Understanding Tor Exit Node Risks

Understanding exit node risks requires knowing how Tor circuits work:

1. Entry node (guard): Knows your real IP address but cannot see what you're browsing. Encrypted traffic passes through.
2. Middle relay: Knows neither your IP nor your destination. Just passes encrypted traffic between entry and exit nodes.
3. Exit node: Decrypts the final layer of Tor encryption and sends your request to the destination website. Can see the content of your traffic if you're visiting HTTP (unencrypted) sites.

Key insight: Exit nodes only handle traffic going to regular (clearnet) websites. If you're visiting .onion sites, there is NO exit node — traffic is encrypted end-to-end between you and the onion service. This is a major security advantage of .onion sites.

Research has documented several types of exit node attacks:

• Traffic surveillance: Malicious exit node operators can monitor unencrypted traffic. A 2020 study found that up to 23% of Tor's exit capacity was controlled by a single malicious entity performing SSL stripping attacks.
• SSL stripping: Some malicious exits intercept HTTPS connections and downgrade them to HTTP, allowing them to read the traffic in plaintext. Modern browsers warn about this, but users may click through warnings.
• Content injection: Exit nodes can modify unencrypted traffic, injecting malware, ads, or tracking code into web pages.
• Cryptocurrency theft: Some exit nodes specifically target cryptocurrency transactions by replacing wallet addresses in unencrypted pages.
• DNS manipulation: Exit nodes handle DNS resolution for clearnet traffic and can redirect you to phishing sites.

These attacks only work on unencrypted (HTTP) traffic. HTTPS and .onion sites are not vulnerable to exit node surveillance.

Follow these practices to eliminate or minimize exit node risks:

1. Always use HTTPS: Tor Browser includes HTTPS-Only Mode by default. Keep it enabled. HTTPS encrypts traffic between the exit node and the website, preventing surveillance.
2. Prefer .onion sites: When available, use the .onion version of websites. DuckDuckGo (duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion), ProtonMail (protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion), NYT, BBC — these use end-to-end encryption with no exit node.
3. Never enter credentials on HTTP sites: If a site doesn't have HTTPS, do not enter passwords, credit card numbers, or any personal information.
4. Verify SSL certificates: If you get certificate warnings while using Tor, do NOT proceed. This may indicate an SSL stripping attack.
5. Use end-to-end encrypted services: For communication, use PGP encryption, Signal, or ProtonMail — exit nodes cannot read end-to-end encrypted content.

The most effective way to eliminate exit node risks for your users is to host your service as a .onion hidden service. Traffic between Tor users and .onion sites never touches an exit node — it's encrypted end-to-end.

AnubizHost provides .onion hosting that eliminates exit node risks:

• Pre-configured v3 .onion addresses — all traffic is end-to-end encrypted, no exit nodes involved
• Offshore servers in Iceland, Romania, and Finland
• Full root access to deploy any application with onion service integration
• Bitcoin, Monero, and crypto payments — no KYC required
• DDoS protection for your .onion services