Exit node can link data from the same circuit together. If you are browsing two sites via the same circuit via the same exit node, it can determine the same person is visiting both of those sites. If one of those sites is your personal facebook you are fucked. Here read this: www.mpi-sws.org/~stevens/pubs/leet11.pdf They deanonymize P2P users via the DHT and then they also determine all of their non P2P traffic going down the same circuit by linking it together at the malicious exit node. They deanonymized 10,000 Tor circuits this way, including *everything* being loaded through the circuits not just the P2P traffic.