LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Why are Exit Nodes the weakest point of Tor, and what can a malicious one see?

At the exit node the last layer of encryption is removed, so a malicious exit can read any traffic that isn't independently encrypted (e.g. non-HTTPS sites) — including credentials.

The exit node is where traffic re-enters the open Internet, so the final Tor encryption layer is stripped there. A bad exit node can therefore see:

  • All unencrypted traffic to sites without HTTPS
  • Usernames and passwords sent over unencrypted connections
  • The content of e-mails, chat messages, and form submissions
  • Which websites were visited and their contents

Alarming statistic (2021): over 25% of Tor exit relays were caught spying on or manipulating traffic — showing how vital end-to-end encryption (HTTPS) is on top of Tor.

Tip: Tor hides who you are, not what you send at the exit. Always use HTTPS — Tor + HTTPS means even a malicious exit sees only encrypted bytes.

Go deeper:

From Quiz: PRIVACY / Anonymous Surfing, Tor & Location Tracking | Updated: Jul 05, 2026