VPNs keep you secure because they reroute your Internet traffic through their own servers rather than your Internet Service Provider’s (ISP). Tiwari concluded: “The rules should be re-evaluated under the principles of necessity and proportionality to balance interest of the state with the fundamental right to privacy guaranteed to every Indian.View Deal (opens in new tab) NordVPN logs: What does zero-logging mean? Forcing private players to collect such information without a strong data protection law places the privacy of the average user at risk. Udbhav Tiwari, senior manager, global public policy at Mozilla, told The Daily Swig: "While well-intentioned, the new rules contain vastly expanded data retention requirements as compared to industry norms. Meanwhile, new rules introduced last year include requirements for social media platforms to be able to review the content of communications, and to allow authorities to request interception or monitoring of messages. India is no stranger to online control controversies, with a recent report from Access Now describing it as the world's worst offender for internet shutdowns for the last four years running. VPN provider Surfshark is taking a similar stance, commenting: "As the new regulation goes against the nature of the VPNs industry – which seeks to protect customers’ privacy – we remain committed to providing no-logs services to our clients, including those living in India." "Proton VPN is monitoring the situation, but ultimately we remain committed to our no-logs policy and preserving our users’ privacy." Cutting against the grain "India's new VPN regulations will erode civil liberties and make it harder for people to protect their data online," a spokesperson told The Daily Swig. Other VPN services that operate in India are following a different strategy.įor example, Proton VPN is planning to carry on as normal despite its concerns about the new Indian regulations. "Data centers are unlikely to be able to accommodate this policy and our server architecture under this new regulation, and thus there is no path forward other than to no longer have physical VPN servers in India," he says. In any case, he says, the company's VPN servers have been specifically designed to avoid making logs, including by running in memory. We refuse to ever put our users’ data at risk." "As such, we have made the very straightforward decision to remove our Indian-based VPN servers. RECOMMENDED Black Hat Asia: ‘If democracy is to survive, technology will have to be tamed’ "ExpressVPN absolutely will not participate in the Indian government’s attempts to limit internet freedom," says Harold Li, vice president of ExpressVPN. Users based in India will also be able to continue using the company's apps as usual. Physically located in Singapore and the UK, these allow users to connect with Indian IP addresses. However, it says it will continue to operate its two Indian virtual server locations. As of last week, it's closed down its two physical servers in India. In response, ExpressVPN is – physically, at least – doing just that. "If you’re a VPN that wants to hide and be anonymous about those who use VPNs who want to do business in India and you don’t want to apply, you don’t want to go by these rules, then if you want to pull out, frankly, that is the only opportunity you have. "If you don’t have the logs, start maintaining the logs," he said. In a briefing, Rajeev Chandrasekhar, Indian minister of state for electronics and IT, said the rules were non-negotiable. The regulations will come into effect at the end of June, along with potential penalties of imprisonment or a fine of ₹100,000 ($1,300) for infringements to the rules. Service providers will also have to collect and keep the “period of hire” (the timestamp used at registration), the purpose of the contract, and the “ownership pattern” of the customer.Ĭatch up with the latest cybersecurity news from India Under a new directive (PDF) from the country's Computer Emergency Response Team (CERT-In), VPN providers in the country will have to keep records and logs of customer names, physical addresses, and contact numbers – all of which must be verified – along with email and IP addresses. Privacy concerns raised over mandate to retain customer recordsĪNALYSIS Virtual private network (VPN) providers are digging in their heels, following the introduction of a new law in India requiring them to collect user data and keep it for at least five years.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |