Psiphon

From Wikipedia, the free encyclopedia

Jump to: navigation, search
Psiphon
Developed by Citizen Lab
Latest release 1.6 / March 9, 2007
Operating system Cross-platform
Type Censorship circumvention
License GNU General Public License
Website psiphon.civisec.org

Psiphon is a web proxy designed to help Internet users securely bypass the content-filtering systems used to censor the internet. Psiphon was developed by the Citizen Lab at the University of Toronto, building upon previous generations of web proxy software systems, such as the "SafeWeb" [1] and "Anonymizer" systems.

In 2008 Psiphon was spun off as a Canadian corporation that continues to develop advanced censorship circumvention systems and technologies. Psiphon maintains its research and development lab and computer network "red team" at The Citizen Lab, Munk Centre for International Studies, University of Toronto.

There are currently two branches of Psiphon development: psiphon open source, and a commercial version that includes the managed proxy cloud and proprietary anti-counter circumvention system.

Psiphon open source is recommended use is among private, trusted relationships that span censored and uncensored locations (such as those that exist among friends and family members, for example) rather than as an open public proxy. Traffic between clients and servers in the Psiphon system is encrypted using the https protocol. Released under the GNU General Public License, Psiphon open-source is free software.

Contents

[edit] History and functionality

Psiphon open source is an internet proxy, described as "... a censorship circumvention solution that allows users to access blocked sites in countries where the Internet is censored." The psiphon software "...turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages anywhere."[2] Psiphon was originally implemented in Python, but has been re-designed and re-written in C++, and designed as a cross-platform (Windows and Linux versions are currently available), user friendly proxy server tool which uses a https protocol to transfer data. With a user name and password, people in countries that use Internet content filtering can send encrypted requests for information to a trusted computer located in another country and receive encrypted information in return. As https protocol is widely used for secure communication over the Internet (from web mail to Internet banking), no government can block https traffic without further restricting its citizens' ability to use the web, something that has not dissuaded these governments' Internet censorship efforts thus far.

According to Nart Villeneuve, Chief Technology Officer of Psiphon inc, "The idea is to get them to install this on their computer, and then deliver the location of that circumventor, to people in filtered countries by the means they know to be the most secure. What we're trying to build is a network of trust among people who know each other, rather than a large tech network that people can just tap into."[3]

Psiphon takes a substantially different approach to censorship circumvention than other tools used for such purposes, such as The Onion Router aka Tor. Psiphon requires no download on the client side, and thus offers ease-of-use for the end user. But unlike Tor, psiphon is not an anonymizer, as the server logs all of the clients surfing history. Psiphon differs from previous approaches in that the users themselves have access to server software. The developers of Psiphon have provided the user with a Microsoft Windows platform executable for the Psiphon server. If the server software attains a high level of use this would result in a greater number of servers being online. A great number of servers online would make the task of attacking the overall user base more difficult for those hostile to use of the psiphon proxy than attacking a few centralized servers, because each individual web proxy would have to be disabled one by one.

Screenshot from psiphonode running under Windows XP. The IP address has been obscured.
Screenshot showing Psiphon in use from the client (psiphonite) side, as viewed in Internet Explorer. The IP address has been changed.

In the most recent edition of the software, the psiphonode pings the Citizen Lab to “check in” and returns your public IP, which is then distributed to users. Although this does create the theoretical danger of a canonical list of psiphonodes which could be a target for an adversary determined to block psiphon, the Citizen Lab does not archive this information as a matter of policy. Additionally, users have the option to configure their psiphonodes not to "check in" with the Citizen Lab.

Through the psiphon control panel, psiphonode administrators have access to a log of sites that their psiphonites access, which makes the psiphon user subject to the consequences of any lack of good security practices, ill will, or possible censorship by the psiphonenode administrator. The authors of psiphon stress that these issues are "trust" issues, with exception of poor security practices, and should not present a problem because of the positive social relationship(s) between psiphon user(s) and psiphonode administrator(s). The theory being that if there is a good enough relationship to establish a psiphon user to psiphonode administrator tie, issues such as psiphonode censorship and ill will are not likely to arise, hence the term "social networks of trust" used in psiphon literature.[2]

psiphon open source software was funded by the Open Society Institute and was released under the GNU General Public License (GPL) on 1 December 2006.

In 2008, Psiphon was spun out of the Citizen Lab and established as a Canadian corporation. It has since received investments and contracts from a number of sources including the European Union, Broadcast Board of Governors (US), US Department of State and the British Broadcasting Corporation.

Psiphon inc develops advanced content delivery and censorship circumvention solutions and software. The system now includes a managed network solution for large-scale customers, as well as a proprietary anti-counter circumvention system. Psiphon inc is headquartered in Toronto Canada, and maintains research and development laboratories at the Citizen Lab.

Psiphon inc will be holding a special event on May 1, 2009 where it expected to make a major announcement.


[edit] Theoretical problems - Psiphon open source version 1.6

In order to increase the ease which a psiphon open source server can be implemented, the latest version of psiphon has an IP address ping back service, with each new server pinging the Citizen Lab server in Toronto Canada.

  1. The Citizen Lab server then responds to the ping by transmitting the numerical IP address of the new psiphon server back in plain text, directly to the new psiphon server.
  2. This provides easy reference for the novice psiphon server administrator, who then distributes the IP address to those who need to use psiphon.
  3. The "ping back" behavior is presently a default, but need not be chosen, the option to not ping is present in the psiphon server software.[4]
  4. This problem is fixable, as it is possible for each request to be answered back with 100 DNS requests for websites that are generally considered harmless or too obscure to bother with. However, it would be cheaper in bandwidth and CPU time to just use 40 bit crypto to transfer the applicable DNS information.

There are inherent security risks in approaches such as psiphon, specifically those presented by logging by the services themselves.[5] The real world risks of log keeping was illustrated by the turn over of the e-mails of Li Zhi to the Chinese Government by Yahoo. Li was subsequently arrested, convicted and sent to jail for 8 years.[6] Some have raised concerns that the IP addresses and the psiphon software download logs of psiphon users could fall into the wrong hands if the Citizen Lab computers were to get hacked or otherwise compromised.

[edit] Psiphon and data retention

We're aiming at giving people access to sites like Wikipedia.
— Michael Hull, psiphon's lead engineer[7]

The United Kingdom and some other European countries have data retention policies. Under these policies Internet Service Providers are obliged to retain a record of all their clients web browsing. The data retention period varies from six months to three years. In the UK this retained data is available to a very wide range of public bodies, including the police and security services. Anyone who operates a psiphonode in one of these countries needs to be aware that a record is kept of all web browsing through their computers. On the 15th March 2006 the European Union adopted Directive 2006/24/EC which requires all member states to introduce statutory data retention. The United States of America does not have a statutory data retention regime, though such a provision is under discussion. Such records as are retained by Internet Service Providers or web sites may be obtained by Federal authorities, without judicial oversight, using a National Security Letter.[citation needed]


[edit] See also

[edit] References

[edit] External links

Personal tools