On February 24, 2026, India’s government issued a blocking order under Section 69A of the Information Technology Act, requiring ISPs to block access to Supabase.co—disrupting the platform’s fourth-largest market. The government provided NO public explanation. Indian developers report broken production apps, zero new user sign-ups for days, and failed authentication as Supabase’s $2 billion open-source backend becomes inaccessible. While Supabase tagged India’s IT Minister on X asking for intervention (later deleted), the blocking persists six days later with no resolution, timeline, or transparency.
What Is Supabase and Why This Matters
Supabase is an open-source backend-as-a-service platform built on PostgreSQL, marketed as “the open-source Firebase alternative.” Founded in Y Combinator’s S20 batch, Supabase hit Hacker News front page twice in 2020, growing from 80 to 800 users overnight. It has since grown to a $2 billion valuation and serves thousands of developers with real-time databases, authentication, storage, and serverless functions.
India was Supabase’s fourth-largest market globally—9% of total traffic with 365,000 monthly visits, growing at 179% (compared to the U.S. at 627,000 visits, +168% growth). The February 24 blocking order disrupted this entire market, affecting production applications, startups, and developer workflows across Jio (450M+ subscribers), Airtel (380M+ subscribers), and ACT Fibernet networks.
Production Apps Broken, Workarounds Don’t Scale
The impact is immediate and severe. Indian founders report zero new user sign-ups for two to three days. Technology consultants say they’re unable to reliably access Supabase for both development and production purposes. Apps built on Supabase backend fail for authentication, database calls time out, and real-time subscriptions stop working—all without warning or explanation.
ISPs implement the block using DNS poisoning, redirecting *.supabase.co to sinkhole IPs. A developer on GitHub Issue #43142 explains: “Jio appears to be DNS-poisoning *.supabase.co to a sinkhole IP. This silently breaks any production app using Supabase for users on Jio broadband or Jio mobile data.” The main website (supabase.com) loads fine, but the developer infrastructure (*.supabase.co) remains blocked, creating confusion.
Suggested workarounds—VPNs, switching DNS to Cloudflare (1.1.1.1) or Google (8.8.8.8), or using community-built proxies like JioBase—only help developers access Supabase for development. They don’t fix production apps for end users on default ISP settings. You can’t ask customers to change DNS or install VPNs. Production apps remain broken.
Enforcement is patchy. Developers in Bengaluru on ACT Fibernet report access, while New Delhi users across Jio, Airtel, and ACT remain blocked. This inconsistency adds to the confusion: developers can’t reliably know if their users are affected without regional testing.
Section 69A: Secret Censorship Without Transparency
Section 69A of India’s IT Act grants the government power to block content for “sovereignty, defence, security of State, friendly relations, or public order.” The law itself isn’t inherently problematic. The process is.
Rule 16 of the blocking rules mandates confidentiality of all blocking orders. Victims are NOT notified. They receive NO explanation. They have NO opportunity to contest the decision. Legal analysts call this “phantom constitutionality”—a law that enables censorship without accountability, violating principles of natural justice by denying affected parties the right to know why they’re blocked or challenge the order.
The government did not provide a public explanation for blocking Supabase—not cybersecurity, not copyright complaints, nothing. It’s unclear whether the move relates to a security concern, a legal complaint, or something else entirely. Supabase tagged India’s IT Minister Ashwini Vaishnaw on X, asking for intervention. The post was later deleted. There has been no official response.
This isn’t new. In July 2025, India suspended over 2,000 X (Twitter) accounts, including Reuters, under Section 69A. The accounts were restored after mass criticism. In 2023, GitHub’s raw.githubusercontent was partially blocked via SNI-sniffing under a court order. In 2014, GitHub itself was briefly blocked during a security probe. The pattern is clear: Section 69A enables blocking without transparency, and affected platforms have limited recourse.
Chilling Effect: No Developer Platform Is Safe
If a Y Combinator-backed, $2 billion platform serving 365,000 monthly Indian users can be silently blocked without explanation, no developer platform is safe. As one Hacker News commenter put it: “This whole blocking is creating a chilling effect on using any developer platform in India. If Supabase can be blocked without explanation, what about GitHub? npm? Docker Hub?”
The precedent exists. GitHub has been blocked twice (2014, 2023). X/Twitter saw mass account suspensions in 2025. Now Supabase in 2026. No platform has immunity—the government can block at will under Section 69A. Developers building on ANY platform in India face this risk.
This creates impossible planning scenarios. How do you choose a platform when any platform can be blocked without warning or explanation? How do you comply with regulations when blocking orders are secret? The lack of transparency isn’t just inconvenient—it fundamentally undermines trust in developer infrastructure.
What Happens Next: No Timeline, No Resolution
As of March 2, 2026—six days after the blocking order—access remains blocked. Supabase’s status page acknowledges “the difficulties this is causing for users there” and says they’re “following up through all available channels to resolve this issue.” The language is vague. No timeline. No specifics. No indication of progress.
The government hasn’t commented. It’s unknown how long restrictions will last. TechCrunch reports: “It is not clear whether the matter concerns cybersecurity, copyright complaints, or other issues. It is also unknown how long the restrictions will last.” Developers are left choosing between waiting indefinitely, implementing workarounds that don’t help end users, or migrating to alternatives.
Alternatives exist. Firebase (Google-backed) offers similar services but uses NoSQL instead of SQL and doesn’t allow self-hosting. Appwrite provides an open-source, self-hosted option with strong mobile SDK support. Nhost pairs PostgreSQL with Hasura for instant GraphQL APIs. PocketBase offers a lightweight SQLite-based solution for smaller projects. Self-hosting Supabase on Indian infrastructure (AWS Mumbai, Azure India, Google Cloud Mumbai) provides control but adds DevOps overhead.
Community solutions emerged. JioBase.com routes Supabase API traffic through Cloudflare’s edge network, providing a managed proxy with one-line integration. It’s a workaround, not a fix—it adds latency, creates a single point of failure, and depends on a third-party service. But for developers desperate to keep production apps running, it’s an option.
Key Takeaways
- India blocked Supabase on February 24 under Section 69A with NO public explanation, disrupting 9% of global traffic (365,000 monthly visits, +179% growth)
- Production apps remain broken for Indian users—workarounds (VPN, DNS changes, proxies) help developers but don’t scale to end users on default ISP settings
- Section 69A enables secret blocking orders: victims receive no notification, no reason, and no opportunity to contest—legal analysts call it censorship without accountability
- Chilling effect on ALL developer platforms in India: if a $2B YC-backed platform serving 365k users can be silently blocked, GitHub, npm, and Docker Hub face the same risk
- Still blocked as of March 2 with no government response or timeline—developers choosing between waiting indefinitely, implementing incomplete workarounds, or migrating to Firebase, Appwrite, Nhost, or self-hosted solutions
