It depends what you mean by "knows" and "proof".
You're right that an analyst will not be able to be prove with absolute certainty that you sent the coins to address 3, because it is possible, consistent with the blockchain evidence, that address 2 belongs to some third party.
But in the real world, people and organizations don't need absolute certainty to take action. They have lower standards, like "proof beyond a reasonable doubt", "probable cause", "reasonable suspicion", etc. It's entirely possible that a detective / jury / president / mob boss would consider this sequence of transactions to be sufficient evidence for an arrest / conviction / drone strike / vicious beating. That's particularly true if there is other evidence linking you to the owner of address 3.
So in evaluating whether a system or protocol has enough anonymity for your purposes, you have to ask yourself who you are trying to stay anonymous from, what consequences you are trying to avoid, and what level of evidence you think your adversary would need in order to proceed against you. Maybe a single extra transfer is enough anonymity for you. Maybe a mixer would be needed. Maybe even that isn't good enough. It all depends. These questions don't have straightforward yes-or-no technical answers.
It's like asking whether a system is "secure". It depends who your adversary is and what their capabilities are. It might be secure enough for some people, and not for others.