wordpress blog stats
Connect with us

Hi, what are you looking for?

UPDATE: YOU Broadband’s terms of service prohibit VPNs with powerful encryption

YOU Broadband, India’s fifth largest wireline Internet provider, has prohibited VPNs with powerful encryption in its fine print. A previous version of this was first pointed out by a user on reddit. This is what it said:

The Customer shall not take any steps including adopting any encryption system that prevents or in any way hinders the Company from maintaining a log of the Customer or maintaining or having access to copies of all packages/data originating from the Customer.

UPDATE (06/07): YOU Broadband has changed that condition after this story came out, to narrowly address VPNs and encryption:

The Customer may use VPN and encryption up to the bit length permitted by the Department of Telecommunications.

A large portion of content on the Internet is served encrypted these days, with many sites being served over secure HTTPS connections. This makes the content of those webpages completely unreadable to ISPs. On the other hand, Virtual Private Networks, or VPNs, serve data through a different location often through a completely encrypted tunnel, using upto 4096 bits of encryption, or more. 40 bits of encryption, which is the DOT’s limit, can be broken in a few hours.

Advertisement. Scroll to continue reading.

You Broadband accounts for 0.63 million of India’s startlingly low 18.25 million wireline broadband connections.

Where have these terms come from?

YOU Broadband’s terms seem to exist because of guidelines issued in 2007 by the Department of Telecommunications in 2007, prohibiting users from using encryption of more than 40 bits. Interestingly, most standards for HTTPS websites seem to have much stronger encryption than that. VPNs may have encryption upto a hundred times stronger than DOT’s limit. Many countries in the middle east have just outright banned VPNs, instead of setting ISP-level restrictions on encryption levels that are hardly enforcible. These rules seem to be more of an enabler of lawful interception than a concerted effort to keep levels of encryption on the Internet low, which is a ship that sailed long ago.

(A local ISP in Gujarat appears to have remarkably — and quite obviously co-incidentally — similar terms.)

Encryption in the Parliament

The DOT’s rules may be making WhatsApp technically illegal too. In 2015, a Rajya Sabha MP asked the Minister of Communications & IT Ravi Shankar Prasad if encrypted communications services threatened national security. In his response, Prasad acknowledged that even though data in transit between a user and their Internet provider was simple, decrypting it was, in many cases, impossible.

[Internet providers] are not able to decrypt some of encrypted intercepted communication to readable format as there are multifarious aspects involved in Security/Law Enforcement Agencies getting such encrypted communication in readable format such as technical, international relationship, legal and regulatory policy, commercial and security requirements etc.

In annother response on the same day to a question about the ill-fated Draft National Encryption Policy, which was a major privacy risk if implemented, Prasad said:

The Government fully respects the upholding of right to privacy of citizens and acknowledges the need for protection of private data against misuse. There is no intention by the Government to implement a policy breaching the right to privacy of citizens.

This is in spite of the fact that the 2007 guidelines place unworkable and insecure standards for encryption, and the government had previously insisted to the Supreme Court that citizens don’t have a right to privacy in the first place.

Advertisement. Scroll to continue reading.

UPDATE (06/07): YOU Broadband changed their terms of service after this article came out, to say that VPNs and encryption were permissible, but only upto 40 bits. This article and its headline have been updated to reflect that change. Hat-tip to Caleb Chen for flagging the change.

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Find out how people’s health data is understood to have value and who can benefit from that value.


The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ