Anonymizers protect your identity for normal surfing, but have the following limitations:
- HTTPS. Anonymizers cannot process secure protocols like “https:” since your browser needs to directly access the site to maintain the secure encryption.
- Plugins. If you access a site with an anonymizer that invokes a third-party plugin, then you can’t be assured that the program won’t establish independent direct connections from your computer to the remote site that are not anonymized. Widely used, standard programs can usually be trusted.
- Logs. All anonymizer sites claim that they don’t keep a log of your requests. Some sites, such as the Anonymizer, keep a log of the addresses accessed, but don’t keep a log of the connection between accessed addresses and users logged in.
- Java. Any Java applications that you access through an anonymizer will not be able to bypass the Java security wall and access your name, email address, or file system. Some services have stated that Java security is not compromised “if you use the URL-based anonymizer”, but that it might be “if you use the anonymizer as a regular proxy”.
- Active X. Presumably safe, authorized Active X applications are certified with a certificate number. Active-X applications have almost unlimited access to your computer system, and once downloaded by a website they bypass the anonymizer completely. They can access and reveal your name and email address, and can access your file system to perform file creations, reads, and deletions. Your only protection with Active-X is traceability — if a program maliciously causes damage to your system you can track the author down through the certificate registration system.
- JavaScript. Under most browsers the JavaScript scripting language should be secure and cannot reveal data or perform destructive acts to your computer system. Some services such as the Anonymizer state that there may be a security problem “if you use the URL-based anonymizer, so the URL-based anonymizer disables all JavaScript”, and that “If you use the anonymizer as a regular proxy, then JavaScript is safe and is left enabled.”