If their encryption is indeed secure, it would ensure that anyone who can eavesdrop on your connection between you and their server will not be able to find out what you are doing. This is a very big if because they don't provide any details on their FAQ about what algorithms they are using and how they use them. Their FAQ only mentions "our proprietary technology" which is a yellow flag. A good cryptosystem isn't afraid of publishing their algorithms. When they try to hide it, it might be a sign that they are rolling their own crypto and then rely on security through obscurity because they don't trust it themselves.
However, there are a few other attack vectors.
Can you trust them? When you are visiting a website which uses http and not https, the connection between DynaWeb and the target website is unencrypted. That means DynaWeb is theoretically able to monitor your whole internet activity.
Even when the website uses https, DynaWeb still knows which webservers you connect to. They don't know the exact URLs and what you do there, though.
Someone could eavesdrop on DynaWeb's outbound connection. They might not be able to tell from which customer each connection originates, but when the data is unencrypted (http), they might be able to tell from the content of the transmission.
When an attacker can eavesdrop to both Dynaweb's outbound connection and your connection, the can perform a traffic correlation attack to find out what you are doing. Encryption can hide what your communication is about, but it can't hide when you communicate and how much.
- 546 encrypted bytes going from you to Dynaweb
- 12ms later 546 encrypted bytes going from DynaWeb to
https://extremelyillegalwebsite.example
- 145ms later 1152983 encrypted bytes comming back from
https://extremelyillegalwebsite.example to Dynaweb
- 13 ms later 1152983 encrypted bytes going from DynaWeb to you
What could you possible be doing?
