DT
PT
Subscribe To Print Edition About The Tribune Code Of Ethics Download App Advertise with us Classifieds
search-icon-img
search-icon-img
Advertisement
PREMIUM Explainers Defence Photo Gallery Cricket Simply Punjab Simply Haryana UPSC
Home / Exam Mentor / Tunneling through restrictions: The double-edged sword of VPNs in India

Tunneling through restrictions: The double-edged sword of VPNs in India

Info Nuggets
article_Author
Ivninder Pal Singh
TNS
Chandigarh, Updated At : 02:12 PM Aug 16, 2025 IST
  • fb
  • twitter
  • whatsapp
  • whatsapp
featured-img featured-img
Advertisement

A VPN stands for Virtual Private Network — it’s like a secure, private tunnel through the internet.

Advertisement

 How it works

  1. Encryption: When you connect to a VPN, all your internet traffic is scrambled (encrypted) so others can’t read it.
  2. Server in between: Instead of going directly to websites, your data first goes to a VPN server (which can be anywhere in the world).
  3. New IP Address: Websites see the VPN server’s IP, not yours, hiding your real location.

Why people use VPNs

Advertisement

  • Privacy: Stops your Internet Service Provider (ISP), hackers, or even public Wi-Fi snoopers from tracking your activity
  • Security: Protects sensitive data like passwords or banking info
  • Bypass restrictions: Lets you access region-locked websites, streaming content, or apps
  • Avoid tracking: Makes online advertisers’ job harder

Limitations

  • A VPN doesn’t make you completely anonymous — websites can still track you through cookies or your logged-in accounts
  • Speed might be slower due to encryption and distance to the VPN server
  • You must trust the VPN provider, because they can see your traffic if it’s not end-to-end encrypted.

In short: A VPN is like mailing a letter in a locked box that only you and the receiver can open — and the post office (internet) doesn’t know what’s inside or who really sent it.

Advertisement

VPN & regulation in India (2025)

  1. Policy background: CERT-In Directives (April 2022)

In April 2022, India’s cyber security arm CERT-In issued new directions under the IT Act, requiring VPN providers (alongside data centers, cloud services, VPS providers and crypto exchanges) to maintain detailed customer logs for five years, including:

  • Name, address, email, contact
  • IP addresses used (registration & usage)
  • Duration and purpose of VPN use
  • Ownership pattern, timestamps, usage logs (180-day rolling logs)

Corporate in-house VPNs (i.e., those that serve only employees without registration or billing) are exempt, but third-party/consumer VPNs are under the mandate .

  1. Implementation timeline & industry response

Implementation delayed: Originally due June 2022, deadlines were extended to September 25, 2022.

VPN Exodus: Major providers like ExpressVPN, NordVPN, and Surfshark pulled out their physical servers from India, opting for virtual servers (e.g., “India via Singapore/UK”) to continue providing Indian IPs while avoiding compliance .

Privacy advocates flagged this as a major erosion of civil liberties and a dangerous precedent toward mass surveillance .

  1. Government justification

CERT-In argued the logging directive is essential to strengthen cybersecurity and close gaps in incident analysis, enabling swift response to cyber threats .

  1. Current status

As of 2023–2025, CERT-In continues to issue compliance notices to VPN service providers to ascertain if the mandates are adhered to .

In January 2025, the government reportedly asked Apple and Google to remove certain VPN apps from Indian app stores—further tightening control and access to VPN services .

UPSC-relevant insights and sample answer framework

         a) Importance of VPNs in cybersecurity & governance

  • Ensures data encryption, identity masking, and secure access to sensitive systems—vital during remote government operations or when accessing institutional networks
  • Crucial for journalistic confidentiality, protection of whistleblowers, and dissent in digital spaces

     b) Policy balance: Privacy vs security

  • Privacy concerns: Mandatory logs undermine the very premise of VPNs; storing personal data for five years raises risk of misuse or breach (right to privacy under Article 21)
  • Security rationale: Logs aid in tracing cyber incidents, especially when VPN usage masks source IPs—improving forensic capabilities

    c) Consequences & industry reactions

  • Exodus of VPN servers from India: Indicates global providers resist compromising privacy
  • Use of virtual servers outside jurisdiction highlights a workaround but may degrade user experience slightly
  • App removal from stores hinders user access—users may turn to alternate tools like Tor, self-hosted VPNs, or browser-based privacy tools
Advertisement
Advertisement
Advertisement
Advertisement

The Tribune, now published from Chandigarh, started publication on February 2, 1881, in Lahore (now in Pakistan). It was started by Sardar Dyal Singh Majithia, a public-spirited philanthropist, and is run by a trust comprising five eminent persons as trustees.

The Tribune, the largest selling English daily in North India, publishes news and views without any bias or prejudice of any kind. Restraint and moderation, rather than agitational language and partisanship, are the hallmarks of the newspaper. It is an independent newspaper in the real sense of the term.

The Tribune has two sister publications, Punjabi Tribune (in Punjabi) and Dainik Tribune (in Hindi).

Remembering Sardar Dyal Singh Majithia

Copyright © The Tribune Trust, 2024
Designed and developed by : sortd
tlbr_img1 Classifieds tlbr_img2 Videos tlbr_img3 Premium tlbr_img4 E-Paper tlbr_img5 Shorts