In December 2017-January 2018, protests erupted throughout Iran, calling for change in the country. Unlike the protests of 2009, known as the Green Revolution, this civil unrest involved many Iranians that previously were unaffiliated with any political opposition movement. In response, the Iranian government enacted blocks on Telegram and Instagram in the country. To gain access to these applications and circumvent censorship, Iranian users flooded to tools like Psiphon. In order to shed light on these protests and the resulting surge in users, Psiphon has collected and analyzed network data from before, during and after the protests.

Psiphon Inc. has for years been leading the charge to open the internet to those living under censoring regimes. Despite facing no content restrictions online, users from Western countries are turning to VPNs such as Psiphon, to protect their personal privacy online. Yet in March 2017, the Pew Research Center released a startling statistic that some 70% of American internet users are not sure what purpose a VPN serves.1 If the ever-increasing number of Psiphon accounts is any indication of the growing number of VPN users worldwide, a substantial influx of independent users are entering a market in which they have no metric for critically evaluating the products.

Google’s removal of domain fronting emphasizes the need for solutions like Psiphon. Google has confirmed that they will block domain fronting across Google domains and App Engine. For many apps and publishers, this represents a step backwards in the fight for internet freedom. While Psiphon has never relied on this Google service, many app developers continued to depend on the practice as a convenient and straightforward means of circumventing state-level censorship, despite the long-running speculation that Google would close this loophole (eg.

In late June 2017, Psiphon continued to prove its commitment to open source development (you can access our code repository here), by commissioning Cure53 to perform a security audit of our services. The security review took 22 days and a total of 9 testers to complete what was described as a review with a “vast scope” and the Cure53 testers were very thorough. This is our 2nd security audit of this kind in 3 years (you can see the results of the 1st one, performed by iSec here).