India Orders VPN Companies, Data center , and more to Collect and Hand Over User Data

[Slerion]

A new government order will force virtual private networks to store user data for five years or longer.

India Orders VPN Companies to Collect and Hand Over User Data

A new government order will force virtual private networks to store user data for five years or longer.

www.cnet.com

Seems like india really wants to screw over privacy in any way they can now.

iam eager to see how the non logging VPN specially the ones with prooven track record from raids will handle this

 

[plat]

This is in essence contradicting the use scenario for vpn now? Wow. Interested to see what the ripple effects from this will be. How will the vpn providers respond--it's such a huge demographic.

 

[brambedkar59]

I wonder how would they enforce it for servers located outside India.
Do these politicians even understand the meaning of privacy?

Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers, shall be required to register the following accurate information which must be maintained by them for a period of 5 years or longer duration as mandated by the law after any cancellation or withdrawal of the registration as the case may be:
a. Validated names of subscribers/customers hiring the services
b. Period of hire including dates
c. IPs allotted to / being used by the members
d. Email address and IP address and time stamp used at the time of registration / on-boarding
e. Purpose for hiring services
f. Validated address and contact numbers
g. Ownership pattern of the subscribers / customers hiring services

Source

 

[blackice]

I wonder how would they enforce it for servers located outside India.

They’ll block the IPs most likely. Just like Russia and China.

 

[Slerion]

This is in essence contradicting the use scenario for vpn now? Wow. Interested to see what the ripple effects from this will be. How will the vpn providers respond--it's such a huge demographic.

ye i tried to ask surfsharks support how they plan to deal with it , but this bursted the mind of whoever i talked to and they kept copying no logging knowledge base articles and weird stuff.

After more explaning ( and copying the entire article into chat ) they understood

the official word from surfshark was

"I looked through that. I will forward this information to my team, and let's see how our legal team deals with that! I am sure that there will be news in the future. "

i dont expect any news or even official word from surfshark they are really bad with community communication outside of marketing.

 

[Slerion]

Some other user contacted Nord VPN they seem to have said they would close the indian location then.


which i guess would be mostly the reaction of most VPN.

 

[upnorth]

This for sure ain't just about VPNs. It's much broader then that.

maintenance of logs of ICT systems; subscriber/customer registrations details by Data centers, Virtual Private Server (VPS) providers, VPN Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers.

CERT-In issues directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet

The Indian Computer Emergency Response Team (CERT-In) serves as the national agency for performing v

www.pib.gov.in

 

[Slerion]

Official words of different VPN on that.

Spoiler: Cyberspace group ( Nord VPN , Surfshark VPN , Atlas VPN)

Spoiler: Nord VPN (Cyber Space Mother company)

Spoiler: Surfshark VPN (Cyber Space Mother company)

Spoiler: Atlast VPN (Cyber Space Mother company)

Spoiler: Proton VPN

Spoiler: Express VPN

Spoiler: Windscribe ... i guess? they are a meme VPN after all...

Spoiler: Mullvad VPN

Sorry mods , forgot to spoiler the first time i added spoilers now.

 

[Sorrento]

Seems pretty simple for Mullvad

 

[Gandalf_The_Grey]

AdGuard blog: India cracks down on privacy-first VPNs with demand to store logs for 5 years

No-log VPNs may find themselves unwelcome in India, when and if a directive that has recently been published by the country’s cybersecurity agency comes into effect.

The document released by the Indian Computer Emergency Response Team (CERT) late last month states that Virtual Private Network (VPN) service providers on par with data centers, cloud service providers, and Virtual Private Server (VPS) providers will have to keep a long list of user data for at least 5 years, even after users cancel their subscription for good.

The logs that VPN providers will have to store after the directive enters into force late July include:

• Users' names, addresses and phone numbers
• Period of use
• IPs that VPNs assign users
• Users' email and IP addresses, as well as the information on when exactly they signed up to the service (time stamp)
• Purpose of use
• Ownership pattern

India's Ministry of Electronics & IT claims that by tightening its grip on VPN and other online services providers it wants to improve cyber security. The ministry says the new legislation is aimed at closing the "gaps" that are "causing hindrance in incident analysis" and should "enhance overall cyber security posture and ensure safe & trusted Internet in the country".

In case of non-compliance with the provisions of the directive, providers risk facing repercussions under India’s Information Technology Act. The relevant article of the Act envisions that those who run foul of the law could face up to 1 year in jail or a fine to the tune of 100,000 rupees ($1,300), or both.

The new law is bound to deal a blow to the operations of "anonymous" VPNs that abide by a strict no-logging policy. Either they will have to cave in to the demands, and start operating storage servers which means less privacy for the end user, or be forced to migrate to a gray zone or cease their operations in India altogether. Moreover, the new requirements can rack up costs of VPN services for Indian customers, since the vendors will have to either rent or own storage servers to keep logs.

For its part, AdGuard does not keep any logs, this would run contrary to the company values. Therefore, we will not be able to comply with the demands of this law. We are constantly monitoring the situation and thinking about possible solutions. If we are left with no choice, we will be forced to reconsider the presence of our servers in this region.

India cracks down on privacy-first VPNs with demand to store logs for 5 years

No-log VPNs may find themselves unwelcome in India, when and if a directive that has recently been published by the country’s cybersecurity agency comes into effect.

adguard.com

 

[R2D2]

Private Internet Access (I am subscribed) and Express VPN have colocated their India servers at Singapore. They have both confirmed servers will not be physically present in the country. I am sure other VPNs will take a similar step. While the Indian Govt. makes this ridiculous rule look rather harmless and claims it won't affect the rights of individuals, one should know better than to trust them or any Govt for that matter.

Rejecting data demands, ExpressVPN removes VPN servers in India

 

[dinosaur07]

Maybe some VPN providers will continue having only virtual servers in India as most of them do currently.

 

[amitkumargiri]

India Orders VPN Companies to Collect and Hand Over User Data

A new government order will force virtual private networks to store user data for five years or longer.

www.cnet.com

Seems like india really wants to screw over privacy in any way they can now.

iam eager to see how the non logging VPN specially the ones with prooven track record from raids will handle this

Then , what about VPN companies operating in 14 eyes Nations .... I still don't get it and understand

 

[R2D2]

Maybe some VPN providers will continue having only virtual servers in India as most of them do currently.

Yes, they will continue with co-located/virtual servers. India is too big a market to ignore with 348 million installs in 2021. Unfortunately, knowing how political dispensations work , this form of circumvention could lead to a VPN ban some day. Many expect this rule to be challenged in court under existing privacy laws.

 

[Slerion]

Deeper Connect Mini(New)

Deeper Connect Mini: unique cybersecurity and decentralized VPN (DPN) hardware. Geo-unblocking Ad blocking Privacy protection

shop.deeper.network

Each of these dVPN devices acts as a node.
Decentralized systems cannot log or track their users.

thats not really true decentralized systems also have endpoints which simply can log.

 

[brambedkar59]

Avira Phantom VPN stopped working in India. Not just the Indian servers but you can't use it anymore.

 

[CyberTech]

Avira Phantom VPN stopped working in India. Not just the Indian servers but you can't use it anymore.

Avira VPN access blocked in India

Due to new cybersecurity regulations in India, The Indian Computer Emergency Response Team (CERT-In) recently announced that, effective Jun 27 2022, it will require all VPN providers to log information such as email addresses, IP addresses, time stamps, and more. This information then be stored for a minimum of 5 years.

We are committed to keeping our customers’ data private and this directive is incompatible with our No-Log VPN policy. As a result, starting June 27th and will no longer offer India server access to all users, regardless of location. However, all users will still be able to use our VPN while traveling outside of India.

What this means for you:

• You may continue to use Secure VPN while traveling outside of India
• You will not be able to access Secure VPN while physically located in India
• You will not be able to access an India server from any location

The source

https://support.avira.com/hc/en-us/articles/7056061662609-Avira-VPN-access-blocked-in-India

 

[brambedkar59]

The source

https://support.avira.com/hc/en-us/articles/7056061662609-Avira-VPN-access-blocked-in-India

It is so stupid though, they should have just closed the servers physically located here and still allowed access to the vpn service.

 

[CyberTech]

To protect the privacy of the Proton community, we are removing our VPN servers physically located in India.

This is in response to a new law in India that is going into effect in September 2022 that would require the data centers we work with to begin logging user activity. This is against everything we stand for. We work to ensure that Proton VPN keeps your online browsing private with a strict no-logs policy that was recently audited by independent security professionals.

You can continue to connect to any of our international servers, or you can connect to our new Smart Routing servers for India. These will give you an Indian IP address and behave just as our physical servers in India did. The only difference is that, in reality, they are based in Singapore.

Learn more about Smart Routing

By using our Smart Routing servers that are based in Singapore, we can continue to offer the Proton community private, no-logs VPN service with an Indian IP address. If you live in India or used to connect to our India-based VPN servers from elsewhere, you can switch to these Smart Routing servers and use Proton VPN just as before.

Full article

We replaced VPN servers in India to keep your data private

Proton removes India-based VPN servers to protect privacy, but we continue to service our community in India.

protonvpn.com

 

[ForgottenSeer 95367]

We are talking about India, one of the leading IT centers in the world. All the VPNs that will stop operations and access in India won't put a dent in VPN services here. For every VPN that "closes shop" in India, a home-grown Indian company willing to comply with the new rules will take its place. More importantly, people here will purchase available VPN services despite the government's new VPN rules.