Consequently, Myanmar people turned to virtual private networks (VPNs) as a way to circumvent the censorship. VPNs provide an encrypted route such that a user in Myanmar would be recognised as accessing the internet from another country. A meme equating Burmese identity with 20 VPN applications illustrated the popularity of VPNs among Myanmar people.
While that number is said in jest, the real-world figure is still likely to be high. Digital rights activists estimate that Myanmar citizens have an average of five VPN applications installed on their phones. Between late May and early June this year, experts and cyber analysts started to observe that the SAC has been actively blocking access to VPNs.
At the end of May, the Ministry of Transport and Communications ordered a nationwide ban on access to Facebook, Instagram, X, WhatsApp and VPN services, according to news reports from Voice of America. This crackdown is one of the extrajudicial executions of the Cybersecurity Law drafted in 2022 by the junta, which was never fully enacted. On the ground, security forces have been randomly checking, searching and even arresting people for having VPNs on their phones.
However, despite the physical harassment and the blatant violation of people’s freedom of speech and opinion, and right to information, it is hard to imagine that the junta’s attempt to ban VPN services will stop people from utilising the tool to stay connected online. Indeed, the VPN ban is likely to push people, desperately seeking information or social connection, towards alternatives even from obscured sources which would expose them to even more cyber threats. Local experts shared anonymously with this author that they had detected a spike in phishing links being advertised as links for various new and free VPN services.
The use of phishing tactics – which deceive people into allowing private data to be compromised or stolen – is not uncommon in post-coup Myanmar. Anti-junta activists and high-profile political figures have regularly been targeted by phishing attacks through Telegram, or even directly to their email inbox. These phishing attempts usually aim to gain unauthorised access to the targets’ accounts and on-device files, compromising their digital security.
Now that there seems to be a trend of phishing targeted at general citizens, the impact can be more widespread. “The beauty of phishing and, really, any cyberattack, is that it’s really difficult to identify the perpetrator. Combining it with the lack of awareness of data hygiene in Myanmar, then you have a perfect environment for cybercriminals to operate,” said a digital activist in an interview with this author.
09:33 Myanmar’s military government lost direct control over 86% of its territory after months of fighting The impact of the citizen-wide ban on VPNs, websites, and social media platforms is difficult to quantify, and exposure to phishing is one of many emerging threats that people are facing daily in Myanmar. However, it is imperative to note that, unlike some high-profile political activists and civil society organisations who can afford to tighten their cybersecurity measures through various means, citizens largely remain unprotected from – and possibly unaware of – bad actors in cyberspace. The desperate need for access to information and online modes of communication, combined with low digital literacy, makes whistle-blowing a challenge.
For example, a post shared on a Facebook page called Free VPN in Myanmar flagged the risks of free VPNs. Unfortunately, it was overshadowed by more posts advertising free and paid VPNs that are still working in Myanmar. In the end, there seems to be no viable solution to the issue of digital rights without addressing the bigger issue of how the Myanmar junta has repeatedly violated the rights and freedoms of the people since it has taken over the country.
This may require a collective and comprehensive effort from the international community to apply pressure on the regime..
