After India announced requiring VPN service providers to retain their clients’ logs for 180 days, some have decided to pull out their services from the country, including Surfshark and ExpressVPN.
This decision follows the strict policy of the VPN providers about collecting customers’ logs such as their IP addresses, browsing history, network traffic, session data, and timestamps – primarily to protect users’ privacy.
Furthermore, the providers’ rejection of the new mandate in India is contrary to the purpose of VPN providers to assure users’ online privacy through encrypting network traffic and hiding IP addresses. The VPN providers strongly implement the “no-logs” policy toward their clients, thus defeating their commitment if they follow India’s new data retention laws.
From Surfshark’s statement, they clarified about not tracking users’ online behaviour as their VPN server only keeps the user data during one session and gets deleted afterwards. They also added that the new law could negatively impact users’ privacy in India instead of their goal to protect it, resulting in counterproductivity that could harm the sector’s progress.
The new Indian provisions force VPN providers to discard their core values and retain users’ online data, including their web usage, IP addresses, contact information, and other sensitive details.
Surfshark also added that the amassing of excessive user data without solid protection measures might result in more security issues, such as widespread data breaches within the Indian jurisdiction. As a workaround after pulling out their services from the country, Surfshark explained that they would instead create virtual servers in Singapore and London to make it seem like they are still based in India.
Despite these circumstances, the VPN provider guarantees their India-based clients that their experience with using the platform would not be affected, including the speed and website accessibility.
In related news, another VPN service provider ExpressVPN had already discontinued its operations in India since it also refused to comply with the new data retention laws. Like Shurfshark’s sentiments about the mandate, they explained that it is an extreme measure for limiting people’s internet freedom.
They will also revert to setting up virtual servers with Indian IP addresses to continue serving Indian-based users despite pulling out of the country.
Security researchers believe that the new mandate in India would push VPN providers from servicing within the country. Moreover, as the commencement of the new mandate comes closer, many are still looking forward to a change of plans.
