PSIPHON USER GUIDE

Psiphon is a free and open source web proxy that helps internet users bypass content-filtering
systems used by governments in countries like China, Iran, Saudi Arabia, and Vietnam. It was
developed by the Citizen Lab's CiviSec Project at the University of Toronto and was first
released in December 2006. In this how to guide, learn how to provide a proxy service to
someone behind a firewall with psiphon. If you are behind a firewall and want to learn how to
connect to psiphon and access blocked content, check out this how to guide.

Psiphon, unlike other circumvention services, is not intended to be a public, open proxy service.
It’s based on a “web of trust” system so psiphon nodes are harder to block. What this means is
that a person in an unrestricted location (one that is not behind a firewall) provides a psiphon
proxy service to a person they are familiar with who is going online in a place where online
access is limited. This is known as a psiphonode. A psiphonite is a psiphon user living in a
censored country. The psiphonite connects to a psiphonode (set up by someone they know and
trust) to access information freely.

NOTE: Psiphon only works on Windows and Linux. There is no Mac version yet.

Step 1.

First, you should be in a location where you have open access to the internet. You should know
someone in another location where access is limited. You will be providing a psiphonode for this
person.

Tip!

If you do not know any psiphon users, but still want to provide a psiphonode, you can find users
on psiphon’s Facebook page or Twitter page. It is important to note that there should be a level
of trust between the two people, because the person providing the psiphonode will have
access to all of the internet activity of the person with restricted access, including
passwords and private information.

Step 2.

Go to http://psiphon.civisec.org/guides.html to download the user guide for psiphon. Currently, it

is available in English, French, Spanish, Arabic, and Russian. This guide will help you set up
psiphon.

Step 3.
Point your browser to psiphon.ca/download.php to download psiphon for your operating system.

For Windows: Click on psiphon-1.5-Win32-installer and download psiphon installation file on

your desktop.

For Linux: You will need to download source here: http://psiphon.civisec.org/source.html and
build psiphon yourself using the instructions provided.

Tip!

You can also download psiphon from mirror sites like this one.

Step 4.

For Windows users, double-click on the psiphon installation file on your desktop. You will be
guided through the installation process.

Step 5.

When the installation process is complete, double click on the Psiphon icon on your desktop.
You may encounter a firewall pop-up window; click unblock to proceed.

Step 6.

Now, you will need to configure your psiphon server. First, give your server a name. This name
will be part of the URL you give out; make your name unique, but avoid using personal
information.

Step 7.

Psiphon will now attempt to determine your external IP address and check to see if port 443 is
available. Port 443 is used for secure web communication (http://www.grc.com/port_443.htm)

If psiphon cannot access port 443, a new port will be automatically assigned.

Click on the ‘Test’ button to verify that psiphon can use the port that you have selected.

Step 8.

Now, click “Start” to start psiphon. Psiphon will attempt to start the server; if all the tests it runs
pass, the server will start. The top window will display “ON.”

Step 9.
Click on the blue URL link at the top of the window to see if your psiphon server can be seen by
outside users. This is the URL you will give out in your invites. The format of the URL will look
something like this:

https://74.102.45.230:443/aym996

What does this address mean?

https:// indicates that a secure and encrypted (SSL) connection will be used between the
psiphonite and your psiphonode. (Learn more about HTTPS here.)

74.102.45.230

This is the external IP address that your psiphonites will need in order to connect to you.

:443

This is the port that your psiphonode is listening to in order to accept connections to your IP
address.

/aym996

This is the name of your psiphonode. (Remember, this is just a sample name. You will create
your own server name.)

Step 10.

If your server is running correctly, the psiphon certificate page will display in your browser.
Click OK.

Step 11.

Click on the blue link again to access the login page. Log in.

Now you are ready to share your psiphon server with psiphonites!

The first step is to create user accounts for them. Click “add” on the control panel. Fill out the
details for your psiphonite.

Step 12.

By a secure method, send your psiphonite connection information, including the psiphonode
URL, username, and password. This could be done by hand, telephone, or secure and encrypted
email. Now the internet user behind a firewall should be able to access blocked websites using
the psiphonode you have provided!
Step 13.

It is good practice to clear your browsing history regularly.

Set Up Your Own Private Web Proxy with Psiphon

Developed by the Citizen Lab at the University of Toronto, Psiphon is a private web proxy
for bypassing censorship. We first mentioned it back in November when it was still more of
an idea than a reality, but it's come a long way since then.

The idea behind Psiphon is to get users in countries or areas that don't censor web traffic to
act as proxies for users in countries that do censor. It's private in the sense that only users
with the right access details like usernames and passwords can access a "psiphonode". Like
a private social network, only members can gain entrance. This makes it tough for
psiphonodes to be discovered and blocked.

Not only can you bypass the Great Firewall of China by using Psiphon, you can also use it to
set up your own private web proxy that you can use from school, work, or any other place
that censors or monitors your web traffic. Traffic is encrypted between a psiphonode and
the user. Importantly, only the user who sets up a psiphonode needs to download the
software; users who simply want to access a psiphonode don't need to install anything.

It's easy for censorship software to block access to sites that have the words "proxy" or
"proxies" in the domain name or site content, but it's rather more difficult for said software
to detect a psiphonode. That makes it a moving target for censors everywhere, and an
extremely valuable tool for any web surfer.

Colorful, step-by-step user guides available in both English and Spanish will help you quickly
set up Psiphon.
Psiphon Net
Psiphon Net (2.0) is a managed content delivery solution that guarantees media producers their
content will be available in all markets, anywhere, and all the time, through Psiphon’s private cloud.
Subscribers just click a private link and enjoy a rich filter free multimedia experience.

Content producers propagate access to their sites through private URL addresses known as
“right2Know” nodes. Users or subscribers click the link to transparently access blocked or filtered
sites. Psiphon cloud supports rich multimedia content and all search engines. Psiphon Net uses
private and public infrastructure purpose built for clients needs. We are partnered with Bell Canada
and other leading telecommunications and cloud service providers – and can provide customized
secure cloud-based solutions to fit any need and budget.

As part of our value-added solution, Psiphon is partnered with The SecDev group to provide
managed propagation services for broadcasters looking to enter markets in which their content may
be subject to blocking, or where accessing blocked content may lead to user risk.

For more information about Psiphon Net or to test drive our services please contact us at
[email protected] or call Arnav at +1 613 755 4007.

Hack Censorship – build a better Psiphon

We at Psiphon believe the Internet should be a global commons.
Thats why we designed Psiphon as open source software. We encourage everyone to download and
build your own Psiphon server. If you are a developer, help make our software better, more secure,
and easier to use.

Visit our launchpad site to get the latest code. Sign up as a developer and hack away!

If you work with communities in countries where Internet access is gated, or want to build a Psiphon
server to give access to your friends, family – we want to hear from you. We are planning to develop
a new version of Psiphon designed for the home user and built to work on a plug computer and
administered through a simple graphic user interface. We are looking for developers to help us with
this effort. The source code, as well as instructions on how to install it on a plug computer will be
made available for free, and we are working to get a volume discount from the manufacturer of plug
computers so as to make do-it-yourself solutions accessible and affordable to everybody.

In the past year the Internet has become a contested space. More and more states practice controls
over content including shutting it off at times of political unrest.

Help us hardwire openness into the Internet’s DNA. Join our open source effort
at: https://launchpad.net/psiphon

Watch video of Psiphon’s cofounder and director of the Citizen Lab on Internet freedom and
why we decided to build Psiphon

Psiphon 2
Psiphon 2 is centrally managed web proxy system deployed by Psiphon Inc. to provide content
delivery services through a cloud-based infrastructure. It’s designed for larger scale implementations
and requires more skills to set up and operate than 1.0. At its core Psiphon 2 is a link rewriting proxy
and therefore suffers must be configured to operate properly with web 2.0 sites.

Psiphon 2 was developed with support from the Open Internet alliance and is available to users and
developers as open-source code. We have recently moved to a continuous deployment model and
therefore all changes will be added to the code base and real-time.

Psiphon 2 can be downloaded from Psiphon’s launchpad site.

Psiphon Swarm
Psiphon Swarm is an open-source, free to download project that allows anyone to operate their own
Psiphon service. We are currently developing a version which will run on a dedicated plug computer
making running your own Psiphon server as easy as plugging in a toaster.

Psiphon Swarm is the candidate replacement for Psiphon 1 which was retired in September 201o.
We are currently looking for developers to help push this effort forward. more information about our
open source project and Psiphon swarm can be found here.

PsiphonX
PsiphonX is designed to overcome the shortcomings of link-rewriting proxies which made it difficult
and cumbersome to view web 2.0 sites like YouTube and Facebook. PsiphonX runs from a single
executable file which configures the Internet proxy settings of a machine to point HTTP traffic to a
local proxy that then forwards the traffic to a Psiphon in-proxy via a secure connection (via an SSH
Tunnel). When the user quits PsiphonX, the original Internet configuration is reset.

PsiphonX is currently in beta testing, but will be incorporated across all Psiphon services and products.

You can test drive PsiphonX through to the end of April here

Psiphon Content Delivery Software

Overview
Code
Bugs
Blueprints
Translations
Answers

Registered 2009-05-13 by Jeremy Vernon

Psiphon is a user-friendly, simple to administer circumvention system. Our aim is simplicity.
Psiphon strives for a zero footprint architecture that can be scaled from a home user serving a
few friends, to a cloud-based infrastructure serving thousands. Psiphon source code is yours to
develop and build on. Psiphon inc is the maintainer of the code base, and the operator of
Psiphon's commercial cloud-based services and solutions.

Psiphon has trunked into a number of complementary software projects. contact the team leader if you want to
become a developer on any one of the projects.

Psiphon 1.x is a light-weight web proxy designed to run on a home PC (MS Windows-based) with no central
management component. With Psiphon 1.x, a user asks a friend to run a proxy and can then access blocked sites via
his or her friend's Internet connection. The Psiphon 1.x source code is available here:
https://code.launchpad.net/~psiphon-inc/psiphon/psiphon-1.6. As of September 2010, Psiphon 1.X is no longer
officially supported or actively developed by Psiphon inc.

Psiphon 2.x is centrally managed web proxy system deployed by Psiphon Inc. to provide content delivery services
through a cloud-based infrastructure. It's designed for larger scale implementations and requires more skills to set up
and operate than 1.0. Psiphon 2.X is a link rewriting proxy and therefore suffers from some compatibility with web
2.0 sites.
PsiphonX - is designed to overcome the shortcomings of link-rewriting proxies which made it difficult and
cumbersome to view web 2.0 sites like YouTube and Facebook. PsiphonX runs from a single executable file which
configures the Internet proxy settings of a machine to point HTTP traffic to a local proxy that then forwards the
traffic to a Psiphon in-proxy via a secure connection (via an SSH Tunnel). When the user quits PsiphonX, the original
Internet configuration is reset.

We are also planning on relaunching Psiphon 1.X as a new product code-named "Swarm". The objective is to develop
a version of Psiphon that can be loaded onto a plug computer and managed through a simple user GUI.

Download PsiphonX (NEW!)

What is PsiphonX?

PsiphonX is a brand-new product from Psiphon that extends your Psiphon browsing
experience. A downloadable proxy application, PsiphonX enables you to view and
interact with all web-content without any functional limitations.

PsiphonX was designed as a simple, straightforward tool that provides Psiphon users
with an alternative way to access Internet content and web-sites that are not fully
supported by Psiphon 2.x.

The PsiphonX code is fully available on our open source site at

http://launchpad.net/psiphon.
PsiphonX Requirements
To run PsiphonX you will need Windows XP or higher and Internet Explorer 6.0 or
higher or Google Chrome .
Downloading and Running PsiphonX
To download and run PsiphonX, Download PsiphonX and click "Run" when prompted.
You should expect to see the following security warnings:
When PsiphonX is running, your browser's proxy settings will be set to a Psiphon proxy
and you can begin to surf the web normally.

All of your web-requests and content will be routed via the proxy.
Note: Please be aware that although PsiphonX does establish a secure connection to
the Psiphon proxy, PsiphonX does not support anonymization.
You can start, stop, and exit PsiphonX using its simple GUI:
 Psiphon

Psiphon

Developer(s) Psiphon inc

Stable release 2.5 / 2010.08.04

Operating system Cross-platform

Type Censorship circumvention

License GNU General Public License

Website psiphon.ca

Psiphon is a web proxy designed to help Internet users securely bypass the content-filtering
systems used to censor the internet by governments in places like China, North Korea, Iran,
Myanmar, Saudi Arabia, United Arab Emirates, Vietnam, Pakistan, Belarus' and others. Psiphon
was originally developed by the Citizen Lab at the University of Toronto, building upon previous
generations of web proxy software systems, such as the "SafeWeb" [1] and "Anonymizer"
systems.

In 2008 Psiphon was spun off as a Canadian corporation that continues to develop advanced
censorship circumvention systems and technologies. Psiphon maintains a research and
development lab at the Citizen Lab, Munk School of Global Affairs, University of Toronto.

Psiphon currently consists of two separate but related open source software projects:

1. 2.0 - A managed proxy cloud implementation curated by Psiphon inc.

 2. 1.X - The original home based server software released by the Citizen Lab under the GNU
General Public License but no longer supported by Psiphon inc or the Citizen Lab.

History and functionality

Psiphon was written by Nart Villeneuve and Michelle Levesque (presently a software engineer at
Google[2]) emerged as the output of a research and development project undertaken by the
Citizen Lab as part of work undertaken by the Open Net Initiative. The intent of the experiment
was to develop a lightweight, easy to use tool designed to defeating emerging forms of state
censorship. The project was initially funded by the Open Society Institute.

Psiphon 1.X is best described as an easy-to-use and lightweight Internet proxy, and was designed
to be installed and operated by individual computer users who would then host private
connections for friends and family in countries where the Internet is censored. It was
recommended for use among private, trusted relationships that span censored and uncensored
locations (such as those that exist among friends and family members, for example). Psiphon
software "... turns a regular home computer into a personal, encrypted server capable of
retrieving and displaying web pages anywhere."[3] The original Psiphon code (version 1.X) was
implemented in Python, but subsequently re-designed and re-written in C++, and designed as a
cross-platform (Windows and Linux versions are currently available), user friendly proxy server
tool which uses a https protocol to transfer data.

According to Nart Villeneuve, former Chief Technology Officer of Psiphon inc (and presently a
lead investigator with Secdev.Cyber), "The idea is to get them to install this on their computer,
and then deliver the location of that circumventor, to people in filtered countries by the means
they know to be the most secure. What we're trying to build is a network of trust among people
who know each other, rather than a large tech network that people can just tap into."[4]. Psiphon
1.X was not designed or recommended to be used as a open public proxy by its developers.

Psiphon 1.X was released on 1 December 2006 by the Citizen Lab. In early 2008, the source
code was released under the GNU General Public License. 1.X is no longer actively supported
by Psiphon inc, or the Citizen Lab, but the source code can be accessed on line. A new version of
the home-based server is currently under development by Psiphon inc, and will be released open
source in 2011.

In mid 2008, Psiphon was spun out of the Citizen Lab and established as a Canadian corporation.
Currently,[when?] Psiphon inc develops content delivery solutions and software (2.X). Its past and
present clients and supporters include the European Union, Broadcast Board of Governors (US),
US Department of State and the British Broadcasting Corporation.

Psiphon inc is headquartered in Toronto, Canada, and maintains research and development
laboratories at the Citizen Lab.
The CEO of Psiphon inc is Rafal Rohozinski, who is also a principal investigator with the
OpenNet Initiative and Infowar Monitor.

Theoretical problems - Psiphon open source version 1.6

Note: Psiphon 1.X is no longer supported by Psiphon inc or the Citizen Lab

In order to increase the ease which a psiphon open source server could be implemented, version
1.6 of Psiphon had a IP address ping back service, with each new server pinging the Citizen Lab
server in Toronto Canada.

1. The Citizen Lab server then responded to the ping by transmitting the numerical IP address of
the new Psiphon server back in plain text, directly to the new psiphon server.
2. This provided easy reference for the novice psiphon server administrator, who then distributes
the IP address to those who need to use psiphon.
3. The "ping back" behavior was a default, but need not be chosen, the option to not ping is
present in the psiphon server software.[5]

There are inherent security risks in web-proxy based approaches such as Psiphon, specifically
those presented by logging by the services themselves.[6] The real world risks of log keeping was
illustrated by the turn over of the e-mails of Li Zhi to the Chinese Government by Yahoo. Li was
subsequently arrested, convicted and sent to jail for 8 years.[7] Some have raised concerns that
the IP addresses and the psiphon software download logs of psiphon users could fall into the
wrong hands if the Citizen Lab computers were to get hacked or otherwise compromised.

A limitation in Psiphon 1.X is that users are unable to browse websites that use a https
connections (like logging in into hotmail). Although not a security threat, this reduces the ability
of users to access sites via psiphon.

Psiphon, web proxies and data retention

The United Kingdom, Denmark and some other European countries have data retention policies.
Under these policies Internet Service Providers are obliged to retain a record of all their clients'
web browsing habits. The data retention period varies from six months to three years. In the UK
this retained data is available to a very wide range of public bodies, including the police and
security services. Anyone who operates a Psiphon server (or any web proxy) in one of these
countries needs to be aware that a record is kept of all web browsing through their computers. On
15 March 2006 the European Union adopted Directive 2006/24/EC which requires all member
states to introduce statutory data retention. The United States of America does not have a
statutory data retention regime, though such a provision is under discussion.

External links

• Psiphon Official Homepage

• Psiphon Official User Guide
• CBC The Hour - December 4, 2006
• BBC: Web censorship 'bypass' unveiled
• Canada.com: Canadian software touted as answer to Internet censorship abroad
• CNN: Experts find path around Internet firewalls
• Computerworld: Liberation software designed on basis of trust
• Globe and Mail: Scaling the walls of Web censorship
• Reuters: Canada experts find path round Internet firewalls
• CNN International: psiphon interview with Dr. Ron Deibert
• Interview with Ronald Deibert from the Psiphon project on YouTube
• Al Jazeera's Listening Post story about psiphon on YouTube
• Index on Censorship - Psiphon wins Economist New Media award at Freedom of Expression
awards 2009