On Tuesday, Collect and store—Data for five years. On Tuesday, Virtual Private Network (VPN) provider Surfshark announced that it was shutting down its servers in India in response to a government directive requiring VPN service providers to capture and maintain user logs for 180 days and deny customers. The Netherlands-based company said it was operating under a strict ‘no log’ policy, so the government’s new demands go against its ‘core ethos’. Last week, ExpressVPN withdrew its VPN servers in the country in response to the government’s order.
w goes into effect. The company decided to introduce its virtual Indian servers instead of the physical servers in the country, which will be in Singapore and London. The virtual servers will have an Indian IP address to provide the same functionality without being physically located in the country.
Surfshark’s move is similar to ExpressVPN, which removed its VPN servers in India last week and began offering virtual Indian servers to its users.
“Virtual servers are functionally identical to physical servers – the main difference being that they are not located in the country indicated. They still offer the same functionality,” said Surfshark.
The company also stressed that its users in India who are not using Indian servers would not notice any differences.
“A VPN is an online privacy tool, and Surfshark was created to make it as easy as possible for the casual user. The infrastructure Surfshark runs on is configured to respect the privacy of our users, and we will live up to our values - or our technicalities. Not endanger the base,” Gytis Malinauskas, Head of Legal at Surfshark, said in a prepared statement.
Surfshark also said it would “continue to closely monitor the government’s efforts to restrict internet freedom and encourage discussions to convince the government to hear the tech industry’s arguments”.
The company said VPN service providers leaving the country are not good for the IT sector.
Citing its internal records, Surfshark said 14.9 billion accounts had been leaked online since 2004 — 254.9 million of which were users from India.
“Taking such radical measures that have a major impact on the privacy of millions of people living in India will most likely be counterproductive and greatly hurt the industry’s growth. Ultimately, collecting excessive amounts of data within the Indian jurisdiction without robust defense mechanisms could lead to even more breaches across the country,” the company noted.
India’s Computer Emergency Response Team (CERT-In) has passed the order requiring VPN service providers to keep a log of their users for at least five years and share it with authorities if necessary. It will take effect from June 27.
Several VPN service providers expressed their dismay several VPN service providers expressed their disappointment shortly after the government order went public. MotherN mother Nord Security was one of the first to hint at removing its servers from the country if no other options are provided.