The old adage goes that if you’re not paying for a product, then you — the consumer — are the product. It couldn’t be more true about most of the services we use on the web today. For companies like Google and Facebook, which offer their services for free, we are a product entity for them. A recent example comes from developer Christian Haschek who claims that a vast majority of proxies we use on the web to mask our identity and access geographically locked content are “shady.”

proxy website

On a blog post, Haschek says that he analyzed 443 top free proxies (of which 199 are available as online services), and found a mere 21 percent of them to be “not shady.” In his study, Haschek notes that 33 proxy servers modified static HTML pages to inject ads. In simpler words, say you visit using any such proxy, you won’t see the ads official admins of TechPP had put on the website, but you will see ads that are injected by those proxy services. He flagged proxies that inject codes as “definitely bad adware.” Furthermore, 17 of the 199 proxies modified JavaScript, probably to inject ads.

For the average Joe, that might not seem scary. But this next part definitely will. Haschek notes that 157 of the top free online proxies don’t have HTTPS enabled on their site. The lack of HTTPS means two things: the website isn’t encrypted and secure, and two: all the websites you visited using that proxy website can be easily intercepted. The site admins or any third-party intruder — including your ISP — can easily find the websites you visited, and if you logged-in to any website using those proxies, fraudsters could steal your credentials as well.

The lack of HTTPS connection allows the traffic to be analyzed, and facilitates man-in-the-middle attacks. “It’s okay to assume that if you are using a proxy and it’s allowing HTTPS traffic, you are safe,” Haschek told Technology Personalized in a statement.

Unfortunately, he hasn’t listed out exactly which proxy did he test, but assures that he has checked all the top ones (presumably the proxies that appear on top of search results). Hascheck told us that some of the proxy sites he tested include and, which are indeed very popular.

an example of proxy hack

Our intention isn’t to scare you off, but it is to warn you about the things that could be — many of which are evidently underway — happening behind the curtain. A proxy website you use could technically inject a JavaScript to steal your information. We don’t know for sure if that’s happening, but it’s not absurd to think of such possibilities.

So what can be done? You can, of course, use a paid service which is more reliable. Or you could use Tor, which isn’t perfect either, but is unarguably the most reliable tool you have available for free.

Was this article helpful?