English فارسی Suomi
Français Nederlands Translate

Circumvention Tools

CircumventionTools: UsingPsiphon

Using psiphon

psiphon is a Web proxy designed to be used between people who have pre-existing private, trusted relationships (such as friends and family). A person in an unrestricted location provides a psiphon proxy service to a person they know in a location where access is limited. It is not intended to be a public, open proxy service.

If you want to use psiphon to bypass Internet restrictions, you first need to find someone in a location with no Internet restrictions who is willing to provide a psiphon node for you. There is an official psiphon forum at http://psiphon.civisec.org/forum/ where psiphon users share information about available psiphon nodes. You may be able to find a trustworthy person through that forum, but note that the person whose psiphon node you use will have access to all of your Internet activity, including passwords and other private data.

(If you have a server or Web space in a location with no Internet restrictions, you can install psiphon for other people to use. Visit http://psiphon.ca/download.php for more information.)

Connecting to a psiphon Proxy

When you have established contact with the owner of a psiphon node, that person will send you information that may look like this:

URL: https://86.103.195.150:443/cship/
Username: cship
Password: cship

To use the psiphon proxy, enter the URL you receive into your Web browser and then sign in with the appropriate account information.

Adding an SSL Exception

The first time that you connect to a psiphon URL, your Web browser might show an error message about a non-valid SSL certificate, as shown below. This happens because you are using an SSL connection (indicated by "https:" in the URL), and SSL connections are normally supposed to be secured with official SSL certificates to authenticate the server. Official SSL certificates cost money, so the owner of the psiphon node might not have one (so far, most psiphon nodes don't have them). Ignoring this error message may pose a risk to your privacy because a clever network operator could pretend to be the psiphon server. If you are concerned primarily with access and not privacy, ignoring this error could be appropriate.

If you choose to proceed, you can add an exception rule in your browser so that you will not see it every time you connect. In this example, the exception is added to the Firefox 3 browser:

securefail

  • Click the "Or you can add an exception" link at the bottom of the page. The browser displays more  information and buttons.
securefail2
  • Click "Add Exception". The browser opens a dialog box, with the URL you originally entered in the Location box:
firefox_ssl3_1
  • Click "Get Certificate". More information appears in the dialog box. 
firefox_ssl4_1
  • Click "Confirm Security Exception."

If you're concerned about privacy

Adding a security exception or ignoring the security warning, as described above, creates some risk for privacy because a clever eavesdropper who controls part of your network connection could try to trick you by pretending to be a psiphon server. The severity of this risk depends on how likely it is that someone will try to intercept your communications in this way. In some environments, ignoring the security warning once may not be a substantial risk. (If the first connection wasn't tampered with, subsequent connections will be safe because Firefox remembers the identity of the site you communicated with.) If you're concerned primarily with circumvention and not with privacy, this concern may not be relevant to you.

If you're specifically concerned about privacy and preventing eavesdropping, there are safer ways to verify a site's identity before adding a security exception. One way that may work with Firefox is to use the Perspectives software from Carnegie Mellon University (http://www.cs.cmu.edu/~perspectives/). Perspectives confirms that a psiphon site, or other Web sites without an official security certificate, looks the same to you as it does to several other servers.

Logging in to the Proxy

When you see the login page, enter the username and password you got from your contact (in this example both are "cship"). Make sure that the URL starts with "https" so that you are using the psiphon node over a secure encrypted connection.

psiphon1_using1

Browsing via the Proxy

After you login, you will see a psiphon start page.

Enter the URL for the Web site you want to visit (in this example, http://en.cship.org/wiki/), in the box at the top of the page (under the address box for the browser itself).

psiphon1_using2
    Click the arrow button on the screen or press the Enter key on your keyboard. The browser displays the Web site whose URL you entered, with the psiphon address box at the top.

    To continue browsing you can either:
    • Click any link. The Web proxy is automatically used to retrieve linked pages.
    • Enter a new URL in the psiphon address box at the top of the page (not the browser's address box).
        psiphon1_using3

          Keep in mind that the owner of the psiphon node can monitor and log every Web site and even every password you transfer over that node. In fact, psiphon normally displays a list of the URLs being viewed to the psiphonode operator. That is why it is important that your contact is someone you trust.


          EDIT