The decision follows ExpressVPN’s decision earlier this week to also pull out of the country, and it’s likely others will follow the two industry trend setters. The mass exodus will have huge ramifications for internet freedom in India, and Indian nationals abroad will now struggle to access content from their home country – although virtual servers could go some way to alleviating the problem.
Surfshark Surfs Out of India
India’s government recently added new provisions to section 70b of its Information Technology Act (2000) which conflict with the core mission statements of VPNs like Surfshark, which pledge to keep no logs of its user activity. The new rules require Virtual Private Network Service providers to collect “Validated names of subscribers/customers hiring the services, IPs allotted to / being used by the members, Email address and IP address and time stamp used at the time of registration / on-boarding”. In an email correspondence with CNBC-TV18, Surfshark said these laws “go against the core ethos of the company”. “The infrastructure that Surfshark runs on has been configured in a way that respects the privacy of our users, and we will not compromise our values — or our technical base,” the statement said. Gytis Malinauskus, head of Surfshark’s legal team, said residents of India “will still be able to connect to whichever server outside the country they please”, but decried the Government’s attempt to curtail the internet freedom of its citizens.
Virtual Servers: A Workaround?
Surfshark has pledged to set up virtual servers for India instead. Although millions of people now use VPNs, not everyone is aware of the prevalence of Virtual Servers in virtual private networks. For most VPN companies with global server networks, when they say a server is in a country (e.g. Brazil) the server itself is in Brazil. It will be owned and managed by the VPN network itself or it’ll be a rented server in a server farm. Providers like VyprVPN own their own hardware – and some companies also manage the locations it’s kept in – but it’s much more common for VPN companies to rent out hardware in server farms and use that to host connections for their users. Virtual Servers, on the other hand, aren’t actually in the countries they say they’re in. However, if a VPN company had a Brazil Server that wasn’t actually in Brazil, it would still dish out Brazilian IP addresses to its users. Just under 3% of ExpressVPN’s servers, for example, are virtual servers that aren’t in the countries they provide a connection to.
A Dark Period for Internet Freedom in India
Internet freedom in India – for a country that claims to be open and democratic – is abysmal. Freedomehouse.org, which charts internet freedom across the world, said in their 2021 report that “internet freedom in India weakened for a fourth straight year.” The country regularly shuts down the internet in cities where demonstrations are being held – a tactic that made global headlines in the wake of the farmer’s protests. US-based tech companies are regularly lobbied by the government to take down content from their sites, and over 100 apps from China have been banned, including TikTok and WeChat in the wake of border skirmishes between the two superpowers in 2021. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, which came into force the same year, sought to skirt around end-to-end encryption and increase data retention in the name of national security.
Surfshark and ExpressVPN: VPNs you can Trust
Surfshark and ExpressVPN are two of the most secure VPNs currently available on the market. Their decision to up sticks and leave India is a testament to their no-logs policies, which both providers were unwilling to compromise. The same cannot be said for every VPN provider, however – there will be some that don’t leave India, and instead just assent to the government’s new laws despite the fact they make virtual private networks effectively self-defeating. There is, unfortunately, a large number of shady VPN providers lurking around on App stores, and providers that will wilfully collect and sell user data whilst masquerading as a legitimate, principled VPN company. Hola VPN – which isn’t really a VPN at all, yet uses the acronym to leverage trust – is a prime example of this, and has been reported as being unsafe. So, if you’re on the market for a consumer or Business VPN, ensure to do some research prior to purchase – it’s always better to be safe than sorry.