Explained: What Does Govt's Mandates For VPN Apps To Store & Share User Data Mean
CERT-In is doing so to deal with a bunch of vulnerabilities including fake mobile apps, data breaches, unauthorised access to social media accounts and others.
A new IT policy introduced by the government now calls on virtual private networks (VPNs) to collect a good chunk of consumer data and store it with them for at least five years.
Also Read: Thousands Of Indians Still Use Chinese Apps With VPN, Despite Govt Ban
This new policy has been introduced by CERT-In (Computer Emergency Response Team). The policy that¡¯s expected to go into effect in June 2022 has also listed cryptocurrency exchanges and data centres under its provision.
The directive asks VPN companies to keep user info even after the user no longer has an account with the service provider. They¡¯ll be asked to store user names, IP addresses, usage patterns as well as other kinds of identifiable information.
CERT-In is doing so to deal with a bunch of vulnerabilities including fake mobile apps, data breaches, unauthorised access to social media accounts and others.
What exactly is VPN?
To the unaware, VPN is a method used to add security and privacy to private and public networks, like WiFi hotspots and the internet.
A VPN app allows a user to hide their IP address like Harry Potter¡¯s invisibility cloak and does not allow any app to see its real location.
Also Read: An Idiot's Guide To VPN - What It Is And Why It's Important For You
It essentially simulates their network to a different geographical location while hiding their identity.
Basically, even though you¡¯re in India, using VPN you can let the website know that you¡¯re actually from the US, allowing you to see content that would otherwise only be permitted to be visible in that territory.
Why are the new policies a big deal?
Normally, VPNs have a no-logging policy and the companies offer VPN services off RAM-disk servers among other log-less technology that doesn¡¯t really store any user browsing data apart from a temporary state.
The new provisions, however, would force these companies to switch to storage servers that would store everything in the company¡¯s records, essentially increasing their functioning costs.
This would somewhat render the premise of even using a VPN moot as it will make possible tracking of a users activity online, similar to a VPN not being present.
Why is the government doing this?
The government is applying these provisions to keep in check a total of 20 vulnerabilities including unauthorised access of social media accounts, IT systems, cyber attacks of any kind.
Essentially, it doesn¡¯t want bad actors online to have this invisibility cloak thinking they can get away by doing all the wrongs. By allowing access to VPN data, cybercrime teams can lock down on potential bad actors a lot more effectively -- something that would be almost impossible without it
The list doesn¡¯t really include visiting banned websites, including those that stream pornography or illegal torrent websites. But this data would also be reflected if VPNs are to store all of your browsing histories.
Is VPN a waste of money now?
This is where there is some ambiguity. Theoretically, if you¡¯re someone who uses a VPN just to access sites outside of your region -- sites that aren¡¯t illegal to visit -- having a VPN connection makes sense.
Similarly, if you use VPN to keep website cookies away from your browsing history, it will continue to help you do so.
It¡¯s only those who participate in illegal online activities using VPNs that need to really worry as now they cannot consider themselves to be untouchable hiding under the veil of VPNs.
Although it is important to note, there are still a lot of unanswered questions that hopefully will get answered as VPN service providers adjust to this policy.
Keep visiting Indiatimes.com for the latest science and technology news.