Our chem teacher let us do whatever we wanted with whatever chemicals he could get for an end-of-the-year project. Naturally everyone wants to do something explosive. So we all go to the computers and enter proxies to circumvent Bess, our school's filtering software, since we don't think it would appreciate. Anyway, the next day, we find that our teacher was reamed out because the Board found out that one of our students was looking at a site called "The Terrorist's Handbook" in search of high explosives. We found out he was using Google's cache to bypass the filter. My question is, how come the same thing doesn't happen when we use real proxies? The URL is still in the HTTP request when you use a proxy, the only major difference is where you send the request. Since all internet traffic goes through first the school server and then the Board of Ed, we're still going through the filter and logger when we use proxies. So why did my friend get busted while everyone else didn't?

If you use Google to look at a cached page that has images, the page fetches the images from the original site unless you use the proper voodoo [1] to tell Google not to fetch the images at all. So if they had the site flagged, they probably noticed your friend's image URLs being fetched directly, while yours were being done indirectly (you're sending a connect request to the proxy, and from there, you're fetching the web page). Their traffic inspector may not be looking at the content of all packets, just the initial URL being fetched.

[1] If you copy the URL of the cached Google page from the search and paste it into a new window, and append "&strip=1" (no quotes) to it, Google gives you the cached page without images.