Where do people who publish "free proxies lists" get their proxies from?

Mostly the hackers will find the vulnerable proxies over the internet by running scanners to find servers lisitining to the web proxies common ports (8080,3128,8000) For the second part of the question normally any used public IP on the internet will have contact info for the IP owner and you can reach that information from whois.iana.org which will guide you on which site you will find more information related to the IP. You can contact the IP owner (which is normally ISP)

People who have a "free"* proxy service will give it to one of the lists, then in a few hours the other lists will have got the ip too because they copy eachother.

*Don't trust the free name, most of them use your data for "research" and/or change the content of websites you visit (maliciously or just replacing ads with their own.).

See : https://youtu.be/0QT4YJn7oVI

Like free VPNs, free proxies are usually something to avoid. Either they are published after someone has used them to card/hack from, or they are in use for that, to some extent. Of course, noone will ever suspect proxy operators of doing bad things, because how could they? There are many ways. Try installing squid, it's the best. See:

• http://www.hackinsight.org/news,182.html

• http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html?m=1

• https://media.blackhat.com/bh-us-12/Briefings/Alonso/BH_US_12_Alonso_Owning_Bad_Guys_Slides.pdf

TL;DR:

Proxy operators can gain browser persistence, and

• Steal cookies

• Set cookies

• Steal Local Shared Objects

• Steal stored passwords from FireFox

• Steal cached files

• Poison browser cache

• Steal files from the victim’s local file system through Internet Explorer

• Run SQL queries on the victim’s Google Gears database and transfer the results

• Create ResourceStore and Managed ResourceStore on the victim’s Google Gears LocalServer