India’s new VPN rules spark fresh fears over online privacy

Virtual private networks (VPNs) that encrypt data and provide users with anonymity online have seen a surge in use in India in recent years as the government tightened its grip on the internet to curb dissent, and as more people worked from home.

Now, some VPN providers are leaving India while others are considering doing so ahead of new rules that the government says are aimed at improving cybersecurity, but that the firms argue are vulnerable to abuse and could put users’ data at risk.

Under legislation scheduled to take effect this month, VPN providers are required to retain user data and IP addresses for at least five years – even after clients stop using the service.