But forks of Anonymox still exist on obscure Chrome extension mirrors. Some have removed the tracking; others have added worse.
Better yet — go check. Most extensions are just a Ctrl+U away. Want to analyze an extension yourself? Use web-ext from Mozilla or download the CRX file and unzip it. Your privacy is worth the few extra minutes.
function collectTelemetry() { let data = { urls: window.performance.getEntriesByType('navigation').map(n => n.name), referrer: document.referrer, user_agent: navigator.userAgent, extension_id: chrome.runtime.id, install_date: localStorage.getItem('install_date') }; fetch('https://stats.anonymox.net/collect', { method: 'POST', body: JSON.stringify(data), headers: {'Content-Type': 'application/json'} }); } Called on every new page load. Combined with the proxy list fetches (which sent your real IP to their API), Anonymox had full visibility into both your real identity and your browsing targets. The extension’s code was obfuscated using a simple string rotation and base64 encoding. Here’s an example from the actual source:
No validation of proxies. The extension blindly trusted any IP and port from the remote server. 3. The Malware Vector: Hidden in Plain Sight The most shocking part of the Anonymox code was not the proxy logic—it was the update mechanism .
So next time you install a “free anonymizer” extension, ask yourself: What would the Anonymox source code look like if I could see it?
// From anonymox/background/proxy-manager.js (circa 2017) let proxyList = []; function fetchProxyList() { fetch('https://api.anonymox.net/get_proxies') .then(res => res.json()) .then(data => { proxyList = data.proxies; // [{host, port, type, country}] setNextProxy(); }); }