Major VPN Services Shut Down In India Over Anti-Privacy Law

"Major VPN services have shut down service in India, as there is no way to comply with a new law without breaching their own privacy protection standards," reports 9to5Mac. "The law also applies to iCloud Private Relay, but Apple has not yet commented on its own plans." The Wall Street Journal reports: Major global providers of virtual private networks, which let internet users shield their identities online, are shutting down their servers in India to protest new government rules they say threaten their customers' privacy [...] Such rules are "typically introduced by authoritarian governments in order to gain more control over their citizens," said a spokeswoman for Nord Security, provider of NordVPN, which has stopped operating its servers in India. "If democracies follow the same path, it has the potential to affect people's privacy as well as their freedom of speech," she said [...]

Other VPN services that have stopped operating servers in India in recent months are some of the world's best known. They include U.S.-based Private Internet Access and IPVanish, Canada-based TunnelBear, British Virgin Islands-based ExpressVPN, and Lithuania-based Surfshark. ExpressVPN said it "refuses to participate in the Indian government's attempts to limit internet freedom." The government's move "severely undermines the online privacy of Indian residents," Private Internet Access said. "Customers in India will be able to connect to VPN servers in other countries," adds 9to5Mac. "This is the same approach taken in Russia and China, where operating servers within those countries would require VPN companies to comply with similar legislation."

"Cloud storage services are also subjected to the new rules, though there would be little practical impact on Apple here. iCloud does not use end-to-end encryption, meaning that Apple holds a copy of your decryption key, and can therefore already comply with government demands for information."

Doing the Needful

[registrations_suck]

Good on the VPN providers for doing the needful.

Re:

[bill_mcgonigle]

And let's remember forever that LavaBit led the way.

VN's There is no P in VN's

[Canberra1]

Have to remove the P when Private is removed. Obviously it is more work to set up a good VPN somewhere else to make the first hop out of a country that stomps on human rights. In India's case foreign currency outflows will accelerate, current account invisible's rise, because it is so easy to purchase what you want nowadays. And oh, all that power sucking up feeble attempts on deep packet inspection. And given that local police rarely intervene with crimes against women/children/girl teasing - remind me -

Regarding cloud storage...

[devslash0]

You should never store anything in the cloud without your own client-side encryption. Most cloud storage providers are very open in their T&Cs (which people never read, obviously) about having the right to analyse or otherwise use your data to "improve their products and services" or to "comply with legal requests". Given that people upload to the cloud absolutely everything, starting on their highly sensitive personal information, photos, spreadsheets with further PII and financial data, system configuration files, personal projects, files containing passwords or other credentials... ...ending on porn, they should never do it without appropriate protection.

Personally, I use this little app to encrypt everything that I store in my cloud backups: https://cryptomator.org/ [cryptomator.org]

Nose? Face?

[Anonymous Coward]

ExpressVPN said it "refuses to participate in the Indian government's attempts to limit internet freedom."

But by shutting down your services isn't that exactly what you're doing? You're forcing customers to either use compliant (snitching) VPN services or to use none at all, both of which are infringing on the freedom and privacy of your customers.

If you were actually serious about "doing the right thing" by people then you should get all of the VPN providers to band together in a coalition and take the gov

Re:Nose? Face?

[belmolis]

No, as the post says, people in India can use VPNs with servers located in other countries. The government of India has no control over them.

Re:

[CohibaVancouver]

The government of India has no control over them.

Well, in theory the govt. of India could make it illegal to access those out-of-country VPN services and/or make the Indian ISPs block access to them.

The largest democracy in the world

[itsme1234]

It really isn't up to tiny-tiny-tiny (many of them "apartment") companies to fight laws in a foreign country. Laws which are in the end what "people" want, isn't it?