Psiphon: critique from a crypto community member

Yesterday, I blogged about a new for-profit 'net censorship evasion tool called Psiphon. A member of the anonymity development community reached out with concerns. I'm blogging them here in the interest of presenting the full range of views on this subject from people in the community.

I see that Boing Boing is discussing Psiphon. This greatly concerns me because of their lack of transparency and accountability. Psiphon imply (but refuse to state explicitly) that they are in the anonymity business, yet they do not even have a publicly stated privacy policy. They are vague about their security claims and, even assuming good faith, have not disclosed any useful information on their security model and implementation.
Aside from the fact that they are, as a for-profit company handling personal information, required under Canadian law to disclose their privacy policy, this lack of transparency leaves me with serious concerns about their motivations and competence. This is especially troubling when one considers that their entire product is essentially a centrally administered proxy run with software unknown to the users. What do they store? What do they claim? How can we verify? Nothing? Something? Everything?
To sign up for their service, one either has to know Psiphon or know someone who uses Psiphon; this necessarily requires a knowledge of relationships on their part. For many users, I suspect this is a minor risk that seems remote until one again considers that this is a for-profit company. Do they promise to do anything with any of this data? Do they plan to store it forever? Do they promise to destroy it if they're ever offered money for their company? What happens if they are simply offered money for the data? Wouldn't it be better to avoid that temptation entirely by not requiring or keeping any of that data?

(More after the jump).

From a technical standpoint, I notice they claim to believe in Open Source software and the collaborative security it can deliver, yet the software on their website is the same outdated version as it was last year. This software is probably unrelated to the proxy service they are promoting, but it is difficult to know as they seem to keep these details secret.
This speaks nothing of the fact that a massive system to proxy information is a very tempting target for law enforcement or criminals. Which law enforcement and which criminals will be targeting Psiphon's massive data collection operation?
With so much secret sauce, I'd really caution anyone to consider the economic interests at play and I'd also advise users to decide carefully if they want to leave it up to Psiphon to make such important choices for them.
I wouldn't choose to use Psiphon and I sincerely hope others make a similar choice.

Previously: New Web Censor Evasion Toolkit Launches: Psiphon

Boing Boing editor/partner and tech culture journalist Xeni Jardin hosts and produces Boing Boing's in-flight TV channel on Virgin America airlines (#10 on the dial), and writes about living with breast cancer. Diagnosed in 2011. @xeni on Twitter. email: xeni@boingboing.net.

MORE: Safety

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

bwcbwc

Not to mention that “Psiphon” (siphon) sounds like one of the the oh-so-clever company names that law enforcement like to use for their sting operations. Just where is your information being siphoned off to?
Alan Smithee

I was skeptic too, tried out anyway and it sucked. Was really slow (at least from Eastern Europe) and Hulu refused to work, said I don’t have JavaScript. As it seems Hotspot Shield is the the only more or less useful tool to bypass IP based region locks.
Aaron

That was pretty much what I thought when I read the BB post.

It’s easy to say “Yes, I can provide security/anonymity/privacy”, anybody can do that. It’s another thing to actually do so in an honest and, most importantly, verifiable way.

Pretty surprised that BB posted the original post the way they did. Would have expected a bit more (healthy) scepticism.
Anonymous

The ironic thing is, Psiphon could in fact be a front for any number of organizations who would benefit from having such information funnel through their servers. It has not been unheard of for certain agencies to setup operations with the guise of doing something completely contrary to their publicly stated mission.

I say, forget about this and let people who want to use it, to do so. Why not? Buyer beware.
arkizzle

My first test was Hulu as well. And likewise, it’s back to sometimes-acceptable Hotspot Shield for me. I think HS’s recent popularity has pushed it beyond use for the foreseeable future (between the hulu’ers and the rapidshare-leeches), the golden age is over, for now at least :(
mjd

#1 If as Cory says press releases go straight into his rubbish bin, I think Xeni has been mistaking that for her in-tray.
Anonymous

FYI, their privacy policy is here: http://www.psiphon.ca/node/23 and loads of press with two of the main founders, Ron Deibert and Rafal Rohozinski is here: http://www.psiphon.ca/node/2

It might not be useful to everyone, but I’ve met these guys and they are very sincere.

db
Anonymous

I think it would be fairly difficult to provide pay-for anonymity, as how would anyone be billed? At some point, it’s installed somewhere, and there the trail begins, or ends.
Anonymous

I had a lecture the other day from Ron Diebert, he mentioned psiphon at the end and was very clear that using this software in countries such as Iran and China presents a real danger to the user. He went on to say that for this reason psiphon(he was mainly referring to the free version) is made to be as secure and anonymous as possible and the only vulnerability is the relationships between the psiphon users in each node.
Psiphon is also meant to be downloaded in Canada to provide maximum anonymity.
hep cat

#3, just google anonymous electronic cash , there are a lot of ways to do that