New VPN Rules introduced in India: VPN Browsers will now save your history, address and other details

Virtual private network (VPN) companies in India must collect and maintain customer data for at least 5 years, according to a directive from Computer Emergency Response Team (CERT-In).

The mandate applies to Virtual Private Server (VPS) providers, VPN service providers, cloud service providers, data centers, and is aimed at maintaining accurate information on customer registrations details.

What is VPN?

A VPN connection establishes a secure connection between you and the internet. Via the VPN, all your data traffic is routed through an encrypted virtual tunnel. This disguises your IP address when you use the internet, making its location invisible to everyone. A VPN connection is also secure against external attacks.

How VPN works?

A VPN creates a type of tunnel that hides your online activity, including the links you click or the files you download, so that cybercriminals, businesses, government agencies, or other can’t see it.

Advantages & Disadvantages of VPN?

The most important advantage of VPN is privacy. Your IP address, location and others details are hidden. But this also leads to increased cyber crime. Criminals use VPN network to hide their identity.

Why Government introduced new VPN rules?

As told above, criminals can hide their identity via VPN network. It becomes difficult to trace criminals involved in cyber crime. Thus, government has introduced the new VPN rules so that the identification of users becomes easier.

What details can be collected?

Details must include names, addresses, contact numbers and email address of customers hiring the services, period of hire, IPs allotted to them, time stamp used at the time of registration, purpose for hiring services and ownership pattern of the customers.

The order will become effective after 60 days and failure to furnish the information or non-compliance with the directions, may invite punitive action, CERT-In said.

The CERT-In serves as the national agency that analyses cyber threats and handles cyber incidents reported to it.