Summary of Heartbleed impact on Psiphon: Some Psiphon servers were using affected versions of OpenSSL, leaving the Python web server vulnerable to the Heartbleed attack. Data at risk, within the web server component process, included Psiphon network topology information and network usage statistics in addition to web server key material. The SSH/SSH+ Psiphon tunnels were not at risk. User traffic flowing through the Psiphon servers was not at risk. VPN Psiphon tunnels were potentially at risk for man-in-the-middle attacks as the per-session authentication secret is in Python web server memory.

Psiphon has over a million active users every week. People use our software to get news, information and social media content that they would otherwise not be able to see. We offer apps for Windows and Android devices, mostly distributed through partnerships with news broadcasters and human rights organisations. This year, we’ve made a particularly big impact in Iran, coinciding with their Presidential election. Iran has always been a big challenge for us, and it’s also where we see the most people using our software.