011.
In mid 2008, Psiphon was spun out of the Citizen Lab and established as a Canadian corporation. Its past and present clients and supporters include the European Union, Broadcasting Board of Governors (US), US Department of State and the British Broadcasting Corporation.
Psiphon Inc. is headquartered in Toronto, Canada, and maintains research and development laboratories at the Citizen Lab.
The CEO of Psiphon Inc. is Rafal Rohozinski, who is also a principal investigator with the OpenNet Initiative and Infowar Monitor.
Note: Psiphon 1.X is no longer supported by Psiphon Inc. or the Citizen Lab.
In order to increase the ease which a psiphon open source server could be implemented, version 1.6 of Psiphon had a IP address ping back service, with each new server pinging the Citizen Lab server in Toronto Canada.
There are inherent security risks in web-proxy based approaches such as Psiphon, specifically those presented by logging by the services themselves.[6] The real world risks of log keeping was illustrated by the turn over of the e-mails of Li Zhi to the Chinese Government by Yahoo. Li was subsequently arrested, convicted and sent to jail for 8 years.[7] Some have raised concerns that the IP addresses and the psiphon software download logs of psiphon users could fall into the wrong hands if the Citizen Lab computers were to get hacked or otherwise compromised.
A limitation in Psiphon 1.X is that users are unable to browse websites that use a https connections (like logging in into hotmail). Although not a security threat, this reduces the ability of users to access sites via psiphon.
The United Kingdom, the Netherlands, Denmark and some other European countries have data retention policies. Under these policies, Internet Service Providers are obliged to retain a record of all their clients' web browsing habits. The data retention period varies from six months to three years. In the UK this retained data is available to a very wide range of public bodies, including the police and security services. Anyone who operates a Psiphon server (or any web proxy) in one of these countries needs to be aware that a record is kept of all web browsing through their computers. On 15 March 2006 the European Union adopted Directive 2006/24/EC which requires all member states to introduce statutory data retention. The United States of America does not have a statutory data retention regime, though such a provision is under discussion.