The pair have announced they will shut down VPN servers located in Hong Kong for fear that hardware could be confiscated by Chinese law enforcement under the new rules, jeopardizing their ability to protect customers.
It is feared that ambiguity in the wording of the new national law will afford the Chinese state the blanket power to crack down on the internet activity of Hong Kong citizens, whether subversive or not, and to force ISPs to surrender user data.
Yet the policies codified by new laws in Hong Kong should not come as a surprise to most of the world’s internet users. Warrantless seizures and interception of communications already take place in many jurisdictions, including the US and the UK.
Since the new laws were announced, many Hong Kong-based internet users have turned to VPN services as a means of evading the prying eyes of the Chinese state, while others scramble to erase any digital footprint that might implicate them.
Hong Kong VPNs
While neither TunnelBear nor Private Internet Access collects information about their users’ browsing activity, both are concerned about the possibility the Chinese state might confiscate and meddle with technical infrastructure.
The new rules would reportedly allow local law enforcement to requisition VPN servers without the need for an official warrant.
“We have a responsibility to our users to make sure our technical ecosystem is safe from interference,” explained TunnelBear in a tweet.
Private Internet Access, meanwhile, described the new security laws as “foisted by fiat on Hong Kong” and a “[danger] to the privacy of our users and all Hong Kong residents” in its latest blog post.
Despite the shutdown of servers located in Hong Kong, residents of the city-state will still be able to access both providers’ services.
Private Internet Access is working on providing a new Hong Kong exit gateway, with supporting servers located in nearby territories, while TunnelBear is doubling down on its presence in Singapore and Japan to compensate.
For now, other popular services – such as NordVPN – will continue to operate VPN servers in Hong Kong, but the situation is ever evolving and it is possible these two early exits might prompt a mass exodus moving forward.
A spokesperson for ExpressVPN added in a statement that “We are concerned about the situation in Hong Kong and are closely assessing the impact of the new laws. However, as our VPN servers are already specifically architected not to contain personal or sensitive data on customers, we do not currently have plans to remove Hong Kong as a server location option for users. To mitigate against the risk of server seizure or tampering, we’ve developed security technologies like TrustedServer. Built in-house, TrustedServer ensures our VPN servers run in RAM only. As a result, no data (including certificates or credentials) can persist after a system is powered down, such as when it is physically removed from a data center. Our customers’ protection is the very reason we exist, and we continue to study these issues, improve our security, and take any necessary actions to protect our users’ data privacy. ”
SurfShark, another popular VPN provider, told TechRadar that “We are closely monitoring the current situation in Hong Kong and are ready to adjust our operations based on how it will develop. However, currently, we’re not planning on shutting down our VPN servers located there as we have not received any notices or warrants from local providers. However, if Surfshark received requirements from authorities to start logging user activity, we would immediately shut down our VPN servers located in Hong Kong.”
It remains to be seen whether VPN providers giving up servers in Hong Kong will conduct a full audit of other jurisdictions where they have infrastructure, with an eye towards ending service from other jurisdictions deemed to be risky.
social experiment by Livio Acerbo #greengroundit #techradar https://www.techradar.com/news/vpn-companies-flee-hong-kong-over-new-china-security-laws