Insights For Success

Strategy, Innovation, Leadership and Security

Censorship

A Canadian company breaking Internet censorship 

GeneralEdward Kiledjian
china-3303411.jpg

Controlling the flow of information is a critical tool in the arsenal of despots, dictators and authoritarian regimes. Some countries want to block a handful of internet sites (Facebook, Instagram, Twitter, etc.) while others exert an almost inconceivable stranglehold on the internet (think Iran). 

When we think of censorship, the typical list that comes to mind is North Korea, Iran, China and Cuba. The list is much more worrisome than that and includes countries such as Bahrain, Ethiopia, India, Pakistan, Russia, Saudi Arabia, Sudan, Syria, United Arab Emirates and more. Other countries typically offer an open internet to their population except during major events like Egypt during the spring uprising. 

Enter Psiphon

Psiphon is a Canadian company that started at the Citizen Lab intending to design censorship busting technology. It is an open-source tool designed to allow citizens living in restrictive regimes to access "forbidden content easily." The basic version of Psiphon that is free for everyone forever without requiring is account is speed limited to 2Mb/s. You can earn (by watching promo advertising videos) or buy PsiCash, which allows you to unlock faster speeds for a certain amount of time (up to 5Mb/s).

Earning PsiCash

As an example, watching a 30-second video ad earns you 35 PsiCash. You can watch about 5 in a row (earning you 150 PsiCash). You can exchange 100 PsiCash for 1 hour of "speed boost."

This is likely how citizens of repressive regimes would use the tool. If you are willing to spend cash via the Google Play store, you can buy 1000 PsiCash for $0.99CAD (10 hours of "speed boost"), 5000 PsiCash for $4,99CAD (50 hours of "speed boost"), etc. Every chuck of "speed boost" you buy starts counting down once you activate it.

Screenshot_20200628-150726.jpg


If you want a more traditional monthly subscription with unlimited use, you can opt for a recurring subscription.

Screenshot_20200628-152114.jpg

Or you can opt for an onetime pass unlimited use pass (if you are travelling to one of the regions that censors the internet)

07-01-2020_Image3.jpg

Who are these monthly recurring subscriptions for? They are for regions where the population is much better off (think Saudi Arabia) or for users that work in environments where undesirable internet sites are blocked (e.g. corporations, universities, etc).

DNS Leak Tests

I conducted a bunch of DNS Leak tests on Windows & Android and didn't detect any leaks. On some tests, Google DNS servers did show up but these were proxies by Psiphon so your confidentiality is protected. 

Different App Versions

You can download Psiphon from the Google Play Store, from the Apple AppStore, from their website (for Android or Windows).
 
If you send an empty email to [email protected], they will respond with an automated response listing different AWS URLs you can download the client from. The purpose of this option is to make the download available from cloud providers that are typically allowed. 

07-01-2020_Image5.jpg

Some news-oriented newspapers blocked in certain regions recommend you use Psiphon to access them (BBC, The Intercept, etc.). These sites even set up the same type of email download link response service, to help you find Psiphon easier (e.g. The Intercept set up [email protected]).

Most platforms offer 2 versions of the Psiphon app (basic and Pro). The basic version is the all free version, capped at 2Mb/s and it comes with small ads.

The Pro version seems to have more prominent ads but offers the option to have them removed if you buy a monthly subscription. 

The subscription and "speed boost" pricing is only available in the app, and pricing is region-specific (The high-speed monthly subscription seems to be $9.99USD/$14.99CAD/£9.99.) 

Last year Psiphon offered a 30 day trial for the subscription but has now lowered the trial to 7 days. 

Ease of use

Once you install the app, you can immediately start the speed-limited service. It does not require any type of registration. This lack of red tape speeds up the process but also means any PsiCash you buy is bound to that device and that particular installation. If you clear the app cache or reinstall the app (even on the same device), you PsiCash is gone.

During my initial test, I sideloaded the app on Android and wasn’t shown ads during use. That behaviour may change, so your mileage may vary. The Google Play versions I installed did show me ads.

07-01-2020_Image6.jpg

You will notice a **Stats** menu option in the previous image; this shows you how much data you have uploaded and downloaded. This is less of a concern in industrialized regions, but many developing countries have expensive data plans. This **stats** option aims to help users make smarter data usage choices.


How secure is Psiphon?

This article will not be a technical evaluation discussion about their security; however, you should read this section to ensure you understand what it does and what it does not. Psiphon is, first and foremost, a censorship busting tool. It uses a variety of technologies to ensure they can bust through most of the time. They combine different technologies like always changing server IPs, a series of cascading protocols (SSH, VPN, handshake obfuscation, etc.) and other anti fingerprinting techniques.

These work excessively well. A buddy in China installed the Android version and freely accessed restricted sites (consistently over a test period of a week). All traffic from your device to the Psiphon servers is always encrypted, and they don't log any personally identifiable information. The last piece is that the software is open-source and can be inspected by anyone.

This service is NOT a replacement for other more common western VPNs like ExpressVPN, NordVPN, ProtonVPN, etc. Psiphon does a much better job of breaking through censorship controls. Still, it does not offer all of the privacy-protecting tools that traditional VPNs do (CyberSec DNS from Nord or the ability to control where you exit the network).

Psiphon does not claim to increase your privacy because they don't protect you from website fingerprinting, beacons on the web or other privacy destroying techniques.

Psiphon shares aggregated information with its commercial partners.

Use Psiphon is you need to break censorship controls.

If you need strong privacy, go TOR (TOR does not work in most censoring regions).

Conclusion

I read a ton of discussions about Psiphon on different social media sites from people claiming to in repressive regimes. Even with the fact it is slow, clunky and not the most beautiful app, it provides a critical service that nothing else seems to offer.

Most users benefit from the free version, and Psiphon doesn't have an army of support people waiting to chat with you or respond to your emails.

If you are in a country that controls the internet, try TOR first. If it doesn't work, then jump to Psiphon.

If you live in one of the western countries where we enjoy relatively unfettered access to the internet, you would be better served by a traditional VPN service.

KeepSolid VPN Unlimited Review

GeneralEdward Kiledjian

VPN Unlimited is one of the most popular VPN services available and for good reason. It is fast, reliable and competitively priced (deal below).

VPN Unlimited is a USA based provider and offers termination in more than 30 countries (with multiple locations in most countries). VPN Unlimited has good platform support (Windows, Mac, iPhone, iPad, Android) and very well written clients.

Above is a screenshot of the protection menu option on their IOS client. When set to High security, they (in addition to VPN protection) automatically add anti-malware, tracking blocking and ad blocking.) All of this extra security is done at the network layer without the need to configure any additional applications or pay additional fees.

Like most VPN service providers, VPN Unlimited specifically mentions that they do not allow illegal torrenting via their service. They recognise that not all torrents are illegal and allow the use of the BitTorrent protocol on these VPN termination points: US-California 1, Canada-Ontario, Romania, Luxembourg, and France servers.

A question I get asked often is "Does VPN Unlimited support OpenVPN on iOS, iPhone or iPad?" The answer is Yes! As shown in the above screenshot. Additionally, they support a protocol they call KeepSolid Wise (similar to the Chameleon protocol on VyprVPN). KeepSolid Wise uses common ports (TCP 443/USP 33434) which help bypass firewall restrictions and packet shaping control for most environments. KeepSolid Wise is available on iOS, Android, MacOS, Linux and Windows clients.

I setup VPN Unlimited on a Windows machine configured for maximum privacy. I then ran a battery of tests to determine how well it protected my privacy.

  • does not leak DNS queries when in VPN mode (go here to test)
  • does hide your actual IP address (go here to test)
  • does not leak IP or DNS information via JAVA or Flash ( Go here to test)
  • protecting P2P traffic. Although I do not condone or encourage the use of P2P tools to steal protected media, there are dozens of legitimate uses for P2P technology. It is important to ensure your VPN product protects you while using P2P and VyprVPN did. You go to this site and the find the Torrent Address Detection. You download their magnet link into your P2P client of choice then activate the test. If it shows your real IP or DNS, you are not protected. You should only see your VPN address here.
  • VPN Unlimited is not subject to WebRTC leaks when in VPN mode (go here to test

VPN Unlimited seems well written and does offer good protection.

Deal

VPN Unlimited is currently running a couple of specials that are worth considering (I bought the unlimited plan):

  • KeepSolid VPN Unlimited lifetime subscription for only $49.99 (for 5 devices)
  • KeepSolid VPN Unlimited 3-year subscription for only $29.99 (for 5 devices)
  • Add their Infinity Plan (aka 5 additional device licenses) for $14.99  but you must own one of the above subscriptions

Conclusion

The best summary I can give you is that VPN Unlimited has a permanent stop on the first page of my iPhone and I use it regularly. 

VPN Unlimited has decent privacy policies but isn't the super secret spy-proof identity protection service. If you want to protect your connection while out and about, VPN Unlimited is cheap, fast and reliable. If you want a super secret identity protecting connection then create your own VPN service on AWS or Azure using one of the pre-made scripts.

Questions

Does KeepSolid Wise work in China?

China severely controls encryption and in some cases slows down encrypted connections making them barely usable. A friend recently travelled to mainland China and reported that VPN Unlimited (with KeepSolid Wise UDP) worked flawlessly.

Does KeepSolid VPN Unlimited support video streaming?

Some of the cheaper VPN providers limit the quality of video from streaming sites because these stress the technical infrastructure of the provider. VPN Unlimited supports streaming video on all termination points but also makes available streaming optimized termination points which are specifically designed to work "better" with sites like Youtube, Dailymotion, Vimeo and more.

Does KeepSolid VPN limit connection speed?

There are dozens of factors that contribute to your overall internet speed but VPN Unlimited does not have tiered pricing based on speed and does not limit connection speed in any way. On most clients, they even show the workload on each termination point which means you can choose one with the least amount of current load (which should lead to better performance).

Does VPN Unlimited support Chromebooks?

VPN Unlimited has a Google Chrome plugin (which works on Chromebooks) and allows you to protect your web browsing only. Obviously as a proxy, it is less secure and missing many of the additional features you expect from VPN Unlimited but it is a great way to browse quickly (securely) and a great option on a Chromebook that doesn't require Jedi level knowledge to implement. 

Mehr is the official video service for Iran

PoliticsEdward Kiledjian
Iran's religious and political leadership view Youtube as a great evil and are launching an alternative called Mehr. Mehr allows registered users to upload videos and allows anyone to watch posted videos (like Youtube). Of particular interest may be the content provided by the national Iranian broadcaster IRIB.
Iran is increasing its control on information and is even expected to lauch it's own Iranian Internet (or should we call it a national intranet) in 2013. We have read reports from activists that many Iranian's, thirsty for uncensored information, have started using  technologies (like VPN, TOR,etc) to bypass controls. It is expected that the Iranian officials will slowly but surely implement stronger inspection tools to prevent bypassing of their controls.