If an attacker can decrypt your connection, he can read the data. He doesn't need to know your exit node. That is much harder to do with a Tor circuit than with an HTTPS connection. Like the poster above said, HTTPS connections can be intercepted at the exit nodes with widely available programs like sslstrip. However, this interception is noticeable if you are paying attention, because you lose the lock icon. This is why mixed content is bad, it gets us used to losing the lock icon. Tor uses the TLS protocol with a 128 bit AES stream cipher and 1024 bit RSA keys for authentication. If you want the nitty gritty details, you can read the protocol spec: https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt In terms of encrypting the stream, Tor circuits are basically the same as HTTPS connections (they could be made stronger with AES-256 encryption, but AES-128 would take longer than your lifetime to decrypt with today's technology). The important difference between Tor circuits and HTTPS connections, as I said in a previous post, is that it's much harder to break Tor's authentication mechanism. Since you're connecting Tor client to Tor client, yes, the entire path is encrypted. Yeah, it's mostly the dangers of Flash and Java. I think the dangers of JavaScript are exaggerated. Yes, JavaScript can be dangerous too, but it's much better sandboxed inside the browser. Flash and Java are run by plugins that are separate processes and can more easily bypass the browser's proxy settings. That's why NoScript was added to the browser bundle. It blocks Flash and Java even when it is disabled. Well, if you post your name on the site, there's nothing Tor can do to save you. But I get what you're saying, and the answer is that the browser bundle is specially configured to greatly reduce data leaks and fingerprinting attacks that could be used to identify you. Nothing is perfect of course, but browsing clearnet with TBB in its default configuration is considered safe enough by the Tor developers that they distribute it that way.