1. Forum
  2. FidoNET
  3. CONSPRCY

  • India orders VPNs to bloc

    From Mike Powell@1:2320/105 to All on Friday, December 12, 2025 13:01:00
    India orders VPNs to block access to websites that unlawfully expose
    citizens' data

    Date:
    Fri, 12 Dec 2025 12:56:45 +0000

    Description:
    The MeitY request comes as a way to protect Indian citizens' personal data,
    but it could clash with how no-log VPN services operate. Here's all you need
    to know.

    FULL STORY

    VPN providers operating in India have been directed to block access to
    websites that unlawfully disclose citizens' personal details, following an advisory from India's Ministry of Electronics and Information Technology (MeitY).

    The directive, which was issued on December 11, warns that these websites
    "pose a significant risk to Indian users."

    Authorities highlighted several specific sites that allegedly reveal
    sensitive personal data, including full names, addresses, mobile numbers, and email addresses. According to the advisory, these platforms remain accessible to users connecting via a virtual private network (VPN ).

    Under the IT Act 2000 and IT Rules 2021, VPN providers must "make reasonable efforts" to prevent access to websites that operate in violation of the law. The directive also explicitly reminds providers of their obligation to assist authorities by providing information needed to verify identities or
    investigate cybercrimes.

    What's this mean for VPN users?

    While MeitY's request aims to protect Indian citizens' personal data, it fundamentally conflicts with the way the best VPN apps work.

    Privacy-first providers operate under a strict no-log policy . This means
    that the service doesn't collect any identifiable information about what
    users do online when connected with the VPN.

    Many companies, including NordVPN , Proton VPN , ExpressVPN , and Surfshark , decided to remove their physical servers from India back in 2022. This move
    was a direct reaction to CERT-In rules requiring VPN and security software providers to store user data such as IP addresses, real names, and usage patterns and hand it over to authorities upon request.

    Unsurprisingly, these requirements were deemed incompatible with the core purpose of a VPN by the industry.

    The latest advisory threatens to revive the debate between protecting user anonymity and law enforcement's need for data access to combat crime.
    However, if the industry's response three years ago is any indication, we expect most VPN companies will prioritize their privacy promises to users and refuse to collect or share data with anyone including the police.

    We test and review VPN services in the context of legal recreational uses.
    For example:1. Accessing a service from another country (subject to the terms and conditions of that service).2. Protecting your online security and strengthening your online privacy when abroad.We do not support or condone using a VPN service to break the law or conduct illegal activities. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

    ======================================================================
    Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/india-orders-vpns-to-block- access-to-websites-that-unlawfully-expose-citizens-data

    $$
    --- SBBSecho 3.28-Linux
    * Origin: Capitol City Online (1:2320/105)