Virtual private network (VPN) provider Surfshark announce that it is shutting down its servers in India as a response to the government’s directive that made it mandatory for VPN service providers to record and keep logs of users for 180 days and collect and keep customer data for five years.
The Surfshark said it operate under a strict “no log” policy, so the new requirements by the government go against its “core ethos.”
Last week, ExpressVPN pull its VPN servers in the country in response to the government’s order.
Surfshark said that its physical servers in India would be shut down before the new law comes into power.
The Surfshark decide to introduce its virtual Indian servers instead of the physical servers in the country that will be located in Singapore and London.
The virtual servers will have an Indian IP to provide the same functionality, but without being physically located in the country.
The move by Surfshark is similar to ExpressVPN that last week remove its VPN servers in India and start offering virtual Indian servers to its users.
Surfshark Said :
“Virtual servers are functionally identical to physical ones the main difference is that they’re not located in the stated country. They still provide the same functionality,”.
The Surfshark also said that its users in India who do not use Indian servers would not notice any differences.
Gytis Malinauskas, Head of Legal at Surfshark, Said :
“A VPN is an online privacy tool, and Surfshark was founded to make it as easy to use for the common users as possible. The infrastructure that Surfshark runs on has been configure in a way that respects the privacy of our users, and we will not compromise our values or our technical base,”.
Surfshark also said that it would continue to closely “monitor the government’s attempts to limit Internet freedom and encourage discussions intended to persuade the government to hear the arguments of the tech industry.”
The Surfshark mention that VPN service providers leaving the country was not good for the IT sector.
Citing its internal data, Surfshark said that since 2004, 14.9 billion accounts have been leak online of which, 254.9 million are of users from India.
Surfshark Said :
“Taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector’s growth in the country. Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide,”.
India’s Computer Emergency Response Team (CERT-In) passed the order requiring VPN service providers to keep a log of their users for at least 5 years and sharing them with authorities when required.
It will come into force from 27th June 2022.
Shortly after the government’s order became public, various VPN service providers expressed their dissent.
NordVPN parent Nord Security was amongst the first ones to hint to remove its servers from the country if no other options are provide.
