TZUTC: -0500
MSGID: 1831.consprcy@1:2320/105 2da19583
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
India orders VPNs to block access to websites that unlawfully expose 
citizens' data

Date:
Fri, 12 Dec 2025 12:56:45 +0000

Description:
The MeitY request comes as a way to protect Indian citizens' personal data,
but it could clash with how no-log VPN services operate. Here's all you need
to know.

FULL STORY

VPN providers operating in India have been directed to block access to
websites that unlawfully disclose citizens' personal details, following an
advisory from India's Ministry of Electronics and Information Technology
(MeitY). 

The directive, which was issued on December 11, warns that these websites
"pose a significant risk to Indian users." 

Authorities highlighted several specific sites that allegedly reveal 
sensitive personal data, including full names, addresses, mobile numbers, and
email addresses. According to the advisory, these platforms remain accessible
to users connecting via a virtual private network (VPN ). 

Under the IT Act 2000 and IT Rules 2021, VPN providers must "make reasonable
efforts" to prevent access to websites that operate in violation of the law.
The directive also explicitly reminds providers of their obligation to assist
authorities by providing information needed to verify identities or
investigate cybercrimes.

What's this mean for VPN users?

While MeitY's request aims to protect Indian citizens' personal data, it
fundamentally conflicts with the way the best VPN apps work. 

Privacy-first providers operate under a strict no-log policy . This means 
that the service doesn't collect any identifiable information about what 
users do online when connected with the VPN. 

Many companies, including NordVPN , Proton VPN , ExpressVPN , and Surfshark ,
decided to remove their physical servers from India back in 2022. This move
was a direct reaction to CERT-In rules requiring VPN and security software
providers to store user data  such as IP addresses, real names, and usage
patterns  and hand it over to authorities upon request. 

Unsurprisingly, these requirements were deemed incompatible with the core
purpose of a VPN by the industry. 

The latest advisory threatens to revive the debate between protecting user
anonymity and law enforcement's need for data access to combat crime. 
However, if the industry's response three years ago is any indication, we
expect most VPN companies will prioritize their privacy promises to users and
refuse to collect or share data with anyone  including the police. 

We test and review VPN services in the context of legal recreational uses. 
For example:1. Accessing a service from another country (subject to the terms
and conditions of that service).2. Protecting your online security and
strengthening your online privacy when abroad.We do not support or condone
using a VPN service to break the law or conduct illegal activities. Consuming
pirated content that is paid-for is neither endorsed nor approved by Future
Publishing. 

======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-privacy-security/india-orders-vpns-to-block-
access-to-websites-that-unlawfully-expose-citizens-data

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426