What is Psiphon?
Psiphon is a free and open source anti-censorship tool. It is designed to allow people who live in restrictive counties to freely access the open internet. As we shall see in this Psiphon review, Psiphon achieves this using a mix of Virtual Private Network (VPN) and Secure Shell (SSH) technologies. This means that if one option doesn’t work, the other might.
Psiphon VPN Pricing
The Windows version of Psiphon is free. It is also possible to “sideload” the Android and iOS apps for free.
In countries which don’t ban it, you can also download Psiphon for your Android device from the Google Play Store. This, however, is where things start to get complicated…
The basic Psiphon app from the Play Store is the same as one you can download from the website, except that it displays some ads. Bandwidth in all free versions of Psiphon is limited to 2 Mbps.
There is also a Psiphon Pro app, which shows even more prominent ads. These can be removed, and the 2 Mbps speed limit increased, for a fee. A “maximum speed” subscription costs £4.99 for a seven-day pass, or £9.99 per month. A “high speed” subscription costs £4.99 per month.
The only place I can find these prices is in-app, so they may vary depending on region. Annoyingly for British users, apps sold for £9.99 in the UK often sell for $9.99 in the US. However, I don’t know if that is the case here.
All subscriptions come with a 30-day free trial. Just cancel via the Play Store before the trial is over and Psiphon won’t charge you.
The “maximum speed” plan increases your speed limit to 5 Mbps. I am not sure by how much “high speed” increases your speed.
Psiphon is an app designed to bypass censorship restrictions in restrictive countries. The technologies it employs can, by their very nature, provide some protection against government or Internet Service Provider (ISP) surveillance of your internet data.
The Psiphon developers are very keen to stress, however, that protection against surveillance is not the purpose of this app. They make no promises as to its effectiveness in this regard. It is an anti-censorship device, and you should only regard it as such.
Psiphon as an SSH Tunnel
Psiphon Inc. operates a network of servers around the world. By default, the app connects to one of these using a Secure Shell (SSH) encrypted connection with handshake obfuscation.
SSH servers are in many ways similar to standard HTTPS proxies (HTTP over SSL/TLS). For a quick and fairly simple rundown on the key differences between SSH and Secure Sockets Layer (SSL), please see here.
Psiphon SSL connections use handshake obfuscation. This aims to hide the fact that you are attempting to evade censorship restrictions.
“Handshake obfuscation strengthens the initial SSH handshake against systems that identify or classify various network protocols by examining data in transit for static signatures.”
A white paper detailing how Psiphon’s handshake obfuscation works is available here.
Psiphon as a VPN
In Windows it is also possible to connect to Psiphon’s servers using the Layer 2 Tunneling Protocol (L2TP)/Internet Protocol Security (IPsec) VPN protocol. This is provided as a backup option, in case SSH connections are blocked. It is not available for mobile users.
Please see What is a Proxy Server? for more information on proxies, and a discussion on the differences between proxies and VPNs.
Is Psiphon Secure?
By default, Psiphon uses SSH in order to provide a secure connection to its servers. This is secure enough for bypassing most forms of censorship. Organizations such as the NSA and CIA, however, are known to have tools that can decrypt SSH, allowing them to read the contents of SSH sessions.
For VPN connections, Psiphon uses the L2TP/IPsec VPN protocol. Despite some largely theoretical issues, this is generally regarded as being secure. The Psiphon website does not explain which cipher or key length is used to secure data, but whatever is used will be fine for simply bypassing censorship.
The Psiphon website provides SHA1 cryptographic hashes for its Windows and sideloaded Android apps. This is a relatively weak form of data integrity compared to PGP digital signatures, but should provide some confidence that the files downloaded have not been tampered with.
Psiphon will automatically change your Windows Domain Name System (DNS) settings to point to a whitelist of vetted DNS servers. This should ensure that you do not suffer a DNS leak while using Psiphon.
As already noted, Psiphon makes no claims whatsoever about protecting your privacy. It is provided as an anti-censorship tool only.
“Psiphon is designed to provide you with open access to online content. Psiphon does not increase your online privacy, and should not be considered or used as an online security tool.”
It was originally developed by digital activist group Citizen Lab at the University of Toronto in Canada. Since 2007, however, Psiphon Inc. has operated as an independent commercial company. It does still occasionally collaborate with Citizen Lab on research projects, and has received funding from the European Parliament and the US State Department Internet Freedom program.
Psiphon is based in Canada and is subject to Canadian and Ontario privacy laws and statutes. Canada is an active member of the NSA-led Five Eyes spying alliance.
The Psiphon software itself remains open source.
“User IP addresses are not collected by Psiphon servers in the normal course of operation. Psiphon does not require user accounts, so, by default, there is no collection of email addresses, usernames, or passwords.
“Event logs include timestamps, region codes (country and city), and non-identifying attributes including sponsor ID (determined by which Psiphon client build is used), client version, and protocol type. Page views are aggregated by time and/or session before being logged.”
The Psiphon Website
The website is fairly basic, and is centered on the downloads page. A decent user guide is available for the Android and Windows apps.
A lengthy FAQ is also available, which answers most questions I had. It also includes instructions on how to sideload Psiphon onto Android and iOS devices, along with a basic troubleshooting guide.
The website is available in an impressive 24 languages.
Other than the resources available on the website, you are pretty much on your own when it comes to support. An email address is available (email@example.com), but when I tried contacting Psiphon using it I just received a canned response:
“We receive many messages every day and might not be able to respond to every message individually.”
While this seems reasonable for the free apps, I feel people who pay up to £9.99 per month for the Pisphon Pro Android app deserve better support than this.
To download the Windows app for free, simply visit the Psiphon website. You can also download the Android and iOS apps, ready for sideloading, from the website. No registration of any kind is required for this.
People in countries that censor access to the Psiphon website can email firstname.lastname@example.org to request the apps be sent via email.
It is also possible to download the basic Psiphon Android app (with added ads) or the Psiphon Pro app from the Google Play Store. This option is not available in all countries, however.
The Psiphon Windows Client
The Windows app works on Windows XP or higher.
The split tunnelling feature allows you to exempt websites in your country from Psiphon’s encrypted tunnel. This can be handy, as websites are not usually censored inside their own country.
If regular SSH mode doesn’t work, L2TP/IPsec VPN mode might. Note that VPN mode forces all your internet traffic through the VPN tunnel, while regular SSH mode only affects programs that use Windows’ local HTTP and Socket Secure (SOCKS) settings (such as your browser).
You can let the client auto-select the “fastest” country for you, or select a server in a country from this list. Note that area selection only works for SSH connections, not VPN ones.
The app is available in many different languages. This helps make it accessible to as many people who require access to the open internet as possible.
All in all, the newly redesigned Windows client looks good and is easy to use. One slightly annoying issue, though, is that a news/blog page, “Psiphon Today,” opens in your browser every time you connect to Psiphon.
The Psiphon Android App (Free)
The Android app works in SSH mode only. It automatically selects servers for you.
If you downloaded the apk file for sideloading, you will see no ads. If you downloaded the app from the Play Store, you will see some fairly discreet ads in the space occupied by the Psiphon logo at the top of the screen.
You can check out your bandwidth usage in the Stats section. This can be particularly useful in countries where mobile internet data is expensive.
Psiphon will normally just proxy your browser, but with Android 4.0+ it is possible to proxy the whole device. In this mode Psiphon acts very much like a full VPN.
Advanced options are also available
Psiphon Pro for Android
The Pro version of the app is very similar to the free version. It allows you to support the developers by accepting ads or upgrading to a faster service via in-app purchases.
The ads are quite intrusive. In addition to more prominent ads on the main screen, you are shown a video ad every time you connect to a Psiphon server, and your browser load Psiphon’s news/blog page.
Basically, if you are using the Pro version of this app, you’ll want to upgrade to a paid subscription as fast as possible!
When you pay for a subscription, the ads disappear and your bandwidth increases. The “maximum speed” plan upgrades your speed limit from 2 Mbps to 5 Mbps
The Pro version gives you the option to proxy your entire device or only the custom Psiphon browser that comes bundled with the app.
Psiphon Performance (Speed, DNS, WebRTC and IPv6 Tests)
All tests were performed on my Virgin Media UK fiber connection. When connecting via VPN it not possible to select sever location – Psiphon selected India for me.
The graphs show the highest, lowest, and average speeds for each server and location. See our full speed test explanation for more details.
Don’t expect blazing fast speeds when using Psiphon. In the default Windows SSH mode, download speeds averaged just 133 kbps. Speeds were a little more useable in VPN mode, even though the VPN server was located very far from me.
The Android app performed much closer to the promised 2 Mbps, and the Pro app even slightly over-delivered on the 5 Mbps I paid for.
I detected no IP leaks using the Windows app in either SSH or VPN mode, or when using the Android app. Here we can see the VPN test results. Those are Google DNS servers, but the DNS requests are proxied by Psiphon so there is no privacy risk.
Please note that Private Use RFC IPs are local IPs only. They cannot be used to identify an individual, and so do not constitute an IP leak. Unfortunately, my Internet Service Provider (Virgin Media UK) does not support Internet Protocol version 6 (IPv6) connections, so I am unable to test for IPv6 leaks at this time. This is a situation that should change in the near future.
Psiphon is available for Windows, Android and iOS. Psiphon Pro is currently available for Android only. I have not tried it, but I presume the iOS app is similar to the sidelaoded Android one.
Psiphon Review: Conclusion
- Free (a paid-for Pro version is available for Android users)
- It can defeat online censorship
- Windows client offers a VPN option if default SSH with handshake obfuscation doesn’t work
- All apps look smart and work well
- You can request that apps be sent to you via email if the website is blocked where you are
- Open source
I wasn’t so sure about:
- Very slow
- Cannot select VPN location
- No support other than resources on the website
Psiphon does, of course, have severe limitations. The most notable of these is that it is very slow. Even paying for a “maximum speed” subscription in the Pro app only nets you around 6 Mbps download speed.
But this misses the point. Psiphon is a free anti-censorship tool that works. Judging from the stack of comments about it that we receive, many people in restrictive counties find it very useful.
One issue that does often come up is users asking us for assistance (which we cannot provide). This is because Psiphon Inc. itself provides no support. Given that Psiphon is very popular, however, it is unreasonable and unrealistic to expect a company to support what is basically a free product.
If you live in a restrictive country and cannot afford or cannot access a regular VPN service then I would suggest trying Tor before tying Psiphon. Tor provides greater anonymity, is faster, and it supports an active community of enthusiasts who are keen to offer help to those that need it.
If Tor is blocked, however, then Psiphon may well be the solution you need.