Frequently Asked Questions

Is my Psiphon for Windows authentic?

Psiphon for Windows is never distributed as an installable package. Each Psiphon for Windows client is a single executable file (".exe") that is digitally signed by Psiphon Inc. Windows automatically checks this signature when you run the client. You can also manually inspect the signature before running the client by invoking the Properties dialog for the file and inspecting the Digital Signatures tab. The SHA1 thumbprint for the Psiphon Inc. certificate public key is displayed in the Certificate dialog Details tab.

Image showing how to check the Psiphon executable signature on Windows

For the certificate valid for the period 2014-05-08 to 2017-09-06 the SHA1 thumbprint is:

9b a0 bd 1c e4 ca f6 20 41 0d 46 47 ae 40 b0 7c 83 c7 31 99

For the certificate valid for the period 2012-05-21 to 2014-07-30 the SHA1 thumbprint is:

84 c5 13 5b 13 d1 53 96 7e 88 c9 13 86 0e 83 ee ef 48 8e 91

For the certificate valid for the period 2011-06-16 to 2012-06-21 the SHA1 thumbprint is:

8f b7 ef bd 20 a9 20 3a 38 37 08 a2 1e 0a 1d 2e ad 7b ee 6d

Psiphon for Windows auto-updates itself, and this process automatically verifies that each update is authentic.

Is my Psiphon for Android authentic?

ALERT: A recently reported vulnerability may cause Android app signature checking to falsely report malicious APKs as valid. We recommend that users turn on the Google Verify Apps feature as documented here.

Each Psiphon for Android client is shipped as an Android APK file (".apk") that is digitally signed by Psiphon Inc. The Psiphon Inc. certificate public key is as follows:

Owner: CN=Psiphon Inc., OU=Psiphon Inc., O=Psiphon Inc.,
L=Unknown, ST=Unknown, C=CA
Issuer: CN=Psiphon Inc., OU=Psiphon Inc., O=Psiphon Inc.,
L=Unknown, ST=Unknown, C=CA
Serial number: 349480e5
Valid from: Fri Jun 01 12:04:42 EDT 2012 until: Tue Oct 18 12:04:42 EDT 2039
Certificate fingerprints:
MD5:  BB:08:CD:91:22:FC:EB:17:1A:4A:3B:90:65:CE:2E:58
SHA1: 49:2C:3A:49:20:F3:6B:AE:95:90:EB:69:A6:36:E9:88:A7:41:7A:95
SHA256: 76:DB:EF:15:F6:77:26:D4:51:A1:23:59:B8:57:9C:0D:
Signature algorithm name: SHA256withRSA
Version: 3

An APK may be validated by (1) extracting the certificate from the archive and checking that its fingerprints matches the value above and (2) verifying that the APK is signed with the certificate. For example, using Unix and Java command-line tools:

$ unzip -p PsiphonAndroid.apk META-INF/PSIPHON.RSA | keytool -printcert
$ jarsigner -verbose -verify PsiphonAndroid.apk

Psiphon for Android auto-updates itself, and this process automatically verifies that each update is authentic.

Can my ISP see what I'm doing on the Internet while I'm using Psiphon?

All data that goes through Psiphon is encrypted. This means that your ISP cannot see the content of your Internet traffic: web pages your browse, your chat messages, your uploads, etc.

However, please keep in mind that Psiphon is designed to be a censorship circumvention tool, and is not specifically designed for anti-surveillance purposes. Psiphon does not prevent your browsing history and cookies from being stored on your computer. And in some cases your Internet traffic might not be tunneled through Psiphon in SSH or SSH+ mode, for example if your browser's proxy settings are misconfigured, or if you leave your browser open after exiting Psiphon.

There are also advanced techniques which can look at encrypted traffic and determine some things about it, such as what website is being browsed. The primary example of this "traffic fingerprinting".

If you require anonymity over the Internet then you should use Tor instead of Psiphon.

How do I enable Android "sideloading"?

In order to install a direct download of Psiphon for Android, you must enable "sideloading". To do so, go into your Android settings, then into the "Security" section, then enable "Unknown sources".

screenshot of enabling sideloading

What user information does Psiphon collect?

Please see our Privacy Policy to learn about what information we collect.

Why does my Psiphon IP address frequently change?

Your Psiphon client will automatically discover new Psiphon servers. When the last server used is currently unavailable, another one can be used instead.

Why do I see the message "connection failed" repeating over and over?

If you see repeated "connection failed" messages, it means that there are no available servers that your client knows about. Try to download a new Psiphon client.

How do I check my current version of Psiphon?

When Psiphon starts, it displays the Client Version on the first line of output.

What is the file "psiphon3.exe.orig"?

The automatic update process in Psiphon for Windows renames its old version to "psiphon3.exe.orig". Old files with the ".orig" suffix can safely be deleted.

Does Psiphon for Windows proxy all of my Internet traffic?

Only in VPN mode. After a successful connection is established in VPN mode, your entire computer’s traffic will pass through the Psiphon network. In SSH modes, only applications that use the local HTTP and SOCKS proxies will be proxied.

Is Psiphon for Windows compatible with IE, Firefox, Safari, and Chrome web browsers?

Yes. In SSH modes, check your browser settings and make sure that it is configured to use the system proxy settings.

Are there any port restrictions in VPN mode? Why can't I send email using my mail client in VPN mode?

Outbound connections from the Psiphon for Windows VPN can be made only on the following ports: 53, 80, 443, 554, 1935, 7070, 8000, 8001, 6971-6999. See this discussion for more information. Mail clients cannot establish outbound connections on ports 25 and 587. See this discussion for more information.

What VPN protocol is used by Psiphon for Windows? Why can't I connect?

Psiphon uses the L2TP/IPSec VPN protocol. Your network's firewall may not allow the use of VPNs. Your home router may not be configured to pass through this VPN protocol; check your firewall settings to see that IPSec or L2TP pass-through is enabled. Your system’s IPSec Services may be disabled; check your service settings and enable this service to start automatically.

I can connect to Psiphon for Windows in VPN mode, but why is it so slow? Sometimes web pages don't load at all.

Certain networking hardware or Internet connections may cause performance problems for L2TP/IPSec which is the protocol used by Psiphon in VPN mode. Try using SSH modes instead.

When I connect to Psiphon for Windows in VPN mode, none of my web pages load. I get error messages indicating that a domain lookup failed.

Psiphon restricts DNS traffic to white-listed, vetted DNS servers. The Psiphon client automatically configures your VPN DNS server settings. If you're getting errors related to DNS, check that you're not infected by the "DNS Changer" malware, which tries to change your DNS server settings. More info can be found here.

How do I configure applications to use the Psiphon tunnel in SSH modes?

Psiphon will automatically configure your system to use a local HTTP/HTTPS proxy at and a local SOCKS proxy at Windows applications that use the System Proxy Settings will automatically be proxied. You may manually configure other applications to use these local proxies. Both Psiphon for Windows (SSH modes) and Psiphon for Android run these local proxies.

What is SSH+ mode?

SSH+ is SSH mode with the addition of an obfuscation layer on top of the SSH handshake to defend against protocol fingerprinting. A description of the protocol can be found here.

I use AutoProxy. How can I tell Psiphon for Windows not to configure my system proxy settings?

Click Run, and type regedit to open the Registry Editor. Find and open HKEY_CURRENT_USER\Software\Psiphon3, and on the right side you will see UserSkipProxySettings. Set this value to 1 and Psiphon will not automatically configure the system proxy settings.

What happened to whole device mode for rooted Android devices?

Before December 2015 Psiphon for Android had a feature that allowed users with older Android devices (pre-4.0/ICS) to tunnel the whole device if it was rooted. A major update to Psiphon at that time necessitated the removal of that feature.