On 28 April, the Indian Computer Emergency Response Team (Cert-In) issued new directives, first reported by Mint, requiring virtual private network (VPN) providers to store user data for five years. Is. what does this mean? Mint explains:
What does the instruction say?
Under the new directives, VPN providers will be required to store valid customer names, their physical addresses, email IDs, phone numbers, and the reason for which they are using the service, the dates of their usage and their “proprietary patterns” . The certificate is also asking VPN providers to keep a record of the IP and email address that the subscriber uses to register the service along with the timestamp of registration. Most importantly, VPN providers must store all IP addresses issued to them. A list of the client and IP addresses that its customers commonly use.
What does this mean for VPN providers?
VPNs basically obscure a person’s internet usage by jumping signals from multiple servers. A log of these servers can easily be traced back to the original user by law enforcement agencies. This is why most of the top VPN operators offer a “no logging” service at least for paying users. This means that they do not keep logs of the user’s usage history or the IP address of the server. Such services may be in violation of the rules of the certificate by operating in India only. That said, it’s worth noting that ‘no logs’ does not mean zero logs. VPN services still need to maintain some logs for their service to run efficiently.
see full image
Will this mean the VPN will be useless?
No. The Indian government has not yet banned VPNs, so they can still be used to access blocked content in that region, which is the most common use of these services. However, journalists, activists and others who use such services to hide their internet footprint will have to think twice about them.
What Kind of Data Do VPNs Log?
Some VPN devices log the data needed to enforce the cap, measure how much data they have used, and monitor network performance. However, many services log browsing data, metadata about a person’s usage, the websites they visit, the IP addresses involved, and more. Some, like Hola VPN, collect information about other apps installed on a person’s phone and when they register or sign-in to social media, according to the firm’s privacy policy. Username and email address are available for virtually any VPN service.
What does this mean for users?
For law enforcement agencies, such a move would make it easier to track criminals who use VPNs to hide their internet footprint. But experts say governments and their agencies can easily abuse such a rule. He also pointed out that this can actually lead such users to the dark and deep web, which are much harder to police than VPN services. It is also unclear whether the Center will use this to take action against users who access blocked content in India such as games PUBG Mobile using VPNs.