Our normal data collection practices are described in the FAQ. Whenever we need to temporarily change (increase) our data collection, we will describe here what we're doing and what the impact is.
2023-05-08: Privacy exception: Possible exposure of client IP addresses
It was possible for any actor aware of the issue to connect to the Conjure registrar and obtain a list of active registration information, including associated client IP addresses.
Once the issue was discovered in late April 2023, logs were monitored and no suspicious connections to the Conjure registrar were observed.
2021-01-26: Privacy exception: Rare accidental logging of sensitive information
2020-11-27: Possible use of ACCESS_COARSE_LOCATION permission by 3rd party advertising SDKs
2020-11-09: Privacy exception: Rare accidental logging of upstream proxy credentials
2020-11-09: Privacy exception: Rare accidental logging of network request destination on Psiphon iOS VPN
On June 25th, 2020 we released a change which logged metadata provided by the OS when the VPN was started. We chose to log this metadata because in testing it included non-sensitive information such as whether the VPN was started by the OS due to “VPN On Demand” rules or the user starting the VPN from Psiphon’s UI. On July 21st, 2020 it came to our attention that the destination hostname, or IP address, of the first network request which triggered Psiphon to be started after a device reboot, or crash in the VPN process, was included in this metadata.
Once logged, the metadata could be included in a feedback submitted by the user through the in-app feedback form. Provided that the user did not opt-out of including diagnostic information with their feedback.
When a user submits a feedback it is encrypted with a public key, which is paired with a private key that we own and keep secret. This ensures that only our feedback servers can decrypt and read the contents of a user’s feedback once it is sent out over the internet. The encrypted feedback is uploaded over TLS. Once the feedback reaches our servers it is decrypted, stored for a limited amount of time and then deleted.