Quiz Entry - updated: 2026.07.05
Why are Exit Nodes the weakest point of Tor, and what can a malicious one see?
At the exit node the last layer of encryption is removed, so a malicious exit can read any traffic that isn't independently encrypted (e.g. non-HTTPS sites) — including credentials.
The exit node is where traffic re-enters the open Internet, so the final Tor encryption layer is stripped there. A bad exit node can therefore see:
- All unencrypted traffic to sites without HTTPS
- Usernames and passwords sent over unencrypted connections
- The content of e-mails, chat messages, and form submissions
- Which websites were visited and their contents
Alarming statistic (2021): over 25% of Tor exit relays were caught spying on or manipulating traffic — showing how vital end-to-end encryption (HTTPS) is on top of Tor.
Tip: Tor hides who you are, not what you send at the exit. Always use HTTPS — Tor + HTTPS means even a malicious exit sees only encrypted bytes.
Go deeper:
Onion routing — Weaknesses (Wikipedia) — exit-node eavesdropping and why end-to-end encryption is still required.