An app store window on a computer screen, featuring a variety of VPN app icons that look shady and dangerous

Is that you again, Barbra?

It’s been a year since the laws requiring VPN (Virtual Private Network) companies to record and store logs regarding their users’ activities were enacted. Most of the VPN services dominating the landscape were from well-known companies who had been in the VPN business for decades. The move, ostensibly aimed at enhancing national security, led to a mass exodus of these reputable VPN services from the country. A year later, the landscape is dominated by dubious VPN apps, many of which are free and developed by unknown entities, raising serious concerns about data privacy and security. The Google Play store top 100 ranking apps, by popularity, has more than 25 such apps at the time of writing this. So instead of having to deal with a few known entities, we now have a situation where we have 25 unknown entities with no legal representation in the country having access to the browsing habits and IP addresses of Indian citizens.

The decision to impose stringent regulations on VPN services was met with widespread criticism from privacy activists. They argued that the move was an infringement on privacy rights and a potential tool for state surveillance. The requirement for VPN providers to log user activities, including IP addresses and timestamps, was seen as a gross violation of the principle of net neutrality and the privacy norms that VPNs are designed to uphold.

The immediate aftermath of the law saw several renowned VPN services exiting the Indian market, unwilling to compromise their users’ privacy. This vacuum was quickly filled by a plethora of free VPN apps, many of which are developed by unknown entities. Just a glance at their contact email IDs can tell you that. And some of these apps have been built by enterprising individuals in their own bid to “fight the man”. Unfortunately, these apps, while offering the allure of free and unrestricted internet access, come with their own set of risks.

The primary concern with these free VPN apps is the lack of transparency about their data handling practices. Given that these apps are free, it is reasonable to assume that they monetise through other means, such as selling user data to advertisers. This is a significant privacy concern, as users’ online activities, personal information, and even location data could be at risk. Although, this risk can be argued to be much lesser than state surveillance.

Moreover, the quality and security of these free VPNs are questionable at best. Many of them lack the robust encryption standards that reputable VPN services offer, leaving users vulnerable to cyber threats. Additionally, the lack of regulation and oversight over these apps further exacerbates the risk. The VPN restrictions have, in effect, replaced a regulated market of reputable services with a wild west of dubious apps. This has not only failed to enhance national security but has also potentially put millions of Indian internet users at risk.

The rise in popularity of these dubious VPN apps also highlights the ineffectiveness of the restrictions or outright bans. Despite the regulations, Indian internet users continue to seek out VPN services, underscoring the demand for unrestricted internet access. This is a clear indication that the approach to regulating VPNs is flawed and needs a rethink.

Instead of imposing blanket restrictions, there should be a more nuanced approach. This could involve setting up a regulatory framework that encourages VPN services to operate transparently and responsibly, while also respecting users’ privacy rights. Such a framework could include stringent data handling and security standards, as well as penalties for non-compliance.

Furthermore, there should be digital literacy programs to educate the public about the risks associated with using dubious VPN apps. This would empower users to make informed decisions about their internet usage and protect themselves from potential threats.

This was yet another clear demonstration of the Streisand Effect, wherein the VPN restrictions have been largely ineffective in achieving their stated goals. Instead, they have led to a surge in dubious VPN apps, putting users’ privacy and security at risk. It’s high time for a policy rethink, one that balances the need for national security with the rights of internet users. The internet, after all, should be a space for freedom, not fear.