Psiphon secure browsing proxy released

Last month, Toronto-based civic activists at The Citizen Lab released a new open source secure Web browsing tool designed to let people in repressive countries tunnel through government Internet filters. Known as Psiphon, the program allows users with unfiltered Internet access to provide a private, SSL-encrypted Web proxy for use by individuals in firewalled countries.

Psiphon takes a substantially different approach than secure browsing tools like The Onion Router (Tor). Unlike Tor, it requires zero setup on the part of the user behind the firewall — but at the cost of dispensing with Tor’s absolute anonymity.

In a Psiphon usage scenario, the user providing the Psiphon service supplies an HTTPS URI (by default, simply https://N.N.N.N/login/, where N.N.N.N is the host computer’s numeric IP address) to the user behind the firewall, preferably through some non-electronic means. At that URI, Psiphon serves a password-protected proxy service that runs solely within the browser session — unlike a traditional proxy, which requires altering the Web browser’s configuration.

That distinction offers two advantages over traditional proxies. First, it makes the service accessible even on computer systems where altering the proxy settings is impossible or externally audited, such as public terminals. Second, it allows the firewalled user to use the proxy service only for accessing blocked content, placing less demand on the proxy server, and in theory making for a less suspicious browsing session.

Each Psiphon server is limited to pre-approved users, thus preventing abuse of the proxy by unauthorized individuals. But that does away with anonymity; moreover, sites accessed through the proxy can be logged by the Psiphon administrator. Tor fans might scoff, but The Citizen Lab emphasizes that the goal of the project is not to provide end-user privacy, but rather to enable access to blocked Web content to people in politically repressive states.

So far, only Windows binaries have been released, although Linux and Mac OS X support is promised. Both the binary packages and the GPL-licensed source code are available for download. The program can be used only to tunnel HTTP content. It runs on TCP port 443 (traditionally reserved for HTTPS) by default, though that is configurable.

The weakest link in Psiphon’s security model is distributing the URI from the Psiphon administrator to the firewalled user, a problem the Citizen Lab refers to as a “social networking” issue. The organization does not provide any specific means to pass a Psiphon URI to a firewalled user, but it has taken steps to prevent common problems like man-in-the-middle attacks. Psiphon servers use self-signed security certificates, which must be manually verified by the end user. And Psiphon is designed to serve innocuous content to potential eavesdroppers, should some censoring organization spot the HTTPS connection and proceed to examine the IP address.

Psiphon is not designed to solve all secure Web browsing dilemmas. Rather, it is a means by which those in uncensored countries can assist specific individuals in censored countries access blocked Web content — without placing any technical (or personal security) burden on those individuals.