On a blog post, Haschek says that he analyzed 443 top free proxies (of which 199 are available as online services), and found a mere 21 percent of them to be “not shady.” In his study, Haschek notes that 33 proxy servers modified static HTML pages to inject ads. In simpler words, say you visit TechPP.com using any such proxy, you won’t see the ads official admins of TechPP had put on the website, but you will see ads that are injected by those proxy services. He flagged proxies that inject codes as “definitely bad adware.” Furthermore, 17 of the 199 proxies modified JavaScript, probably to inject ads. For the average Joe, that might not seem scary. But this next part definitely will. Haschek notes that 157 of the top free online proxies don’t have HTTPS enabled on their site. The lack of HTTPS means two things: the website isn’t encrypted and secure, and two: all the websites you visited using that proxy website can be easily intercepted. The site admins or any third-party intruder — including your ISP — can easily find the websites you visited, and if you logged-in to any website using those proxies, fraudsters could steal your credentials as well. The lack of HTTPS connection allows the traffic to be analyzed, and facilitates man-in-the-middle attacks. “It’s okay to assume that if you are using a proxy and it’s allowing HTTPS traffic, you are safe,” Haschek told Technology Personalized in a statement.
Unfortunately, he hasn’t listed out exactly which proxy did he test, but assures that he has checked all the top ones (presumably the proxies that appear on top of search results). Hascheck told us that some of the proxy sites he tested include free-proxy-list.net and us-proxy.org, which are indeed very popular.
Our intention isn’t to scare you off, but it is to warn you about the things that could be — many of which are evidently underway — happening behind the curtain. A proxy website you use could technically inject a JavaScript to steal your information. We don’t know for sure if that’s happening, but it’s not absurd to think of such possibilities. So what can be done? You can, of course, use a paid service which is more reliable. Or you could use Tor, which isn’t perfect either, but is unarguably the most reliable tool you have available for free.