If your ISP utilizes a transparent proxy it will usually attach a "Client-ip: x.x.x.x" field to all outgoing HTTP requests. The problem arises from the fact that Anonymizer will copy this field to its own HTTP request. Actually, it will pass along any field sent with your request, which makes sense for "Accept-..." and similar commands, but is obviously a bad idea for anything containing personal information.
So beware if you trust this service and there is an unknown proxy somewhere along the wire. Please note this experience was with Anonymizer.com's free service; it is unclear whether the paid service also suffers from this vulnerability.
How to check for this vulnerability:
Launch netcat on your port 80 (nc -l -p 80), telnet to www.anonymiser.com on port 80 and request your address:
[~]$ telnet www.anonymiser.com 80
Trying 168.143.112.10...
Connected to www.anonymiser.com.
Escape character is '^]'. GET http://your.ip.goes.here HTTP/1.0
Foo-bar: it hurts
Netcat should spit this:
[~]# nc -l -p 80
GET / HTTP/1.0
Host: your.ip.goes.here
Foo-bar: it hurts
Connection: Keep-Alive
If Foo-bar is there, your Client-ip can also be there.
Solution:
This problem was fixed by the vendor.
The current version of the service is no longer vulnerable.