Psiphon 3 is a circumvention tool from Psiphon Inc. that utilizes VPN, SSH and HTTP Proxy technology to provide you with uncensored access to Internet content. Your Psiphon 3 client will automatically learn about new access points to maximize your chances of bypassing censorship.
Psiphon 3 is designed to provide you with open access to online content. Psiphon does not increase your online privacy, and should not be considered or used as an online security tool.
Click the link to download the client program for Windows XP, Vista, 7, and 8 (desktop) or Android 2.2+.
Psiphon 3 clients for iOS and Mac OS X are coming soon.
Psiphon 3 for Windows is never distributed as an installable package. Each Psiphon 3 for Windows client is a single executable file (".exe") that is digitally signed by Psiphon Inc. Windows automatically checks this signature when you run the client. You can also manually inspect the signature before running the client by invoking the Properties dialog for the file and inspecting the Digital Signatures tab.
The SHA1 thumbprint for the Psiphon Inc. certificate public key is displayed in the Certificate dialog Details tab. For the certificate valid for the period June 16, 2011 to June 21, 2012 the SHA1 thumbprint is:
8f:b7:ef:bd:20:a9:20:3a:38:37:08:a2:1e:0a:1d:2e:ad:7b:ee:6dand for the certificate valid for the for the period May 21, 2011 to July 30, 2014 the SHA1 thumbprint is:
Psiphon 3 for Windows auto-updates itself, and this process automatically verifies that each update is authentic.
Download the client program and run it. When you run it, you should see a security prompt showing that this program is a legitimate product of Psiphon Inc.
Psiphon 3 automatically starts connecting when you run it. While it is connecting, a spinning icon is displayed. You may select one of the following tunnel modes: VPN (L2TP over IPSec), SSH, or SSH+ (SSH plus obfuscation, a randomized layer on top of SSH to avoid protocol fingerprinting).
Connection to the Psiphon server is established when the green icon is displayed. In VPN mode, all of your traffic automatically tunnels through Psiphon 3.
In SSH and SSH+ modes, Psiphon 3 automatically sets the Windows system proxy settings and traffic for applications that respect these settings tunnel through Psiphon 3. These settings are respected by default by all major web browsers.
Furthermore, in SSH and SSH+ modes, Psiphon 3 offers a split tunnel option where international traffic is tunneled through the proxy and domestic traffic is not. Check the “Don’t proxy...” option to enable split tunneling. When this option is on, unproxied domains are reported in the message area.
When you close the program, Psiphon 3 automatically disconnects. You can also click on the icon to toggle the connection.
Each Psiphon 3 for Android client is shipped as an Android APK file (".apk") that is digitally signed by Psiphon Inc. The Psiphon Inc. certificate public key is as follows:
Owner: CN=Psiphon Inc., OU=Psiphon Inc., O=Psiphon Inc., L=Unknown, ST=Unknown, C=CA Issuer: CN=Psiphon Inc., OU=Psiphon Inc., O=Psiphon Inc., L=Unknown, ST=Unknown, C=CA Serial number: 349480e5 Valid from: Fri Jun 01 12:04:42 EDT 2012 until: Tue Oct 18 12:04:42 EDT 2039 Certificate fingerprints: MD5: BB:08:CD:91:22:FC:EB:17:1A:4A:3B:90:65:CE:2E:58 SHA1: 49:2C:3A:49:20:F3:6B:AE:95:90:EB:69:A6:36:E9:88:A7:41:7A:95 SHA256: 76:DB:EF:15:F6:77:26:D4:51:A1:23:59:B8:57:9C:0D: 7A:9F:63:5D:52:6A:A3:74:24:DF:13:16:32:F1:78:10 Signature algorithm name: SHA256withRSA Version: 3
An APK may be validated by (1) extracting the certificate from the archive and checking that its fingerprints matches the value above and (2) verifying that the APK is signed with the certificate. For example, using Unix and Java command-line tools:
$ unzip -p PsiphonAndroid.apk META-INF/PSIPHON.RSA | keytool -printcert $ jarsigner -verbose -verify PsiphonAndroid.apk
Psiphon 3 for Android auto-updates itself, and this process automatically verifies that each update is authentic.
Click on a Psiphon APK link from within your Android email or browser to begin the installation.
To install a Psiphon APK, you must enable the option in your Android device to install non-Market apps. Psiphon 3 for Android will automatically update itself.
When you launch the Psiphon 3 app, it will automatically start connecting to the Psiphon network.
Once the app has connected to the network, it will launch the built-in Psiphon browser. Psiphon 3 for Android does not automatically tunnel the traffic for the default Android browser or other apps. By default, only the Psiphon browser is tunneled through the Psiphon 3 network.
We collect the following data to find out how well Psiphon is working, what sites are popular and what propagation strategies are effective. This information is shared with our partners so that they can see, for example, how often their sites are visited through Psiphon and from which countries.
User IP addresses and email addresses are never collected; users are not required to create accounts to use the system.
Event logs include timestamps, region codes (GeoIP country code) and non-identifying attributes including sponsor ID (determined by which Psiphon client is used), client version, and protocol type. Page views are aggregated by time and/or session before being logged.
All statistics shared with sponsors are further aggregated by date, sponsor, and region.
When you choose to submit feedback through Psiphon you will have the option of including diagnostic data. We use this data to help us troubleshoot any problems you might be having and to help us keep Psiphon running smoothly. Sending this data is entirely optional. The data is encrypted before you send it, and can only be decrypted by us. The information in the data varies by platform, but it may include:
From time to time Psiphon may have to record additional information in order to resolve a problem with our service. When this occurs, we will add an entry here describing what was recorded, how long it was kept, and why.
Psiphon 3 is an open source project. You can find source code and design documents on the project home page.
Psiphon 3 clients use the following open source components.
Q: Where can I get the latest information about Psiphon 3?
Q: Why does my Psiphon 3 IP address frequently change?
A: Your Psiphon 3 client will automatically discover new Psiphon 3 servers. When the last server used is currently unavailable, another one can be used instead.
Q: Why do I see the message "connection failed" repeating over and over?
A: If you see repeated "connection failed" messages, it means that there are no available servers that your client knows about. Try to download a new Psiphon 3 client.
Q: How can I get a new Psiphon 3 client?
A: Send an email to firstname.lastname@example.org or the email address you used to obtain your current Psiphon 3 client.
Q: How do I check my current version of Psiphon 3?
A: When Psiphon 3 starts, it displays the Client Version on the first line of output.
Q: What is the file "psiphon3.exe.orig"?
A: The automatic update process in Psiphon 3 for Windows renames its old version to "psiphon3.exe.orig". Old files with the ".orig" suffix can safely be deleted.
Q: Does Psiphon 3 for Windows proxy all of my Internet traffic?
A: Only in VPN mode. After a successful connection is established in VPN mode, your entire computer’s traffic will pass through the Psiphon 3 network. In SSH modes, only applications that use the local HTTP and SOCKS proxies will be proxied.
Q: Is Psiphon 3 for Windows compatible with IE, Firefox, Safari, and Chrome web browsers?
A: Yes. In SSH modes, check your browser settings and make sure that it is configured to use the system proxy settings.
Q: Are there any port restrictions in VPN mode? Why can't I send email using my mail client in VPN mode?
A: Outbound connections from the Psiphon 3 for Windows VPN can be made only on the following ports: 53, 80, 443, 554, 1935, 7070, 8000, 8001, 6971-6999. See this discussion for more information. Mail clients cannot establish outbound connections on ports 25 and 587. See this discussion for more information.
Q: What VPN protocol is used by Psiphon 3 for Windows? Why can't I connect?
A: Psiphon uses the L2TP/IPSec VPN protocol. Your network's firewall may not allow the use of VPNs. Your home router may not be configured to pass through this VPN protocol; check your firewall settings to see that IPSec or L2TP pass-through is enabled. Your system’s IPSec Services may be disabled; check your service settings and enable this service to start automatically.
Q: I can connect to Psiphon 3 for Windows in VPN mode, but why is it so slow? Sometimes web pages don't load at all.
A: Certain networking hardware or Internet connections may cause performance problems for L2TP/IPSec which is the protocol used by Psiphon 3 in VPN mode. Try using SSH modes instead.
Q: When I connect to Psiphon 3 for Windows in VPN mode, none of my web pages load. I get error messages indicating that a domain lookup failed.
A: Psiphon 3 restricts DNS traffic to white-listed, vetted DNS servers. The Psiphon 3 client automatically configures your VPN DNS server settings. If you're getting errors related to DNS, check that you're not infected by the "DNS Changer" malware, which tries to change your DNS server settings. More info can be found here.
Q: How do I configure applications to use the Psiphon 3 tunnel in SSH modes?
A: Psiphon 3 will automatically configure your system to use a local HTTP/HTTPS proxy at 127.0.0.1:8080 and a local SOCKS proxy at 127.0.0.1:1080. Windows applications that use the System Proxy Settings will automatically be proxied. You may manually configure other applications to use these local proxies. Both Psiphon 3 for Windows (SSH modes) and Psiphon 3 for Android run these local proxies.
Q: What is SSH+ mode?
A: SSH mode with the addition of an obfuscation layer on top of the SSH handshake to defend against protocol fingerprinting. A description of the protocol can be found here.
Q. In SSH mode for Psiphon 3 for Windows, I see the error message "Failed to connect to Polipo". What can I do?
A: The local HTTP proxy could not run. You might have another process running that is using the default port. Try using a different port. See the question "Q. Can I run the local HTTP proxy on a different port than 8080?"
Q. Can I run the local HTTP proxy on a different port than 8080?
A: Yes, on Windows. Click Run, and type "regedit" to open the Registry Editor. Find and open "HKEY_CURRENT_USER\Software\Psiphon3", and on the right side you will see "UserLocalHTTPProxyPort". Set it's value to the port (in Decimal) that you would like to use.
Q: I use AutoProxy. How can I tell Psiphon 3 for Windows not to configure my system proxy settings?
A: Click Run, and type "regedit" to open the Registry Editor. Find and open "HKEY_CURRENT_USER\Software\Psiphon3", and on the right side you will see "UserSkipProxySettings". Set this value to 1 and Psiphon 3 will not automatically configure the system proxy settings.