A severe security vulnerability in the Android AOSP browser has been disclosed: http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html The Psiphon team has determined that the built-in browser ("browser-only mode") in our Psiphon app is affected, on Android versions 3.0 to 4.3, through its use of Android AOSP browser via the WebView component. There is no known mitigation for this security vulnerability other than to disable JavaScript in our built-in browser WebView components. We are releasing Psiphon for Android version 62 which will disable JavaScript in the built-in browser on these versions of Android.

From March 25 - 31, Psiphon partnered with British Council to deploy the BFI Flare #FiveFilms4Freedom campaign, a global digital human rights initiative and history’s first global, digital LGBT cinematic event. A leader in contemporary LGBT cinema for 29 years, BFI Flare 2015 sought to encourage the world to watch a film together, and show that love is a basic human right. Psiphon helped maximize the global impact of the campaign, connecting the festival’s LGBT filmmakers and their stories to audiences in 135 countries around the world, in some of the most heavily censored societies — places where freedom of expression is not a given, in particular for members of the LGBT community.

Here's an update to address two recent questions: in simple terms, what is Psiphon and how does it differ from a VPN service; and, what has changed since the technical design document was last updated. Psiphon 3 is a centrally managed, geographically diverse network of 1000s of proxy servers. Most of our infrastructure is hosted with cloud providers. Psiphon 3 is a "one hop" architecture with secure link encryption between clients and servers.

At Psiphon, we’re committed to open source development. We talked about this in a previous blog post, and you can access our source code here. We were recently offered the chance to take this openness a step further with a formal security audit of our Windows and Android products, to be carried out by iSEC Partners. As part of our effort to be transparent in the way we operate, we are pleased to publish this report in full, which you can access here.