From charlesreid1

What Tor Is

Tor is a tool for anonymization. It anonymizes the origin of your traffic by passing it through multiple relays.

Tor uses three steps to anonymize the origin of traffic: first, the traffic is passed into a Tor entry node, which is randomly selected. It is then passed to a Tor bridge node, also randomly chosen. Finally, Tor passes the traffic to an exit node, which is where your traffic enters the "normal" web again.

This last step is where Tor ends. Tor does nothing to protect your traffic once it leaves the Tor exit node. The traffic is in the clear. At that point, Tor has served its purpose: the traffic's original source cannot be identified. But if you're sending your personal details inside of unencrypted traffic (like your email, or communications), your traffic will be sniffable from the Tor exit node. And the primary people with resources to run Tor exit nodes are state entities.

One hacker demonstrated this by sniffing emails and passwords from a Tor exit node.

What Tor Is Not

Tor is NOT an encryption tool - your traffic is not encrypted by Tor.

This is why sniffing traffic on Tor exit nodes reveals plain text emails and passwords - the traffic is in the clear.

Tor is NOT a content filter - it does not block cookies, Javascript, Flash, or any other nefarious elements in web pages that may be used to identify and track you.


Very good article explaining some of the things Tor does NOT hide:

How To Use Tor Correctly

Most importantly, understand how Tor works: if you don't understand it, you'll use it wrong.

When using Tor, don't use it alone. Use it with encryption (HTTPS Everywhere in Firefox) and with Privoxy or NoScript to protect you from nefarious web elements. You can be tracked by web ads, so AdBlock extensions are also a great idea.

Remember: the simple fact that you have traffic on port 9050 cannot be hidden (unless you're tunneling a connection through another port to another machine that's tunneling that port back through to Tor). If you're using Tor, your ISP will know, and therefore the government will know, but that's all they'll know.

Tor traffic can be monitored is definitely being monitored – not just by governments, but by malicious people looking for weaknesses to exploit.