Let us say that I want to access some sites blocked by the authority for any reason what-so-ever.
I understand that these sites can be accessed, sometimes with limited functionality, using anonymous proxies. But when you access sites like Google Sites, you need to provide your user name and password. Sometimes to upload your files, sometimes for read access only.
When I login to a site directly, my user name and password are sent encrypted over the network provided I access an https site. However, when I login via proxy, my user name and password may be sent encrypted to the proxy site over the network, but the proxy site will have to submit it on my behalf and so it will have them in hand in clear text.
This is where I start feeling unsafe. Can the proxy site owner use my user name and password for unfair purposes?
Please point out whether my conjecture is incorrect.
Any tips or suggestions will also be welcome.
Best Answer
If you can generate an end-to-end session then you gain security through the proxy not being able to intercept your communications, but if your session terminates at the proxy and they connect on your behalf to the website, the proxy owner could do whatever they want with that information.
This is why sites which require higher security (eg online banking) try to set up an SSL connection from the server to your desktop - and do their best to detect or prevent MITM attacks.
If you don't control the proxy, you need to work out how much you can trust it - and this will depend on the value of what you are protecting.
We have a lot of questions on this subject on Security Stack Exchange - come on over for some guidance.