Surfshark is joining ExpressVPN in removing its physical VPN servers in India due to a new policy requiring VPN providers in the country to collect and turn over data on their subscribers.
“Surfshark proudly operates under a strict ‘no logs’ policy, so such new requirements go against the core ethos of the company,” the company said(Opens in a new window) on Tuesday.
Surfshark will shut down the servers before India’s new rules on VPN data collection take effect on June 27. “Up until then, users will be able to connect to servers in India as usual,” it said.
Despite the impending shutdown, Surfshark still plans on serving users in the country by replacing physical servers with virtual VPN servers meant for the Indian market. These servers will be physically based in Singapore and London, but they’ll have IP addresses registered to India. Using these Indian IP addresses will thus allow a VPN connection to appear as if it comes from India.
“Users in India who don’t use Indian servers will not notice any differences —they will still be able to connect to whichever server outside the country they please,” Surfshark added.
India is adopting the data-collection requirement to help local authorities fight cybercrime. However, the same policy goes against the main selling point to using a VPN, which are often marketed as tools to protect your digital privacy.
Specifically, the new policy in India will require VPN providers to collect and potentially turn over which IP addresses their customers have been using, along with their names and email addresses. The IP address data could then be used to map out a customer’s browsing history when combined with information from other websites.
Recommended by Our Editors
In response, many VPN providers say they oppose India’s data-collection requirement. Last week, ExpressVPN decided to shut down all its physical servers in India ahead of the June 27 deadline. “We are doing this because we refuse to ever put our users’ data at risk,” a company spokesperson told us.
NordVPN, which recently merged with Surfshark, also previously said it’s considering shutting down its physical servers in the Indian market. We reached out to NordVPN and will update the story if we hear back.
In the meantime, Surfshark claims the new data-collection requirements risk undermining cybersecurity in India rather than improving it. “Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide,” it said.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.