Indian Government’s VPN Guidelines Will Impact Over 270 Million Users As VPN Providers Have No Option But To Leave The Country
On April 28, the Indian government issued new guidelines mandating companies that provide virtual private network (VPN) services in the nation to record and keep customer information.
The Indian Computer Emergency Response Team, the country’s cyber watchdog, issued the directive (CERT-In). The new standards take effect sixty days after they are published, which is towards the end of June.
Various segments of society, including VPN providers, users, and rights advocates, have criticised the directive. “CERT-In provided the guidelines without any public engagement with technical and cyber security experts,” the Internet Freedom Foundation claimed, “resulting in the inclusion of many unjustified measures.”
What is the directive from the Indian government?
The government’s decision requires VPN providers to save the following information for five years as part of their know your customer (KYC) policy:
- Validated name of subscribers/customers
- IPs allotted to the user
- Email address, IP address and time stamp used at the time of registration.
- Reason for hiring services
- Validated address and contact numbers
- Ownership pattern of the subscribers
Essentially, one of the key benefits and use cases of VPNs – anonymity – will be eliminated. According to the directive, CERT-In can request this information from these service providers at any moment. Failure to provide the data will result in penalties under the Information Technology Act of 2000 and other applicable legislation.
Impact on users
This might have a much wider influence on the country than just removing anonymity. According to AtlasVPN’s VPN Adoption Index, India will have over 270 million VPN users in 2021, accounting for around 20% of the population. This figure is almost certainly higher now.
Due to the pandemic, more individuals are working from home, which has increased the number of VPN users in the country. VPNs are used for various purposes, including securely connecting to workplace networks while working from home, accessing geo-restricted material, and just remaining anonymous.
VPN firms oppose the government’s decision since capturing user data goes against the primary principles of VPNs, which are designed to safeguard user privacy.
In response to the government’s instruction, NordVPN, one of the world’s top VPN service providers, is reportedly considering withdrawing its servers out of India.
VPN providers may be forced to leave the country
“We are devoted to defending our clients’ privacy. Thus we may remove our servers from India if we have no other options,” Patricija Cerniauskaite, a NordVPN official, told Entrackr. According to reports, the corporation has 28 servers in India that service both Indian and international customers.
“PureVPN is a no-log VPN,” Uzair Gadit, the company’s chief executive officer, told Business Insider India in a statement. “If this policy compromises user privacy and security, we will have to reconsider our position in India.”
“Because PureVPN does not keep any personally identifiable information or record or store user activity, this poses a serious risk to our consumers.” “This will have a major impact on the VPN market,” Gadit warned.
“VPNs are crucial for user safety and the preservation of users’ right to online privacy,” ExpressVPN said in a statement to the Economic Times.
In addition to opposing the government’s new rules, several VPN providers have claimed that the guidelines do not apply to them as they are not subject to Indian law.
In response to ET, Surfshark claimed, “We are operating under the jurisdiction of the Netherlands, and there are no rules mandating us to log user activities.”
The Indian government requires VPNs to collect user data
The Indian government has enacted a new IT rule that requires virtual private network (VPN) companies to collect significant customer data and retain it for at least five years. The directive was issued by CERT-in, the Computer Emergency Response Team. Data centres and bitcoin exchanges are also covered by the new restrictions. The new policy will go into force in late June 2022.
Even if users delete their accounts or cancel their membership, VPN companies will be obligated to keep client data. User names, IP addresses, usage trends, and other personally identifying data will be required to be tracked by businesses.
Fake mobile apps, data breaches, unauthorised access to social media accounts, and other vulnerabilities have been requested by CERT-in.
COMPLIMENTARY TECH EVENT
VPNs often have a no-logging policy, and businesses rely on RAM-disk servers and other log-free technology to monitor data and usage.
India has recently tightened its grip on online activities. The Indian government suspended 22 YouTube channels in April. The Indian government and Twitter, Google, and Facebook had a standoff in 2021 about control of social media content. In addition, the Chinese authorities banned around 200 apps in 2020, including TikTok.
According to the Ministry of Electronics and Information Technology, the new policy is intended to address the gaps that prevent the government from responding to some cybercrime events.
What impact will the new policy have on VPNs?
The primary reason for using a VPN is to conceal your IP address. It allows clients to avoid having their data collected and their location tracked by website trackers. Paid VPN has a strict no-logging policy and only uses RAM-based servers to ensure perfect anonymity. Under the new rule, VPN companies will be compelled to keep servers that allow them to log in customer data and preserve it for five years or longer. Switching to storage servers will increase expenses for businesses, and user privacy will no longer be a fundamental aspect of these services.
Although the policy’s details have yet to be revealed, there’s a potential that we’ll see some provision or alternative that protects user privacy while keeping track. While it is doubtful, watching how VPN companies respond to this policy is the only option.
What happens if VPN services save your information?
VPN businesses have access to connection logs once they have your data. They can track when you linked to VPN and for how long. Companies have access to your IP address and the server you were initially connected to. VPN service providers will be able to share your connection logs with law enforcement if the new regulation is implemented.
They can also view your usage logs, including a list of websites you visit, content or messages you send or receive, and a list of apps and services you use on your device. They also have access to your actual location.
The ability to construct a secure network connection while using public networks is referred to as a “virtual private network.” VPNs encrypt your Internet communications and conceal your true identity. Because of this, third parties will have a harder time tracking your online activities and stealing data. The encryption takes place in real-time.
How does a VPN function?
The network routes your IP address through a VPN host’s specifically designed faraway server, masking your IP address. When you connect to the internet over a VPN, the server becomes your data source. This means that your ISP and other third parties will not be able to see the websites you visit or the data you send and receive online. A VPN serves as a filter, transforming all of your information into gibberish. It wouldn’t matter if someone had your information.
What are the advantages of a VPN connection?
Anyone with network access and a willingness to see unencrypted data can see it through a VPN connection, which hides your online data transmission and protects it from prying eyes. When using a VPN, hackers and cyber thieves cannot decrypt this information.
Secure encryption: To read the data, you’ll need an encryption key. Without one, a computer would take millions of years to decrypt the code in the event of a brute force attack. With the use of a VPN, your online activities are hidden even on public networks.
Disguising your whereabouts: VPN servers act as internet proxies, allowing you to conceal your location. The location data originates from a server in another country, so your actual location cannot be determined. Furthermore, the majority of VPN providers do not log your activity. Some providers, on the other hand, maintain track of your activities but do not disclose them to third parties. This implies that any trace of your online activity will be fully deleted.
Access to regional web content: All locations may not have access to regional online content. Content on services and websites is frequently limited to specific geographical areas. Standard connections use local servers around the country to identify your location. You won’t be able to access content from your home while travelling, and you won’t be able to access stuff from other countries while travelling. You can modify your location with VPN location spoofing by connecting to a server in another country.
Secure data transfer: You may need to open essential files on your company’s network if you operate remotely. For security concerns, this type of data demands a secure connection. Obtaining network access frequently necessitates the use of a VPN connection. VPN services connect to private servers and utilise encryption methods to reduce the danger of data leaking.
Why should you use a VPN connection?
When you connect to the internet, your ISP normally sets up your connection. It tracks you using your IP address. Your Internet service provider’s servers route your network traffic, allowing them to log and show everything you do online.
Despite the fact that your Internet service provider appears to be trustworthy, it may share your browsing history with advertisers, the police or the government, and other third parties. If your ISP is compromised, cybercriminals may gain access to your personal and confidential information.
If you use public WiFi networks regularly, this is very important. You never know who is watching your online activity or what they might steal from you, including passwords, personal information, financial information, or your entire identity.
What should a good VPN be capable of?
One or more jobs should be delegated to your VPN. The VPN should also be safeguarded from being hacked. A comprehensive VPN solution should have the following characteristics:
Encryption of your IP address: The main purpose of a VPN is to hide your IP address from your ISP and any third parties. This helps you to send and receive data over the internet without fear of being observed by anybody other than you and your VPN provider.
Protocol encryption: A VPN should keep your browsing history, search history, and cookies private. Cookies must be encrypted because they protect sensitive data such as personal information, financial information, and other website content from third parties.
Kill switch: If your VPN connection is abruptly terminated, your secure connection will also be terminated. A decent VPN can detect this unexpected downtime and shut off pre-selected programmes, lowering the risk of data compromise.
Two-factor authentication: A strong VPN scrutinises everyone who attempts to log in using multiple authentication methods. Before obtaining a code on your mobile device, you may be prompted to provide a password. This makes it challenging for uninvited third parties to access your encrypted connection.
The History of VPNs
Since the beginning of the internet, there has been a movement to protect and encrypt internet browser data. The US Department of Defense was working on encrypting internet connection data in the 1960s.
The predecessors of the VPN
Their efforts resulted in the invention of Advanced Research Projects Agency Network, a packet switching network, and the Transfer Control Protocol/Internet Protocol.
Link, internet and application were the four tiers of TCP/IP. Local networks and devices may be connected to the universal network via the internet, where the risk of exposure becomes apparent.
Wei Xu invented the IPSec network the following year, an internet security protocol that authenticates and encrypts data packets shared over the internet. Gurdeep Singh-Pall, a Microsoft employee, designed the Peer-to-Peer Tunneling Protocol in 1996. (PPTP).
The internet was rising in popularity when Singh-Pall was creating PPTP, and the demand for consumer-ready, advanced security measures arose. At the time, anti-virus software had previously proven to stop malware and spyware from infiltrating a computer system. People and corporations, on the other hand, began looking for encryption software that could hide their internet browsing history.
As a result, VPNs first debuted in the early 2000s, although they were almost exclusively used by companies. But, the consumer market for VPNs began to pick up after a slew of security breaches, particularly in the early 2010s.
VPNs and their current use
The number of VPN users globally surged more than fourfold between 2016 and 2018, according to GlobalWebIndex. In nations like Thailand, Indonesia, and China, one out of every five internet users uses a VPN, which restricts and censors internet access. In the United States, the United Kingdom, and Germany, the percentage of VPN users is approximately 5%, but it is growing.
The increased need for content with geographical access restrictions has been one of the greatest motivations for VPN use. For example, video streaming services like Netflix and YouTube restrict access to certain videos in specific nations. You may encrypt your IP address using modern VPNs to appear to be surfing from another country, allowing you to access this content from any location.
Here’s how to surf securely with a VPN
A VPN encrypts your browsing activity, which can only be deciphered via a key. Your computer and the VPN only know this key, so your ISP won’t know where you’re surfing. Different VPNs employ different encryption methods, but they all follow the same three-step process:
Connect to the internet and activate your VPN. It acts as a secure tunnel between you and the internet. Your ISP and other third parties will not be able to detect this tunnel.
Now that your device is linked to the VPN’s local network, you can change your IP address to one issued by the VPN server.
Because the VPN encrypts all of your personal data, you can now surf the internet at your leisure.
What kind of VPNs are there?
There are many other types of VPNs, but you should be aware of the three most common ones:
Not every firm employee has access to a company laptop that they can use to work from home. Many businesses encountered the challenge of not having enough equipment for their staff during the Corona crisis in Spring 2020. A personal device is used in such circumstances. Businesses use an SSL-VPN solution in this case, which is often done through a dedicated hardware box.
To access the company’s login page, you’ll normally need an HTML-5-capable browser. HTML-5-compatible browsers are available for practically every operating system. To gain access, you’ll need a login and password.
A site-to-site VPN is a private network that is used to hide private intranets while allowing users to exchange resources.
If your firm has numerous locations, each with its own local area network (LAN) connected to the WAN, a site-to-site VPN is useful.
Large firms are the main users of site-to-site VPNs. They are challenging to set up and do not provide the same level of flexibility as SSL VPNs. They are, however, the most efficient means of ensuring communication within and between huge departments.
Connecting to a VPN client is comparable to connecting your home PC to the office via an extension cable. Employees can connect to the company network from their home office and work as if they were in the office using a secure connection. However, a VPN client must be installed and set on the computer first.
This includes the user not connecting to the internet through their own ISP but instead through their VPN provider. This effectively cuts the tunnel component of the VPN journey in half.
This is a rapidly expanding VPN type that is particularly useful for providers of insecure public WiFi. It prevents unauthorised access to the network connection and compromises data encryption all the way to the supplier. It also prevents internet service providers from accessing data that has been left unencrypted for whatever reason. It circumvents any limits on the user’s internet connection (for instance, if the government of that country restricts internet access).
Greater efficiency and ubiquitous access to company resources are two advantages of this form of VPN connection. If a proper telephone system is available, the employee can, for example, connect to the system using a headset and appear to be at work. Customers of the company, for example, have no way of knowing whether the employee is working in the office or at home.
How To install a VPN on my computer?
It’s crucial to understand the various implementation approaches before installing a VPN:
For standalone VPN clients, software must be installed. This programme is set up to meet the endpoint’s requirements. When setting up a VPN, the endpoint creates an encryption tunnel by executing the VPN link and connecting to the other endpoint. This stage typically needs the entry of a company-issued password or installing an applicable certificate in businesses. The firewall can recognise that this is an authorised connection by utilising a password or certificate. The employee then uses credentials that are familiar to him to identify himself.
VPN extensions are available for most online browsers, including Google Chrome and Firefox. Some browsers, such as Opera, even have their own VPN plugins built-in. Thanks to extensions, users may instantly switch and customise their VPN while surfing the internet. The VPN connection, however, is only valid for information transferred in this browser. Other browsers and internet activities outside of the browser (for example, online games) are not secured by the VPN.
While browser extensions aren’t as extensive as VPN software, they may be a good solution for casual internet users looking for an extra layer of protection. They have, however, been shown to be more vulnerable to security breaches. Data harvesters may try to utilise bogus VPN extensions. Thus users should use a respected extension. The acquisition of personal data, such as what marketing strategists do to construct a personal profile of you, is known as data harvesting. The advertising content is then customised for you.
If numerous devices are linked to the same internet connection, it may be easier to set up the VPN on the router rather than on each device individually. If you want to safeguard devices with an internet connection that are difficult to configure, such as smart TVs, a router VPN is extremely handy. They can help you gain access to geo-restricted content via your home entertainment systems.
A router VPN is simple to set up, provides constant protection and privacy, and protects your network from being hacked when unsafe devices connect. However, it may be more challenging to manage if your router does not have its user interface. Incoming connections may be banned as a result of this.
A company VPN is a unique solution requiring individual setup and technical assistance. The company’s IT department usually sets up the VPN. As a user, you have no administrative control over the VPN, and your corporation logs your activity and data transfers. As a result, the organisation can reduce the danger of data leaking. The main benefit of a business VPN is that it provides a completely secure connection to the company’s intranet and server, even for workers who work from home and use their own computer to access the internet.
Is a VPN really that safe?
It’s crucial to know that VPNs are not the same as anti-virus software. The connection hides your IP address and your browser history, but it doesn’t protect your computer from hackers. You should absolutely use anti-virus software like Kaspersky Internet Security to accomplish this because a VPN will not protect you from Trojans, viruses, bots, or other malware on its own.
If you use a VPN or not, once the malware has gained access to your device, it can steal or harm your data. To achieve optimal protection, you should use a VPN with a robust anti-virus package.
Selecting a secure VPN provider
It’s also critical that you select a VPN provider you can rely on. Your ISP will not be able to observe your internet traffic, but your VPN provider will. If your VPN service is hacked, you are as well. You must choose a reputable VPN provider to secure your online activity’s privacy and security.
How to install a VPN connection on your smartphone
VPN connections are also available for Android and iPhone cellphones, as previously noted. Smartphone VPN services, fortunately, are simple to use and typically contain the following features:
The iOS App Store or Google Play Store typically only downloads one app during installation. Although there are free VPN providers, it’s best to go with a professional provider when it comes to security.
The setup is incredibly user-friendly because the default settings are geared mainly toward the average smartphone user. Enter your username and password. The majority of programmes will then walk you through the key features of VPN services.
Turning on the VPN is as simple as depending on the light for many VPN apps. The option is most likely to be found on the home screen.
If you wish to spoof your location, you’ll need to swap servers manually. Simply choose your preferred country from the list.
Advanced configuration is offered for users that require a higher level of data security. You can choose from a variety of encryption techniques depending on your VPN. Your app may also provide diagnostics and other features. Learn about these characteristics before you subscribe to pick the best VPN for your needs.
All you have to do now is activate the VPN connection through the app to start surfing the internet safely.
But bear in mind the following: A VPN is just as secure as its provider’s data usage and storage practices. Keep in mind that the VPN service sends your information to their servers, connecting to the internet on your behalf. If they keep data logs, make sure it’s apparent why they’re keeping them. Serious VPN services will usually prioritise your privacy. You should choose a reputable supplier like Kaspersky Secure Connection.
Remember that only data sent over the internet is encrypted. Nothing will be transmitted over the internet that does not use a cellular or WiFi connection. Your VPN will not encrypt normal voice or text communications.
Your data traffic is sent through an encrypted virtual tunnel via the VPN, which creates a secure connection between you and the internet. This masks your IP address when you access the internet, making its location invisible to everyone. A VPN connection also protects against external attacks. You can only access the data in the encrypted tunnel, and no one else can because they don’t have the key. You may access regionally prohibited content from anywhere in the world using a VPN. In many countries, streaming platforms are not available. You can still use the VPN to access them. Kaspersky VPN solutions are available for both Windows and Mac computers.
Many smartphone VPN connections are now available, allowing mobile data traffic to remain anonymous. Certified providers can be found in the Google Play Store and the Apple App Store. However, consider that utilising a VPN merely anonymises and protects your internet data traffic. A VPN connection does not cover hacker attacks, Trojans, viruses, and other malware. So, you should use a third-party anti-virus programme.
edited and proofread by nikita sharma