Let's talk about that. I think you're quite wrong about Tor, since four servers are involved in every transaction and only the first has access to your IP address, while only the fourth has access to your destination address.

I think you may be thinking of the following well known vulnerability (from the Wikipedia article at *http://en.wikipedia.org/wiki/Tor_(anonymity_network):

"Eavesdropping by exit nodes
In September 2007, Dan Egerstad, a Swedish security consultant, revealed that by operating and monitoring Tor exit nodes he had intercepted usernames and passwords for a large number of email accounts.[15] As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption, e.g. SSL. While this does not inherently violate the anonymity of the source, it affords added opportunities for data interception by self-selected third parties, greatly increasing the risk of exposure of sensitive data by users who are careless or who mistake Tor's anonymity for security.[16]"

With this vulnerability, your identity is only revealed if it was included in the content or username of the email address. The username could in principle be used to trace your IP address IF your IP address was connected with your email. The only non-proxy IP address my emails have ever seen, though, was the one that was used when the account was first set up. That would have been a remotely situated cash internet place. I don't do anything illegal; I just like to be in control.

If I am wrong and you are thinking of some other problem, please point out where in the Wikipedia article the vulnerability is referred to, or, if it's not mentioned, amend the Wikipedia article to include it.


About isurfproxy, how will your ISP know where you went after you connected to isurfproxy? I don't know much about one-stage anonymous proxies and most of the articles on the web about proxy server seem to skip over the topic of what the ISP may be able to see. Usually they would just record the URL you connected to, which would be the proxy, but what can they see if they make an extra effort? I don't know. Perhaps you could elaborate. I know they can't block where you browse to with a proxy; they can only block the proxy. In Turkey and Iran, you can't even watch a youtube without using a proxy.