VPN | Hide, but seek – UP Front News – Issue Date: Jun 20, 2022 – India Today

npressfetimg-1443.png

On April 28, India’s cybersecurity watchdog Computer Emergency Response Team (CERT-In) issued a set of rules—called Cyber Security Directions—which require companies offering Virtual Private Networks (VPNs) to store in their servers a wide range of data on their subscribers, including names, addresses, contact numbers, email addresses, IP addresses, ownership patterns and purpose of hiring the services, for a period of five years. The directive made it mandatory for VPN service providers to report cyber security breach incidents within six hours of noticing them. Failure to comply can invite a jail term of one year or a fine of up to Rs 1 lakh, or both. Corporate and enterprise VPNs have been exempted from the regulations, expected to come into effect on June 27.

On April 28, India’s cybersecurity watchdog Computer Emergency Response Team (CERT-In) issued a set of rules—called Cyber Security Directions—which require companies offering Virtual Private Networks (VPNs) to store in their servers a wide range of data on their subscribers, including names, addresses, contact numbers, email addresses, IP addresses, ownership patterns and purpose of hiring the services, for a period of five years. The directive made it mandatory for VPN service providers to report cyber security breach incidents within six hours of noticing them. Failure to comply can invite a jail term of one year or a fine of up to Rs 1 lakh, or both. Corporate and enterprise VPNs have been exempted from the regulations, expected to come into effect on June 27.

In response, ExpressVPN, a popular VPN service provider owned by British Virgin Islands-based Express Technologies, announced its exit from India. Calling it an assault on the right to privacy, activists and legal experts have labelled it as a government ploy to step up surveillance. The government claims the move would protect vulnerable citizens from cybercrimes.

Establishing an encrypted connection between computers and the internet and providing a private route for data, a VPN service protects users by preventing their IP addresses from being tracked by websites, law enforcement agencies, cybercriminals and others. Most users subscribe to VPN services to access company networks securely, remain anonymous, access geo-restricted content, get around internet curbs and so on.

The new rules will force VPN firms to switch to storage servers, inflate costs and override their contractual obligation towards their customers to not disclose personal details. Any leak of stored data can expose users to its potential misuse. Such leaks can be a huge problem in India as, with over 270 million VPN users, it ranks among the top 20 countries in VPN adoption, according to AtlasVPN’s global index. “The creation of these vast databases that could contain personal, sensitive information will make them honeypots,” says Prateek Waghre, policy director at Internet Freedom Foundation.

The new rules will force VPN firms to switch to storage servers, inflate costs and override their contractual obligation towards their customers to not disclose personal details.

Calling these rules “overreaching”, ExpressVPN has said that potential misuse of the new rules outweighs any benefit. It may not be the only company to leave India—firms like NordVPN and PureVPN have also indicated that they may shut shop. US-based technology industry body ITI, with tech firms like Google, Facebook, IBM and Cisco as its members, has sought a revision in the government’s directive.

The CERT-In claims that the rules will not impact users’ right to privacy, as the agency would only seek data during cybersecurity breaches. Government sources claim the rules aim to curb the high volume of cybercrimes—despite a fall of 62 per cent in data breach incidents in the fourth quarter of 2021, India was among the top five nations recording breaches last year, revealed a study by the Netherlands-based VPN provider Surfshark. The move would make it easier to track criminals using VPNs to hide their internet footprint.

Critics are not convinced, though. “There are no clear checks and balances on what information CERT-In can request. The lack of clarity and stringent consequences for non-compliance could result in companies logging more information than necessary,” says Waghre. But the Centre seems in no mood to relent: it has ruled out any chance of a revision. Union minister of state for electronics and information technology Rajeev Chandrasekhar has said that non-compliant companies will simply have to pull out. Compared to several other countries, he said, India was being “very generous” in giving firms six hours to report security breaches. VPN services are regulated or banned in countries like China, Russia, North Korea, Iraq, Belarus, Oman and the UAE.

Critics say the new directives can help expand the scope of government surveillance. In some nations, VPNs have helped dissidents raise their voice against authorities anonymously. That cover will no more be available in India. “The new Indian VPN regulations threaten to put citizens under a microscope of surveillance,” said a statement by ProtonVPN, a service provider. The fear also stems from recent moves by the Centre—last year, India tightened regulation of Big Tech firms by introducing the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to curb social media ‘misuse’. Techno-legal experts say the absence of a data protection law in India means the storage of data for five years can harm the fundamental right to privacy.

Most cybersecurity experts claim the CERT-In rules are not implementable. “There are VPNs operating out of India, which local users can access without getting tracked,” says Jaijit Bhattacharya, president, Centre for Digital Economy Policy Research. Given this scenario, many experts say CERT-In should have best left the VPNs to manage their networks. “With very poor capacity at CERT-In, what will they do with such huge amounts of stored information?” asks cyber security expert Subimal Bhattacharjee. The way forward, as most concur, is to create a global environment of cooperation. “Unless the world comes together, cyber security breaches are unlikely to be solved in isolation,” says Bhattacharya.

Source: https://www.indiatoday.in/magazine/up-front/story/20220620-vpn-hide-but-seek-1960944-2022-06-10

VPN

npressfetimg-1255.png
VPN

What is a VPN? Can it really protect my online privacy and security? – Fox News

Privacy has never been in such short supply.  There’s one technology I’ve found essential to fighting back against big tech’s prying and spying routine.   A VPN, or virtual private network, can be a very good idea for you to secure your internet connection, and it can be an effective way for you to protect your online privacy and security.

CLICK TO G…….

Read More
npressfetimg-1182.png
VPN

How to Pick a VPN for Torrenting – How-To Geek

Favebrush/Shutterstock.com

When you pick a VPN for torrenting, you need to look out for a few key security features, like a kill switch and transparent no-log policy. Also, avoid United States-based VPN providers and servers.

If you’re going to torrent, you’re going to need a VPN to protect yourself while doing so. How do you pick a good VPN for torrenting, though, is there something …….

Read More
npressfetimg-1109.png
VPN

The best Thailand VPN in 2023 – TechRadar

Thailand isn’t just beautiful beaches, breath-taking jungles, playful monkeys and yummy Pad Thai. Something that tourists often forget is that authorities are infamous for their strong grip on the internet. That’s where the best Thailand VPN apps can come handy.

Following the 2006 military coup d’état, online censorship and surveillance have been growing year by year. Now beyond solely …….

Read More
Powered by WordPress | WP Magazine by WP Mag Plus