Business Standard

Sunday, December 29, 2024 | 10:30 AM ISTEN Hindi

Notification Icon
userprofile IconSearch

After India, US now aims to begin crackdown on VPN service providers

After India, the US lawmakers have now asked the Lina Khan-led Federal Trade Commission (FTC) to address abusive and deceptive data practices by hundreds of companies

The use of VPNs did not re­main confined to business applications.

US to begin crackdown on VPN service providers

IANS Washington/New Delhi

After India, the US lawmakers have now asked the Lina Khan-led Federal Trade Commission (FTC) to address abusive and deceptive data practices by hundreds of companies providing Virtual Private Network (VPN) services for individuals.

A VPN is an online service that purports to give users more security when connecting to the Internet.

However, said the lawmakers, the consumer VPN industry is rife with deceptive advertising and abusive data practices.

The letter by Anna G. Eshoo (D-CA) and Ron Wyden (D-OR) describe several abusive practices in the consumer VPN industry, including promoting false and misleading claims about their services, selling user data and providing user activity logs to law enforcement, despite promises of 'total anonymity,' and a lack of oversight of the industry in general.

 

"We urge you to use your authority to take enforcement actions against the problematic actors in the consumer VPN industry, focusing particularly on those that engage in deceptive advertising and data collection practices," they said.

The VPN industry is extremely opaque, and many VPN providers exploit, mislead, and take advantage of unwitting consumers, the lawmakers added.

In India, a directive from the Indian Computer Emergency Response Team (CERT-In) has also sought additional compliance requirements for all VPN providers whose users are in the country.

The new rules, to be effective from September 25, require VPN service providers along with data centres and cloud service providers, to store information such as names, email IDs, contact numbers, and IP addresses (among other things) of their customers for a period of five years.

Leading VPN service providers NordVPN, Surfshark and ExpressVPN have removed their servers from India over the new directions.

The US lawmakers said it is extremely difficult for someone to decipher which VPN service to trust, especially for those in crisis situations.

"There are hundreds, if not thousands, of VPN services available to download, yet there is a lack of practical tools or independent research to audit VPN providers' security claims," the letter read.

Many popular VPN services also spread inaccurate information on their websites.

In December 2021, Consumer Reports (CR) found that 75 per cent of leading VPN providers misrepresented their products and technology or made hyperbolic claims about the protection they provide users on their websites, such as advertising a 'military-grade encryption' which doesn't exist.

Advocacy groups have also found that leading VPN services intentionally misrepresent the functionality of their product and fail to provide adequate security to their users.

"VPN services have also been exposed for collecting, and, in some cases, abusing, user data. In 2020 it was revealed that a leading analytics firm used personal data from over 35 million people who had downloaded one of their 20 VPN and ad-blocking apps to power their analytics platform without consent," the letter said.

--IANS

na/dpb

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Jul 18 2022 | 11:06 AM IST

Explore News