Across all three terms, the Modi government has tried to position India as a global technology hub. The state’s strategy involves pursuing self-reliance or “Atma Nirbharta.”  The self-reliance strategy is being taken forward through a two-pronged approach — reducing the nation’s dependence on foreign technologies and nurturing domestic technology providers as alternatives. The Indian government believes that a self-reliant approach is necessary for shifting the country from being a service-oriented economy to a product-focused innovation hub. The pursuit of “digital sovereignty” – more accurately labelled economic nationalism in the tech sector – is also justified on the grounds of national security, user privacy, and data security.

A recent manifestation of this strategy was visible when the Ministry of Electronics and Information Technology (MeitY) announced the Indian Web Browser Development Challenge (IWBDC). The challenge was aimed at fostering the creation of indigenous web browsers. Web browsers serve as a critical interface between users and the network. Ashwini Vaishnaw, MeitY minister, believes that “the development of India’s own web browser marks the first significant step towards the creation of an entire Indian digital stack.” Three winners of the competition — Zoho Corporation’s Ulaa, Ping Browser, and Ajna’s Bharat Web Navigator — received the funding of  ~115,000 USD (₹1 crore),  ~86,000 USD (₹75 lakhs), and ~57,000 USD (₹50 lakhs), respectively.

Globally, developing indigenous web browsers has emerged as a notable trend amongst countries pursuing tech nationalism. The European Union, Russia, and Vietnam have actively participated in this trend.

Why are Nations Developing Indigenous Web Browsers?

With two-thirds of global users, the web browser market is dominated by Google Chrome, followed by Apple Safari (17%) and Microsoft Edge (5%). Google’s alleged monopoly in the online search market (which is not really a “market”) led the United States Justice Department to demand Google to divest the Chrome browser, although the link between browser ownership and its dominance in search is a very weak one. (Google pays other browsers to feature its search.) Chromium—the open-source browser engine of Chrome—serves as the foundation for many widely used web browsers. The Chromium source code is available on GitHub. Microsoft Edge, Meta’s Quest Browser, Amazon’s Silk, Brave, DuckDuckGo, and Opera, among others, rely on it. Mozilla Firefox’s Gecko and Apple Safari’s WebKit are the other key players in the browser engine market. Reflecting the concentration of venture capital and software engineering expertise in the U.S., developers in U.S.-based tech firms create most browsers.

The attempt to develop indigenous web browsers illustrates a geopolitical strategy to counter the dominance of US-based tech giants. But does the indigenous development of software do users any good, especially when the software is open source and can be used and modified by anyone, anywhere? Typical of the tech nationalist trend in the United States (e.g., the TikTok ban), governments cite national security and user data protection as primary motivations for developing their browsers. Some also cite the need to promote local languages and services.

In India, the development of indigenous web browsers was deemed essential by the state to ensure compliance with the Digital Personal Data Protection Act of 2023 (DPDP Act) and ensure that Indian citizens’ data remains within the country, reinforcing the Indian government’s control of its digital economy. To enforce this vision, MeitY mandated certain features specified by MeitY to be incorporated into the design of the browsers. These features included integrating a dedicated trust store with a Controller of Certifying Authorities (CCA) India Root certificate and digital signing within the browser for enhanced security, child-friendly browsing, parental controls, seamless compatibility with all official Indian languages, and Web3 support.

Do Indigenous Web Browsers Serve the Purpose?

Non-U.S. browsers such as Russia’s Yandex and Sputnik, China’s Sogou Explorer, 360 Secure Browser, QQ Browser, and UC Browser, South Korea’s Naver Whale, and Vietnam’s Cốc Cốc are all Chromium-based. North Korea’s Naenara uses Firefox’s Gecko. In India, Ping, the second runner-up of the IWBDC, has been found to have used code identical to that of Brave, a California-based open-source browser built on Chromium. The other two winners also developed their browsers using Chromium as the foundational framework.

This raises the question of whether tweaking foreign-based open-source codes can truly be classified as indigenous. Yet, even if these browsers are considered indigenous, they neither establish
“Self-reliance” nor do they necessarily enhance security or privacy.

The most important aspect of an India-government-funded browser is not the “nationality” of the code (a concept that doesn’t make a lot of sense in open-source contexts) but the way a browser’s producer controls the trust hierarchy for digital certificates. Digital certificates are used to authenticate the identity of websites and to enable encryption. Integrating the browser’s dedicated trust store with a CCA India Root certificate does provide an “indigenous” root certificate, but it does not necessarily resolve security issues or set high security standards. Many market players and users do not trust the government’s certifying authority. A security breach in 2014 exposed vulnerabilities when the National Informatics Commission (NIC), a government certifying authority of India, produced counterfeit digital certificates. As a result, major browsers like Google revoked trust in NIC’s certificates and subsequently excluded CCA India root certificates from their trusted root stores. Instead of mandating state-based trust features in alternative browsers, the state should focus on strengthening its certifying and security processes. Moreover, it highlights the state’s growing control, as private entities are compelled—through mandates—to comply with government standards and authorities without the power to question them.

Moreover, child-friendly browsing and parental controls under the DPDP Act are already facing industry-wide contestations from US-based big tech, Indian industry players, and civil societies. Given the lack of clarity in basic standards and guidelines, this mandate does not contribute meaningfully to innovation in indigenous browsers.

Way Forward for India

The practices conducted by the IWBDC’s winners highlight concerns about state resources being allocated for developing web browsers that are not only derivative but also potentially plagiarized. Such an approach risks redundancy in technological efforts and inefficient utilization of public resources under the pretext of capacity building.

The success of indigenous browsers will depend on end-user adoption. Will rebranding open-source projects as indigenous help spur adoption? Not if local users don’t trust the national certification authority and the browsers don’t do anything better than currently available versions. Some government authorities argue that India must move beyond mere production and prioritize design, research, and innovation. Instead of developing local browsers that are similar to the widely adopted ones, the focus should be on incorporating new features and offering better choices to users.

The post “Indigenous” Web Browsers in India: Who Benefits? appeared first on Internet Governance Project.