India Orders VPN Companies, Data center , and more to Collect and Hand Over User Data

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
243
A new government order will force virtual private networks to store user data for five years or longer.


Seems like india really wants to screw over privacy in any way they can now.

iam eager to see how the non logging VPN specially the ones with prooven track record from raids will handle this
 
Last edited:

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,875
I wonder how would they enforce it for servers located outside India.
Do these politicians even understand the meaning of privacy?
Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers, shall be required to register the following accurate information which must be maintained by them for a period of 5 years or longer duration as mandated by the law after any cancellation or withdrawal of the registration as the case may be:
a. Validated names of subscribers/customers hiring the services
b. Period of hire including dates
c. IPs allotted to / being used by the members
d. Email address and IP address and time stamp used at the time of registration / on-boarding
e. Purpose for hiring services
f. Validated address and contact numbers
g. Ownership pattern of the subscribers / customers hiring services
Source
 
Last edited:

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
243
This is in essence contradicting the use scenario for vpn now? Wow. Interested to see what the ripple effects from this will be. How will the vpn providers respond--it's such a huge demographic.
ye i tried to ask surfsharks support how they plan to deal with it , but this bursted the mind of whoever i talked to and they kept copying no logging knowledge base articles and weird stuff.

After more explaning ( and copying the entire article into chat ) they understood

the official word from surfshark was
"I looked through that. I will forward this information to my team, and let's see how our legal team deals with that! I am sure that there will be news in the future. "

i dont expect any news or even official word from surfshark they are really bad with community communication outside of marketing.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
This for sure ain't just about VPNs. It's much broader then that.
maintenance of logs of ICT systems; subscriber/customer registrations details by Data centers, Virtual Private Server (VPS) providers, VPN Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers.
 

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
243
Official words of different VPN on that.












Sorry mods , forgot to spoiler the first time :p i added spoilers now.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,578
AdGuard blog: India cracks down on privacy-first VPNs with demand to store logs for 5 years
No-log VPNs may find themselves unwelcome in India, when and if a directive that has recently been published by the country’s cybersecurity agency comes into effect.

The document released by the Indian Computer Emergency Response Team (CERT) late last month states that Virtual Private Network (VPN) service providers on par with data centers, cloud service providers, and Virtual Private Server (VPS) providers will have to keep a long list of user data for at least 5 years, even after users cancel their subscription for good.

The logs that VPN providers will have to store after the directive enters into force late July include:
  • Users' names, addresses and phone numbers
  • Period of use
  • IPs that VPNs assign users
  • Users' email and IP addresses, as well as the information on when exactly they signed up to the service (time stamp)
  • Purpose of use
  • Ownership pattern
India's Ministry of Electronics & IT claims that by tightening its grip on VPN and other online services providers it wants to improve cyber security. The ministry says the new legislation is aimed at closing the "gaps" that are "causing hindrance in incident analysis" and should "enhance overall cyber security posture and ensure safe & trusted Internet in the country".

In case of non-compliance with the provisions of the directive, providers risk facing repercussions under India’s Information Technology Act. The relevant article of the Act envisions that those who run foul of the law could face up to 1 year in jail or a fine to the tune of 100,000 rupees ($1,300), or both.

The new law is bound to deal a blow to the operations of "anonymous" VPNs that abide by a strict no-logging policy. Either they will have to cave in to the demands, and start operating storage servers which means less privacy for the end user, or be forced to migrate to a gray zone or cease their operations in India altogether. Moreover, the new requirements can rack up costs of VPN services for Indian customers, since the vendors will have to either rent or own storage servers to keep logs.

For its part, AdGuard does not keep any logs, this would run contrary to the company values. Therefore, we will not be able to comply with the demands of this law. We are constantly monitoring the situation and thinking about possible solutions. If we are left with no choice, we will be forced to reconsider the presence of our servers in this region.
 

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
267
Private Internet Access (I am subscribed) and Express VPN have colocated their India servers at Singapore. They have both confirmed servers will not be physically present in the country. I am sure other VPNs will take a similar step. While the Indian Govt. makes this ridiculous rule look rather harmless and claims it won't affect the rights of individuals, one should know better than to trust them or any Govt for that matter.

Rejecting data demands, ExpressVPN removes VPN servers in India
 

amitkumargiri

Level 1
Mar 13, 2022
44

Seems like india really wants to screw over privacy in any way they can now.

iam eager to see how the non logging VPN specially the ones with prooven track record from raids will handle this
Then , what about VPN companies operating in 14 eyes Nations .... I still don't get it and understand
 

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
267
Maybe some VPN providers will continue having only virtual servers in India as most of them do currently.
Yes, they will continue with co-located/virtual servers. India is too big a market to ignore with 348 million installs in 2021. Unfortunately, knowing how political dispensations work , this form of circumvention could lead to a VPN ban some day. Many expect this rule to be challenged in court under existing privacy laws.
 

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
243


Each of these dVPN devices acts as a node.
Decentralized systems cannot log or track their users.
thats not really true decentralized systems also have endpoints which simply can log.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Avira Phantom VPN stopped working in India. Not just the Indian servers but you can't use it anymore.
Avira VPN access blocked in India

Due to new cybersecurity regulations in India, The Indian Computer Emergency Response Team (CERT-In) recently announced that, effective Jun 27 2022, it will require all VPN providers to log information such as email addresses, IP addresses, time stamps, and more. This information then be stored for a minimum of 5 years.

We are committed to keeping our customers’ data private and this directive is incompatible with our No-Log VPN policy. As a result, starting June 27th and will no longer offer India server access to all users, regardless of location. However, all users will still be able to use our VPN while traveling outside of India.

What this means for you:
  • You may continue to use Secure VPN while traveling outside of India
  • You will not be able to access Secure VPN while physically located in India
  • You will not be able to access an India server from any location

The source
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
To protect the privacy of the Proton community, we are removing our VPN servers physically located in India.

This is in response to a new law in India that is going into effect in September 2022 that would require the data centers we work with to begin logging user activity. This is against everything we stand for. We work to ensure that Proton VPN keeps your online browsing private with a strict no-logs policy that was recently audited by independent security professionals.

You can continue to connect to any of our international servers, or you can connect to our new Smart Routing servers for India. These will give you an Indian IP address and behave just as our physical servers in India did. The only difference is that, in reality, they are based in Singapore.

Learn more about Smart Routing

By using our Smart Routing servers that are based in Singapore, we can continue to offer the Proton community private, no-logs VPN service with an Indian IP address. If you live in India or used to connect to our India-based VPN servers from elsewhere, you can switch to these Smart Routing servers and use Proton VPN just as before.

Full article
 
F

ForgottenSeer 95367

We are talking about India, one of the leading IT centers in the world. All the VPNs that will stop operations and access in India won't put a dent in VPN services here. For every VPN that "closes shop" in India, a home-grown Indian company willing to comply with the new rules will take its place. More importantly, people here will purchase available VPN services despite the government's new VPN rules.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top