The Swiss-based company behind Proton VPN have decided to shut off all its servers in India.
This comes amid concerns over the new CERT-In regulations about to be enforced.
Proton is only the last of the best VPN providers exiting the country to safeguard its customers' privacy. In June, we saw ExpressVPN's exit from India, Surfshark's pledge to remove its physical servers, Hide.me's announcement to pull the plug, together with NordVPN last joining the exiting group citing fears over freedom of speech.
Under India's new law, VPN companies will be required to store users’ real names, IP addresses assigned to them, usage patterns and other identifying data for up to five years. They will also be required to hand this information over to authorities upon request.
Initially planned to come into force on June 28, the new legislation is about to be enforced on September 25.
Today, we’re removing our VPN servers in India to protect the privacy of our community due to India’s new surveillance law. However, we’ve rolled out smart routing servers to still give you an Indian IP address.Read @andyyen’s interview with @WSJ: https://t.co/5iIy1Di3mVSeptember 22, 2022
Smart Routing servers to get an India IP
Talking about its decision in a blog post (opens in new tab), the provider said: "This is against everything we stand for.
"We have no intention of complying with this invasive mass surveillance law, leaving us no choice but to remove our VPN servers from Indian jurisdiction."
This doesn't mean that people in India would not be able to enjoy the protection of its software, though. Quite the opposite, actually.
"While we are resisting the Indian government’s authoritarianism, we are still committed to serving Indian citizens," Proton VPN spokesperson Matt Fossen told TechRadar Pro.
Users can still opt for one of the many secure international servers available across 64 countries. And, those in need of a secure connection via an India IP address, can enjoy the security of its Smart Routing network.
> Any VPN with servers in India must now store activity logs on users (opens in new tab)
> VPN virtual locations: what are they and are they secure? (opens in new tab)
> Our pick of the best India VPN around right now (opens in new tab)
Similarly to other providers who have gone virtual to protect the privacy of their users, Proton Smart Routing servers are physically based in Singapore. These are the same in terms of functionality, though, allowing users to get an Indian IP.
"If you live in India or used to connect to our India-based VPN servers from elsewhere, you can switch to these Smart Routing servers and use Proton VPN just as before," assures the provider.
Therefore, while safely browsing the web locally, users in India will still have their data secured by a truly no-logs VPN type of service.
Why is India's new data retention law controversial?
While India's new data retention law comes as an effort to clamp down on cybercrime, its regulations have been sparking many concerns across the tech sector and privacy advocate groups.
"It’s going to have a chilling effect. I find it really sad that the world’s largest democracy is taking this path,” said Proton AG Chief Executive Andy Yen to The Wall Street Journal (opens in new tab), adding that the move will also expose activists and whistleblowers to dangers.
Worries that such intrusive regulations can easily be misused to foster mass surveillance and undermine citizens' civil liberties are not groundless, though. India is indeed infamous for its backsliding media freedom (opens in new tab) and the infamy of recording more internet shutdowns than any other country (opens in new tab) in the world.
What's more, VPN providers are just some of the companies subjected to the new CERT-In directives. Other services include data centers, cloud storage services, virtual private servers (VPS), and cryptocurrency exchanges.
The amount of stored private information will then be massive, throughout thousands of different companies. This opens not to a few doubts about new regulations' feasibility.
On this point, Head of Public Relations at NordVPN Laura Tyrylyte told TechRadar: "It is hard to imagine that all, especially small and medium enterprises, will have the proper means to ensure the security of such data."
And it's not just privacy worries. India's new data law is believed to have a negative impact on its fast-growing IT sector too, perhaps translating into higher fees for India VPN users overall.