India Orders VPN Companies to Collect and Hand Over User Data

  • Thread starter Thread starter minuteman
  • Start date Start date
  • Replies Replies 182
  • Views Views 15,869
Most VPN companies don't have any office or employees in India, who are they going to arrest. They will just block their website, the companies will just use alternative domain names for India and the same circle will continue
 
And, in all case, CERT-in will require the companies to report on their users' "unauthorized access to social media accounts."
Click to expand...
This.
 
  • Wow
Reactions: Smh
Maybe because of the guy that sent bomb threat to the Indian navy few months ago he used mullavad VPN so police unable to trace him.
 
no one would use VPN services if they are storing user activity data and providing to government on demand. the whole idea negates the purpose of vpn services. so yeah, this is not going to happen. companies would just avoid india as they avoid certain other countries. users would have to find ways to connect to these services like they do in certain other countries. this is the same thing with end to end encryption. if the encryption can be bypassed to comply with government demands for data even in case of terrorist attacks, it is not really end to end encrypted.
 

No VPN company will comply with this as it defeats the purpose of the VPN. Also these companies don't operate in India. What can happen is they force India based server/node providers to do this. Workaround is to just use another server overseas. Also, check the warrant canary on the VPN websites.

If this becomes problematic there's a distinct possibility of VPNs being banned. You know how India works with the age old "If you can't control it, ban it" mentality. This case will go to court as privacy advocates will not stay silent.
 
Last edited:
I read that PDF document from CERT. Unfortunately there's no way to attach it here. It basically is to trace what they call "cyber security incidents" or "crimes". Oh well, let's see how this pans out. It also means no BTC purchases will be allowed as KYC is compulsory.
 
VPNs will make it mandatory for users from India or just ban Indian users. Either one of them will happen. Besides, it is not difficult to trace payments to VPN Cos made via CC or DC as we all do. I renewed my PIA subs 1-2 months back and its easy-peasy for the Govt to ask CC issuer banks to alert them to payments made to such Cos. Only a few in India have recourse to remain truly anonymous by paying via BTC and the like.

This is not the first time a Govt has tried to pressure VPNs and other providers for data. The US and other 5 eye countries are quite well known for it.
 
So using Indian VPN servers will be worse than not using them.
6-hour reporting of cybersecurity events

“Any service provider, intermediary, data centre, body corporate and Government organisation shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents,” the CERT-In guidelines said.
Click to expand...

They have issued more stupid and impractical rules.

Anyone who has managed a server for their personal site only would know how many bots attacks happen everyday. Or you could just launch a vps and see the bots hitting your server instantly.
 
Last edited by a moderator:
What's the link you posted?

They need to define cybersecurity events. Random bots trying to SSH into my server hours afters after launching shouldn't count. lol
 
Last edited:

Similar threads

A
  • Question Question
Guidance for an upgradable, Budget-Friendly PC Build for Data Crunching and VR Gaming under ~500$, open to 2nd hand components
Replies
0
Views
388
amitzorba
Jonas
Royal Enfield Data Breach
Replies
0
Views
827
Jonas
shashankb
Acer Data Breach
Replies
1
Views
1,453
Navjot Singh
iamaap
International Bandwidth throttling even after using Wireguard along with paid VPN
Replies
8
Views
2,107
iamaap
Top