Psiphon: critique from a crypto community member

Yesterday, I blogged about a new for-profit 'net censorship evasion tool called Psiphon. A member of the anonymity development community reached out with concerns. I'm blogging them here in the interest of presenting the full range of views on this subject from people in the community.

I see that Boing Boing is discussing Psiphon. This greatly concerns me
because of their lack of transparency and accountability. Psiphon imply
(but refuse to state explicitly) that they are in the anonymity
business, yet they do not even have a publicly stated privacy policy.
They are vague about their security claims and, even assuming good
faith, have not disclosed any useful information on their security model
and implementation.

Aside from the fact that they are, as a for-profit company handling
personal information, required under Canadian law to disclose their
privacy policy, this lack of transparency leaves me with serious
concerns about their motivations and competence. This is especially
troubling when one considers that their entire product is essentially a
centrally administered proxy run with software unknown to the users.
What do they store? What do they claim? How can we verify? Nothing?
Something? Everything?

To sign up for their service, one either has to know Psiphon or know
someone who uses Psiphon; this necessarily requires a knowledge of
relationships on their part. For many users, I suspect this is a minor
risk that seems remote until one again considers that this is a
for-profit company. Do they promise to do anything with any of this
data? Do they plan to store it forever? Do they promise to destroy it if
they're ever offered money for their company? What happens if they are
simply offered money for the data? Wouldn't it be better to avoid that
temptation entirely by not requiring or keeping any of that data?

(More after the jump).

From a technical standpoint, I notice they claim to believe in Open
Source software and the collaborative security it can deliver, yet the
software on their website is the same outdated version as it was last
year. This software is probably unrelated to the proxy service they are
promoting, but it is difficult to know as they seem to keep these
details secret.

This speaks nothing of the fact that a massive system to proxy
information is a very tempting target for law enforcement or criminals.
Which law enforcement and which criminals will be targeting Psiphon's
massive data collection operation?

With so much secret sauce, I'd really caution anyone to consider the
economic interests at play and I'd also advise users to decide carefully
if they want to leave it up to Psiphon to make such important choices
for them.

I wouldn't choose to use Psiphon and I sincerely hope others make a
similar choice.

Previously: New Web Censor Evasion Toolkit Launches: Psiphon