wordpress blog stats
Connect with us

Hi, what are you looking for?

UPDATE: YOU Broadband’s terms of service prohibit VPNs with powerful encryption

YOU Broadband, India’s fifth largest wireline Internet provider, has prohibited VPNs with powerful encryption in its fine print. A previous version of this was first pointed out by a user on reddit. This is what it said:

The Customer shall not take any steps including adopting any encryption system that prevents or in any way hinders the Company from maintaining a log of the Customer or maintaining or having access to copies of all packages/data originating from the Customer.

UPDATE (06/07): YOU Broadband has changed that condition after this story came out, to narrowly address VPNs and encryption:

The Customer may use VPN and encryption up to the bit length permitted by the Department of Telecommunications.

A large portion of content on the Internet is served encrypted these days, with many sites being served over secure HTTPS connections. This makes the content of those webpages completely unreadable to ISPs. On the other hand, Virtual Private Networks, or VPNs, serve data through a different location often through a completely encrypted tunnel, using upto 4096 bits of encryption, or more. 40 bits of encryption, which is the DOT’s limit, can be broken in a few hours.

Advertisement. Scroll to continue reading.

You Broadband accounts for 0.63 million of India’s startlingly low 18.25 million wireline broadband connections.

Where have these terms come from?

YOU Broadband’s terms seem to exist because of guidelines issued in 2007 by the Department of Telecommunications in 2007, prohibiting users from using encryption of more than 40 bits. Interestingly, most standards for HTTPS websites seem to have much stronger encryption than that. VPNs may have encryption upto a hundred times stronger than DOT’s limit. Many countries in the middle east have just outright banned VPNs, instead of setting ISP-level restrictions on encryption levels that are hardly enforcible. These rules seem to be more of an enabler of lawful interception than a concerted effort to keep levels of encryption on the Internet low, which is a ship that sailed long ago.

(A local ISP in Gujarat appears to have remarkably — and quite obviously co-incidentally — similar terms.)

Encryption in the Parliament

The DOT’s rules may be making WhatsApp technically illegal too. In 2015, a Rajya Sabha MP asked the Minister of Communications & IT Ravi Shankar Prasad if encrypted communications services threatened national security. In his response, Prasad acknowledged that even though data in transit between a user and their Internet provider was simple, decrypting it was, in many cases, impossible.

[Internet providers] are not able to decrypt some of encrypted intercepted communication to readable format as there are multifarious aspects involved in Security/Law Enforcement Agencies getting such encrypted communication in readable format such as technical, international relationship, legal and regulatory policy, commercial and security requirements etc.

In annother response on the same day to a question about the ill-fated Draft National Encryption Policy, which was a major privacy risk if implemented, Prasad said:

The Government fully respects the upholding of right to privacy of citizens and acknowledges the need for protection of private data against misuse. There is no intention by the Government to implement a policy breaching the right to privacy of citizens.

This is in spite of the fact that the 2007 guidelines place unworkable and insecure standards for encryption, and the government had previously insisted to the Supreme Court that citizens don’t have a right to privacy in the first place.

Advertisement. Scroll to continue reading.

UPDATE (06/07): YOU Broadband changed their terms of service after this article came out, to say that VPNs and encryption were permissible, but only upto 40 bits. This article and its headline have been updated to reflect that change. Hat-tip to Caleb Chen for flagging the change.

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.


This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.


It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...


Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ