Your question's already been answered pretty well, but I seem to have more patience than most for explaining... so to really answer your initial question: Tor offers no protection from man in the middle attacks. A Man in the Middle (MitM) attack is when you try to connect to, say, your bank's web site but a hacker has arranged it so that you connect to his computer instead. How he does this is a bit beyond the scope of your question -- it suffices to say that it requires a nontrivial knowledge of internet routing, but don't worry about it. It's pretty rare.So anyway, you connect to his computer. His computer then connects to the real bank site. Now the way SSL/TLS (HTTPS) works is that any data communicated between you and the person you connect to is private. But you're connected to the hacker's computer, not the real web site -- so... yeah. It being private between you and the hacker doesn't do a lot of good in this case. The hacker also transparently sends all the data you send to him, right to the bank site. The bank site thinks it's you, and sends stuff to the hacker (who sends it on through to you, so that you don't notice it's not the bank site).The only defense against this are the certificate authorities. They're basically companies that have been empowered to sell these certificates -- if you have one, it's supposed to prove that you are a specific domain (google.com is a domain). So your computer should *hopefully* warn you about the MitM attack described above by telling you the certificate of the web site doesn't check out, but the problem is... it's not all that hard to get around these certificate authorities and end up with one that says you're somebody who you aren't. Neither Tor, nor TAILS, does anything to protect against this.So as eddiethegun here points out, not bothering with any encryption and connecting via standard HTTP (not HTTPS), is only going to make it even easier to perform a MitM attack. If there's another meaning to Man in the Middle attack, I certainly don't know it. If that wasn't what your initial question was about, maybe try describing what your concern is instead?