There are some .onion websites which are still on http and https everywhere does not help. Just want to understand is the exit node seeing this website being visited by a user or can they see the sensitive information like username/password etc.? How hard is it for an adversary to get this info via the exit node and can they track a user through this? I am presuming that the relays won’t be able to see anything.
If I understand correctly, .onion websites do not use exit nodes.
Also, such connections are encrypted (even without https), so only .onion site owner can decrypt them.
1 Like
Thank you. Last question, is encryption the reason that they haven’t made https mandatory for .onion websites?
Yes.
I have found explanation about this topic here: