Psiphon VPN operates exclusively on L2TP/IPSec rather than our preferred protocol OpenVPN. Itâs fairly secure when used in combination with AES 256-bit encryption, but itâs needlessly weaker than the competition.
Importantly, unlike the VPN app, Psiphonâs proxy service does not encrypt your internet traffic.

Using Wireshark, we tested whether Psiphonâs proxy (image on the left) and VPN (image on the right) effectively encrypted traffic.
Psiphonâs proxies use SSH, SSH+ (obfuscated), and HTTP configurations. Because Psiphonâs main goal is to access blocked content through the SSH+ proxy service, its apps donât provide many advanced privacy settings at all.
Thereâs no VPN kill switch, which would prevent your IP address from being exposed in the case of a connection drop.
Security Flaws & Independent Audit
While Cure53âs 2017 security audit of Psiphon revealed âno noteworthy security risks,â we did experience a few leaks during our testing which affected both the VPN and the proxy service.

In our tests, Psiphon VPN leaked our DNS requests.
Our tests of the Windows app revealed DNS request leaks. Previously, we also saw WebRTC leaks. Without a kill switch, the presence of leaks leaves your personal data entirely exposed to any snooping third parties.
You can see Psiphon proxy has DNS requests, WebRTC, and geolocation leaks during our testing in the picture below:

Psiphon also leaked DNS requests and more in proxy mode.
Only 16% of the 90 most popular free VPNs weâve tested leak DNS requests like Psiphon. There are far more secure and private free VPNs available, and even cheap no-logs VPN like PrivateVPN.
In 2019, a follow-up audit of Psiphonâs apps by Cure53 had âmixedâ results, with criticism of the Windows app in particular, stating:
Several parts of the application feel heavily outdated
In 2021, Psiphon recruited another auditor called 7ASecurity which provided a more positive assessment.
No Viruses, but Lots of Trackers & Permissions
Using VirusTotal, we scanned Psiphonâs app and found no malware or viruses.

Virustotal found no anomalous software in the Psiphon App, which is a direct download.
However, we found over 20 intrusive permissions and trackers in the Psiphon Pro Android app. Combined with Psiphonâs invasive privacy policy, we simply cannot recommend the VPN and proxy service.

Psiphon Pro on Android has way too many trackers and permissions.