You are right about the tor issue I was referring to (I would not call that a vulnerability, since it is that way by design). I guess I should have clarified, but I was trying to be as non technical as possible. I am not claiming that the tor exit node can tell who you are, but rather that they can watch everything you do while connected to tor (and using their exit node). Thus why you should minimize your exposure by using it only for activities that require some anonymity and assuming that someone is logging everything you do while you use tor and can see everything you can see unless you are accessing an ssl encrypted web site with a validated certificate.

With isurfproxy the ISP can see everything you do. It isn't an encrypted connection, thus everything you do through that proxy is sent in plaintext through your isp and can be easily looked at while in transit. They can see every last bit of information about where you went, what you looked at, what you posted, etc. Basically, they can see all the same things they could if you didn't use a proxy. Proxies are good for preventing the site you are visiting from telling who you are, they are worthless for hiding your activities from your isp. The reason they work for bypassing blacklists is because the firewalls that have these blacklists only look at the header of the packet, not the data. If the firewall looked at the data, it would spot the request to forward you on to a different ip and would be able to block you (this would require deep packet inspection http://en.wikipedia.org/wiki/Deep_packet_inspection).