A new directive is undermining the anonymity of potentially vulnerable users
The Indian government has published a directive that will force VPN providers and crypto exchange platforms to store user data for at least five years, even when customers have since terminated their relationship with the companies in question. Decision makers at businesses who don’t comply with the new ruling could face up to one year in prison, with it going into effect in late June 2022.
The directive states that the ruling is in place to enhance cyber security, allowing the Indian government’s Computer Emergency Response Team (CERT-In) to gain information about potential incidents quicker, but the implications for customers are far reaching. VPN and VPS companies will have to store and, if asked, share a variety of data, including the validated names of customers, both their legal and email addresses, their phone numbers, IP addresses associated with them, the subscription period, and the “ownership pattern” of the subscriber.
The companies in question will further have to report a number of breaches to CERT-In, including run-of-the-mill data breaches, fake mobile apps, and attacks on server infrastructure. Even the “unauthorized access to social media accounts” will have to be reported, which could mean that VPN providers will have to log their users’ movements around the web. This would be a fundamental change in many VPN providers’ business models, as virtually all reputable businesses promise no-log policies, never even saving their users’ browsing data in the first place and thus ensuring their anonymity.
EN Trackr reports that it is still unclear whether these rules apply to international companies doing business in India or if these will only apply to local VPN providers and crypto trading sites.
VPNs are used by many to stay anonymous online or to access services not available in their country. Instruments like these are vital for politically oppressed people or those who live in countries where internet censorship is executed. While India doesn’t fare as badly in this regard as some other countries, the Indian government is known to block or disrupt internet connections routinely to shut down conversations around uneasy topics.
In other countries like Russia, the crackdown on VPNs goes even further. Following a 2017 ruling, there is only a small selection of allowed VPN services, among them Kaspersky Secure Connection, that have agreed to connect with the government’s information system. Many other VPN services including big players like NordVPN or ProtonVPN have been outlawed, with their usage considered a crime.
How to download YouTube videos on any device
About The Author