Ask Me Anything with the Psiphon Team

By ASL19

ASL19’s  second “Ask Me Anything” series, our latest initiative which is inspired by Reddit’s “AMA” subreddit, will feature the team behind Psiphon3, a popular circumvention tool used in Iran and elsewhere. You can submit your questions or follow the conversation by going to our Google Moderator Series page.

As part of this new series, we plan to invite developers, researchers, and academics working on issues concerning Internet censorship, surveillance, and circumvention. By doing so, we hope to facilitate a conversation between actors in these fields and Internet users in Iran. Our goal is not only for users to benefit from this conversation, but also help tool developers and researchers in this field learn more about Internet users in Iran–their challenges, concerns, and opportunities. Our first AMA was held with Scout Sinclair Brody and Lucas Dixon from Google Ideas, who talked about Google’s new tool, uProxy. You can find our blogpost and the link to our users’ questions here.

This time we are joined by Psiphon and the team of developers behind Psiphon3, an open-source and popular circumvention technology used by Iranian Internet users to bypass censorship and access information on Windows and Android. Psiphon3 is a circumvention tool from Psiphon Inc. that utilizes VPN, SSH and HTTP Proxy technology to provide you with uncensored access to Internet content. Your Psiphon client will automatically learn about new access points to maximize your chances of bypassing censorship.

ASL19’s Ask Me Anything series will be in Farsi and English, with live translations. There are two parts to every AMA. First, we ask our users to submit questions and give our guests time to respond to them. We then translate their answers and include them in a blog post like this. Next, we announce the date and time of the second part of the session: a live, one to two hour Q&A in which our users can ask their questions and have them answered live.

Below are a selection of questions submitted by our users for the Psiphon team. We hope you enjoy reading them and we look forward to your questions, in Farsi and English, on March 18th, 2014 at 2 pm EDT ( 9:30 pm IRST), on ASL19’s Google Moderator Series.

Q. What are Psiphon’s plans for the future? Will there be more servers? Will Psiphon adapt to Iran’s filtering situation? Which country has the biggest Psiphon users? Does Psiphon know that lately its speed has been reduced significantly and it is useless during some hours?

A. We continuously scale our network to meet growing demand. We have an ongoing censorship and circumvention research program. Iran.  We get many conflicting reports. Some users report speed issues, others report great performance.

Q. To what extent Psiphon is reliable regarding security and encryption of the incoming and outgoing data?

A. Psiphon provides network-layer confidentiality between your device and the Psiphon server. It is designed to bypass censorship, and not specifically designed to provide any extra security at the application layer. While Psiphon does provide an extra layer of encryption and therefore hides data transactions between the client and Psiphon node servers, it is important to remember that it is your responsibility to make sure you are using HTTPS, that you are careful about executing javascript and flash, and that you mitigate any other threats that you are concerned about. Psiphon is also not designed to provide anonymity, nor does it prevent anybody watching your traffic from knowing that you are using Psiphon. On our servers, Psiphon collects stats as disclosed here: http://play.psiphon3.com/en/faq.html#information-collected . Psiphon is open source and the code is available for review: https://bitbucket.org/psiphon/psiphon-circumvention-system

Q. Will there be an iOS version?

A. Yes! We are working on a prototype. You can see the open source here: https://bitbucket.org/psiphon/psiphon-circumvention-system/branch/iOS

This version of Psiphon for iOS will have its own browser and function much like the “browser-only” mode on Psiphon for Android. We don’t currently have a plan for an iOS whole device mode.Distribution is also an open question: should we distribute it in the Apple App Store, or, if that is blocked, can we assume that many users have a jailbroken device?

Q. Why doesn’t Psiphon make a Psiphon3 for Linux (Ubuntu)?

A. We don’t have enough resources to produce a shrink-wrapped client for Ubuntu, but you can set up the Python client on any Linux: https://groups.google.com/forum/?fromgroups=#!topic/psiphon3-developers/cb8CW7Y98nI

Q. Why don’t you make Psiphon for Symbian based phones.

A. Psiphon is a small group and we have to focus on the most popular/growing platforms.

Q. Do you spy on people? if not, so what’s the benefit for you?

A. Psiphon does not monitor our users’ network usage, store information about individual users, or even have user accounts. We collect only aggregate stats as disclosed here: http://play.psiphon3.com/en/faq.html#information-collected.

Our business model is based on sponsors that pay to have their web page featured as the home page that’s opened when Psiphon connects. This is why Psiphon is free for end users.

Q. Why doesn’t Psiphon utilize other protocols and VPN services that work well in Iran. i.e. Kerio (VPN) works very well in Iran.

 A. Psiphon does deploy several protocols and we have optimized our obfuscated protocol to circumvent aggressive DPI filtering. Furthermore, Psiphon has deployed a diverse, world-wide network of servers that is resistant to enumeration. While commercial VPN offerings might appear functional at a given time, they tend to not be resilient when aggressive blocking is deployed: either the protocol can be blocked via DPI; or the providers network is easily enumerated and blocked by network address. Psiphon’s architecture addresses these issues.

Q. I have an Android 2.3 and its rooted but I can’t tunnel my whole device through Psiphon. Why?

A. If you see an error such as “fix me! implement getprotobyname() bionic/libc/bionic/stubs.c:378 iptables:no chain/target/match by that name.” then the most likely explanation is that your phone’s ROM doesn’t support this mode. If you are using a custom ROM or custom kernel, you should contact the ROM developer regarding iptables support. Otherwise, send a Psiphon diagnostic feedback.

Q. How should I update Psiphon?

A. Psiphon automatically updates itself. If you got Psiphon from the Play Store, your system does this for you. If you side-loaded Psiphon for Android, click the yellow notification icon. Psiphon for Windows also silently updates itself. If you see errors related to upgrades, send us a diagnostic feedback.

Q. Is Psiphon just an anti-filter? Isn’t data protection against recent revelation in Europe and US, Psiphon’s ultimate goal, in addition to circumvention?

A. Yes, essentially Psiphon is just an anti-filter. No matter what circumvention tool you use, if you use services such as Facebook or Google you may be subject to US surveillance (reportedly). Conversely, you could use Psiphon as a bridge to a truly anonymous, surveillance-resistance network such as Freenet or Tor. In fact, Psiphon is working on a related project — but it’s too early in the development process to promote it.

Q. How was 2013 for you?

A. Great! In 2013 usage of Psiphon grew immensely. We released many popular new features and successfully circumvented censorship during the Iran election (https://asl19.org/cctr/iran-2013election-report/)

Q. Given the prevalent security state in Iran, and my membership in social networking websites and some political posts on these platforms, how much is Psiphon safe in protecting my privacy, identity and preventing access to my data/personal information?

A. Psiphon is primarily designed to provide you with open access to online content.

By encrypting the traffic between your computer and a Psiphon server Psiphon is capable of preventing an adversary from observing the content of your traffic in certain situations, such as when you are using an open WiFi hotspot.

Traffic between Psiphon servers, outside Iran, and the rest of the Internet is not encrypted by Psiphon. Psiphon does not protect the data that resides on social networking websites nor any posts on forums.

Q. Please explain how the logs are stored on Psiphon servers. Are these information commercially used and are they sold to other companies? Have you ever cooperated with NSA and have handed them any information?

A. Log storage: syslog files on servers (note: users IPs are not logged!), which are synchronized to a central database. The whole thing is open source, check it out. Psiphon does not monitor our users network usage, store information about individual users, or even have user accounts. We collect only aggregate stats as disclosed here: http://play.psiphon3.com/en/faq.html#information-collected.

Aggregate stats are available to sponsors. For example, how many users from IR on a given day loaded your web site.

We have not received any requests from nor cooperated with the NSA.

Q. Why is OpenVPN not implemented in Psiphon? The way each user can connect to the servers with a public and a private key. It is more secure and gives the user peace of mind, as long as the private key is not stored on the server.

A. We may implement OpenVPN in the future as its SSL transport is something we don’t have at the moment. However, it’s no more or less secure than our transport — both transports negotiate a symmetric session key using server public keys distributed out-of-band via our digitally signed server records. The use of OpenVPN you describe, with a public/private key pair per user, implies user accounts. But Psiphon doesn’t have user accounts at all. We hope you can explain in the upcoming  Ask Me Anything session why you think this is more secure?”

Q. Please add the option of choosing server and country in future versions, so that the user can choose the exit server and region. The option for choosing servers is available in the mobile version but not on Windows.

A. We are constantly working on new features such as this but please be patient, our focus is to provide a reliable network. These kinds of features are nice to have, but not critical so can often get pushed out of the development cycle.

Q. Since government stores all user data, do you implement “forward mixing” cryptography? So that, if for any reason, the encryption key or the encryption method is revealed, only a small fraction of the data would be compromised.

 A. Our SSH and SSH+ protocols have the perfect forward secrecy security property.

Q. What is your goal by providing a circumvention tool for Iranians? Is it due to a sense of responsibility, or is it for taking the personal information of the users?

A. We believe in freedom of Internet access. We provide access to content for most of the large broadcasters such as the BBC, Deutsche Welle, Radio Free Europe and Voice of America to mention a few. It is their commitment and sense of responsibility that drives the Psiphon project and service. You can (and should) thank them directly the next time you are using Psiphon.