If you\u2019re a VPN subscriber and have ever wondered just how secure the supposedly encrypted pipe that you\u2019re using through the internet is \u2014\u00a0and whether the anonymity promise made by the VPN provider is indeed protecting your privacy\u2014\u00a0well, your hunches may be correct. It turns out several of these connections are not secure.\nAcademics say they\u2019ve discovered a whopping 13 programming errors in 61 separate VPN systems tested recently. The configuration bungles \u201callowed Internet traffic to travel outside the encrypted connection,\u201d the researchers say.\nThe independent research group, made up of computer scientists from UC San Diego, UC Berkeley, University of Illinois at Chicago, and\u00a0Spain\u2019s Madrid Institute of Advanced Studies (IMDEA) with International Computer Science Institute, write in the Conversation this month, some of which is redistributed by Homeland Security Newswire, that six of 200 VPN services also scandalously monitored user traffic. That\u2019s more serious than unintended leaks, the team explains \u2014 users trust providers not to snoop. The point of a VPN is to be private and not get monitored. VPN use ranges from companies protecting commercial secrets on public Wi-Fi to dissidents.\n\nSome botches are actually \u201cdefeating the purpose of using a\u00a0VPN\u00a0and leaving the user\u2019s online activity exposed to outside spies and\u00a0observers,\u201d the researchers say.\nOther problems the team discovered include that some VPNs allegedly lie about the server locations. \u201cWe found some VPNs that claim to have large numbers of diverse Internet connections really only have a few servers clustered in a couple of countries,\u201d the researchers wrote. They say they found at least six VPNs faking routings through certain countries when they were actually going through others. That possibly creates potential legal issues for the user, depending on local laws.\nOther trouble areas included privacy policies. Fifty of the 200 VPN providers that were tested had no privacy policies published on their websites at all, the group says.\nThe main problem, however, isn\u2019t the coding foul-ups or monitoring by providers. It\u2019s that the end users aren\u2019t sophisticated enough to determine if the product they\u2019re using is wonky. They don\u2019t have the technical skill, and there aren\u2019t any standardized accountability provisions in place for any kind of meaningful analysis of the vendors \u2014 other than the privacy rhetoric on the companies\u2019 websites. If the users knew of a problem, they could simply change vendor.\nSolutions to the VPN security problem: create your own VPN server, government regulation\nThe group is trying to deal with the issue. One angle they\u2019re using is to advise VPN users to create their own VPN servers \u2014 not difficult, apparently.\nAnother strategy they're trying is to get the government to regulate the VPN industry. Some of the group filed public comment with the U.S. Government\u2019s Federal Trade Commission (FTC), stating that they think the $15 billion VPN industry has problems (pdf). \u201cThe reality is the VPN ecosystem is highly opaque,\u201d they write in their study (pdf). There are no tools, audits, or generally available independent research available for users, they explain. And the FTC needs to sort that out.\nThe whole problem is exacerbated by VPNs using affiliate program-supported review sites for publicity, the filing says. The group says that\u2019s not impartial enough, making it hard to sort the good providers from bad.