If you’re a VPN subscriber and have ever wondered just how secure the supposedly encrypted pipe that you’re using through the internet is — and whether the anonymity promise made by the VPN provider is indeed protecting your privacy— well, your hunches may be correct. It turns out several of these connections are not secure.
Academics say they’ve discovered a whopping 13 programming errors in 61 separate VPN systems tested recently. The configuration bungles “allowed Internet traffic to travel outside the encrypted connection,” the researchers say.
The independent research group, made up of computer scientists from UC San Diego, UC Berkeley, University of Illinois at Chicago, and Spain’s Madrid Institute of Advanced Studies (IMDEA) with International Computer Science Institute, write in the Conversation this month, some of which is redistributed by Homeland Security Newswire, that six of 200 VPN services also scandalously monitored user traffic. That’s more serious than unintended leaks, the team explains — users trust providers not to snoop. The point of a VPN is to be private and not get monitored. VPN use ranges from companies protecting commercial secrets on public Wi-Fi to dissidents.