Rejecting Data Demands, ExpressVPN Removes VPN Servers In India (indianexpress.com) 29
ExpressVPN has removed its servers from India, becoming the first major virtual private network (VPN) provider to do so in the aftermath of the recent cybersecurity rules introduced by the country's cybersecurity agency. The rules require VPN providers to store user data for a period of five years. ExpressVPN said it "refuses to participate in the Indian government's attempts to limit internet freedom." The India Express reports: In a blog post, the British Virgin Island-based company said that with the introduction of the new cybersecurity rules by the Indian Computer Emergency Response Team (CERT-In), it has made a "very straightforward decision to remove our Indian-based VPN servers." While ExpressVPN is the first to pull its services from India, other VPN providers like NordVPN have also taken a similar stance.
The guidelines, released by CERT-In on April 26, asked VPN service providers along with data centers and cloud service providers, to store information such as names, e-mail IDs, contact numbers, and IP addresses (among other things) of their customers for a period of five years. The government said it wants these details to fight cybercrime, but the industry argues that privacy is the main selling points of VPN services, and such a move would be in breach of the privacy cover provided by VPN platforms.
ExpressVPN described the cybersecurity rules as "broad" and "overreaching." "The law is also overreaching and so broad as to open up the window for potential abuse. We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it," ExpressVPN said. It added that while CERT-In's rules are intended to fight cybercrime, they are "incompatible with the purpose of VPNs, which are designed to keep users' online activity private." Indian users of ExpressVPN will still be able to use its service via "virtual" India servers located in Singapore and the UK. "We will never collect logs of user activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of IP addresses, outgoing VPN IP addresses, connection timestamps, or session durations," the company said.
The guidelines, released by CERT-In on April 26, asked VPN service providers along with data centers and cloud service providers, to store information such as names, e-mail IDs, contact numbers, and IP addresses (among other things) of their customers for a period of five years. The government said it wants these details to fight cybercrime, but the industry argues that privacy is the main selling points of VPN services, and such a move would be in breach of the privacy cover provided by VPN platforms.
ExpressVPN described the cybersecurity rules as "broad" and "overreaching." "The law is also overreaching and so broad as to open up the window for potential abuse. We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it," ExpressVPN said. It added that while CERT-In's rules are intended to fight cybercrime, they are "incompatible with the purpose of VPNs, which are designed to keep users' online activity private." Indian users of ExpressVPN will still be able to use its service via "virtual" India servers located in Singapore and the UK. "We will never collect logs of user activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of IP addresses, outgoing VPN IP addresses, connection timestamps, or session durations," the company said.
Reasonable Response (Score:5, Insightful)
India needs to spend more time cracking down on its internal cybercrime and world-leading fraudulent call center and scamming activities, and less time persecuting privacy advocates around the world.
Re: (Score:1)
India isn't trying to persecute privacy advocates around the world. They are trying to crack down in dissidents any way they can, but since they are "anti-China", the world turns a blind eye.
Re: Reasonable Response (Score:3, Interesting)
This message brought to you by someone out of the Indian governments sphere of surveillance.
Re: Reasonable Response (Score:2)
Interesting idea, but it ignores the basics of how a functioning nation-state exists. Think national resources, self-defense, economy, etc.
Besides which, who is responsible for breaking it up? If it doesn't break itself up, do you want and expect other countries to invade and break it up? By what right does any country have to do so?
Re: Reasonable Response (Score:2)
Re: (Score:2)
And, even if it is a democracy, if 400,000,000 people decent, should they be ignored for the 600,000,000? The country should be broken up into smaller states.
You address this issue the same way it was done in the US: Split the country into districts, and put those 400,000,000 people into districts with smaller population. Now give each district almost equal power.
That way, you get 600,000,000 people ignored in favor of the 400,000,000.
Problem solved.
Re: (Score:2)
Re: (Score:2)
You can apply whatever semantics you want, and you can even bandy the weakest interpretation of the word "sovereign" this side of all those Native Americans' "Nations", but the outcome is the same.
Re: Reasonable Response (Score:2)
I think people like you should be exterminated. Sitting on vast swathes of stolen land, bombs built by stolen money, threatening to use it on people with culture older than your genealogy and why? Because cause they are not exterminating pests like you.
BTW, India was broken already so that it doesn't get close to Russia. How is your friend Pakistan doing? Not enough 911 I see.
Re: (Score:2)
Oh no... a lot of people are better than you :( How is Tamizh?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Maybe the scammer fraud centers are using VPNs to hide their location to avoid prosecution.
Maybe this is them cracking down on scammers.
(I'm not holding my breath, though.)
Will this be allowed in US (Score:2)
In US, CIA/FBI runs center at ATT (and may be at other providers too) and collects all these data and ATT is not even allowed to talk about it. So if the same VPN operators are doing the same thing as India is asking, we won't even know about it because saying it publicly would be a crime by itself.
Re: (Score:2)
In US, CIA/FBI runs center at ATT (and may be at other providers too) and collects all these data and ATT is not even allowed to talk about it.
Never forget Qwest [wikipedia.org]
So if the same VPN operators are doing the same thing as India is asking, we won't even know about it because saying it publicly would be a crime by itself.
If they don't have a warrant canary, don't use them.
Even if they do, don't use them. Use a foreign provider.
Good riddance (Score:1)
Re: (Score:2)
Unlike most countries, India has a terrorist infestation. There are a myriad forces trying to ensure that the largest democracy disintegrates. Privacy does not trump human lives.
Ah yes. The old "I only beat you because I fucking love you." defense.
Re: (Score:1)
Ah yes. The old "I only beat you because I fucking love you." defense.
Wow, so soon! The peaceful / CCP brigade is wide awake! If you are not one, go read up the paradox of tolerance.
Re: (Score:3)
, go read up the paradox of tolerance.
Which _you_ obviously have not understood at all.
Re: (Score:2)
Re: (Score:2)
Privacy does not trump human lives.
Actually, privacy protects human lives. It is a matter of degree and scales, but your idiotic statement screams after being abused.
Welcome to the Internet of (crappy) things (Score:2)
This is just one reason why Internet-connected devices are a bad idea.
We got to the point where even turning it off and back on again doesn't help.
you cant buy this sort of ad (Score:1)
dont these ppl depend on tech ?? (Score:2)
PIA as well... (Score:1)