Psiphon

Infobox Software
name = Psiphon



caption =
author =
developer = Citizen Lab
released =
latest release version = 1.6
latest release date = March 9, 2007
operating system = Cross-platform
genre = Censorship circumvention
license = GNU General Public License
website = [http://psiphon.civisec.org/ psiphon.civisec.org]

Psiphon is a web proxy designed to help Internet users affected by Internet censorship securely bypass content-filtering systems set up by governments such as Australia, China, Iran, North Korea, Cuba, Thailand, Saudi Arabia and others. Psiphon was developed by the Citizen Lab at the University of Toronto, building upon previous generations of web proxy software systems, such as the "SafeWeb" [ [http://www.wired.com/politics/law/news/2002/02/50371 SafeWeb's Holes Contradict Claims ] ] and "Anonymizer" systems.

Psiphon's recommended use is among private, trusted relationships that span censored and uncensored locations (such as those that exist among friends and family members, for example) rather than as an open public proxy. Traffic between clients and servers in the Psiphon system is encrypted using the https protocol.

Released under the GNU General Public License, Psiphon is free software.

History and functionality

Psiphon is an internet proxy, described as "... a censorship circumvention solution that allows users to access blocked sites in countries where the Internet is censored." The psiphon software "...turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages anywhere." [http://psiphon.civisec.org/faq1.html Psiphon Frequently Asked Questions] ] Psiphon was originally implemented in Python, but has been re-designed and re-written in C++, and designed as a cross-platform (Windows and Linux versions are currently available), user friendly proxy server tool which uses a https protocol to transfer data. With a user name and password, people in countries that use Internet content filtering can send encrypted requests for information to a trusted computer located in another country and receive encrypted information in return. As https protocol is widely used for secure communication over the Internet (from web mail to Internet banking), no government can block https traffic without further restricting its citizens' ability to use the web, something that has not dissuaded these governments' Internet censorship efforts thus far.

According to Nart Villeneuve, Director of Technical Research from the Citizen Lab, "The idea is to get them to install this on their computer, and then deliver the location of that circumventor, to people in filtered countries by the means they know to be the most secure. What we're trying to build is a network of trust among people who know each other, rather than a large tech network that people can just tap into." [cite news |first=Clark |last=Boyd |title=Bypassing China's net firewall |url=http://news.bbc.co.uk/2/hi/technology/3548035.stm |publisher=BBC News |id= |date=2004-03-10 |accessdate=2007-03-28]

Psiphon takes a substantially different approach to censorship circumvention than other tools used for such purposes, such as The Onion Router aka Tor. Psiphon requires no download on the client side, and thus offers ease-of-use for the end user. But unlike Tor, psiphon is not an anonymizer, as the server logs all of the clients surfing history. Psiphon differs from previous approaches in that the users themselves have access to server software. The developers of Psiphon have provided the user with a Microsoft Windows platform executable for the Psiphon server. If the server software attains a high level of use this would result in a greater number of servers being online. A great number of servers online would make the task of attacking the overall user base more difficult for those hostile to use of the psiphon proxy than attacking a few centralized servers, because each individual web proxy would have to be disabled one by one. In the most recent edition of the software, the psiphonode pings the Citizen Lab to “check in” and returns your public IP, which is then distributed to users. Although this does create the theoretical danger of a canonical list of psiphonodes which could be a target for an adversary determined to block psiphon, the Citizen Lab does not archive this information as a matter of policy. Additionally, users have the option to configure their psiphonodes not to "check in" with the Citizen Lab.

Through the psiphon control panel, psiphonode administrators have access to a log of sites that their psiphonites access, which makes the psiphon user subject to the consequences of any lack of good security practices, ill will, or possible censorship by the psiphonenode administrator. The authors of psiphon stress that these issues are "trust" issues, with exception of poor security practices, and should not present a problem because of the positive social relationship(s) between psiphon user(s) and psiphonode administrator(s). The theory being that if there is a good enough relationship to establish a psiphon user to psiphonode administrator tie, issues such as psiphonode censorship and ill will are not likely to arise, hence the term "social networks of trust" used in psiphon literature.

The software is funded by the Open Society Institute and was released under the GNU General Public License (GPL) on 1 December 2006. The Psiphon development team is actively exploring ways to sustain the project, possibly through a "professional service" that would complement and help fund the free, open source version.

Theoretical problems

In order to increase the ease which a psiphon server can be implemented, the latest version of psiphon has an IP address ping back service, with each new server pinging the Citizen Lab server in Toronto Canada.
# The Citizen Lab server then responds to the ping by transmitting the numerical IP address of the new psiphon server back in plain text, directly to the new psiphon server.
# This provides easy reference for the novice psiphon server administrator, who then distributes the IP address to those who need to use psiphon.
# The "ping back" behavior is presently a default, but need not be chosen, the option to not ping is present in the psiphon server software. [ [http://psiphon.civisec.org/samples/psiphon_guide.pdf Psiphon Guide] ]
# This problem is fixable, as it is possible for each request to be answered back with 100 DNS requests for websites that are generally considered harmless or too obscure to bother with. However, it would be cheaper in bandwidth and CPU time to just use 40 bit crypto to transfer the applicable DNS information.

There are inherent security risks in approaches such as psiphon, specifically those presented by logging by the services themselves. [cite journal|last=Clarke |first=Ian |coauthors=Scott G. Miller, Theodore W. Hong, Oskar Sandberg, Brandon Wiley |year=2002 |month=January/February |title= Protecting Free Expression Online with Freenet |journal=IEEE Internet Computing |volume=6 |issue=1 |pages=40–49 |url=http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/mags/ic/&toc=comp/mags/ic/2002/01/w1toc.xml&DOI=10.1109/4236.978368 |doi= 10.1109/4236.978368 ] The real world risks of log keeping was illustrated by the turn over of the e-mails of Li Zhi to the Chinese Government by Yahoo. Li was subsequently arrested, convicted and sent to jail for 8 years. [cite news|url = http://www.infoworld.com/article/06/02/09/75208_HNyahoohelpedjail_1.html |title = Yahoo may have helped jail another Chinese user |last = Lemon |first = Sumner |publisher = InfoWorld |date = 2006-02-09] Some have raised concerns that the IP addresses and the psiphon software download logs of psiphon users could fall into the wrong hands if the Citizen Lab computers were to get hacked or otherwise compromised.

Psiphon and data retention

The United Kingdom and some other European countries have data retention policies. Under these policies Internet Service Providers are obliged to retain a record of all their clients web browsing. The data retention period varies from six months to three years. In the UK this retained data is available to a very wide range of public bodies, including the police and security services. Anyone who operates a psiphonode in one of these countries needs to be aware that a record is kept of all web browsing through their computers. On the 15th March 2006 the European Union adopted Directive 2006/24/EC which requires all member states to introduce statutory data retention. The United States of America does not have a statutory data retention regime, though such a provision is under discussion. Such records as are retained by Internet Service Providers or web sites may be obtained by Federal authorities, without judicial oversight, using a National Security Letter.Fact|date=May 2007

See also

*TOR (anonymity network)
*Hacktivism
*The Six/Four System
*GNUnet
*Internet censorship
*Freedom of information
*OpenNet Initiative
*Ronald Deibert

References

External links

* [http://psiphon.civisec.org/ Psiphon Official Homepage]
* [http://psiphon.civisec.org/guides.html Psiphon Official User Guide]
* [http://www.cbc.ca/thehour/video.php?mode=w&save=0&id=1221 CBC The Hour - December 4, 2006]
* [http://news.bbc.co.uk/2/hi/technology/6187486.stm BBC: Web censorship 'bypass' unveiled]
* [http://www.canada.com/topics/technology/news/gizmos/story.html?id=af657743-6598-42c0-891a-bd660e26b4f1&k=7073 Canada.com: Canadian software touted as answer to Internet censorship abroad]
* [http://www.cnn.com/2006/TECH/internet/11/30/internet.firewalls.reut/ CNN: Experts find path around Internet firewalls]
* [http://www.computerworld.com.au/index.php/id;1633821483;fp;2;fpid;1 Computerworld: Liberation software designed on basis of trust]
* [http://www.theglobeandmail.com/servlet/story/LAC.20061130.CENSOR30/TPStory/National Globe and Mail: Scaling the walls of Web censorship]
* [http://today.reuters.com/news/articlenews.aspx?type=internetNews&storyID=2006-11-28T211732Z_01_N28258808_RTRUKOC_0_US-INTERNET-CENSORSHIP.xml&WTmodLoc=NewsArt-C2-NextArticle-1 Reuters: Canada experts find path round Internet firewalls]
* [http://www.youtube.com/watch?v=HMMzGO_KfhY CNN International: psiphon interview with Dr. Ron Deibert]
* [http://www.youtube.com/watch?v=Dfw1uRRX3rM Interview with Ronald Deibert from the Psiphon project on YouTube]
* [http://www.youtube.com/watch?v=1klb7ExoSNY Al Jazeera's Listening Post story about psiphon on YouTube]