Tor Exit node risk?

I have been using Tails (not on a VM), TBB, highest security level-no javascripts), PGP for communication and regularly start new identities in TBB in Tails. Somehow I missed the bit about staying on onion when in onion due to exit nodes. I had been regularly switching from onion markets to this sub (for reviews and links) believing my anonymity would be maintained as I was doing this all through Tails and tor. Have I deanomyzied myself? What sort of security risk may I be in? Why does TBB in Tails auto start with lowest security settings and mainpage to their clearnet site? Isn't this risky?

Peace, inner and outer, in 2016 CloudedHead


Comments


[1 Points] sittinon40acres:

i think youre fine, but that depends on the scale of how criminal you are i guess. youre prob fine


[1 Points] multiplax:

If you use Tor to connect to a clearnet site without https, then the exit node can intercept your connection, and send you whatever it wants instead (including a redirect to an https site of its choice). The classic attack is when someone accesses a clearnet wallet over Tor---the exit node sends a fake login screen, grabs the credentials, and steals the BTC.

The risk is that man-in-the-middle attack, not (directly) loss of anonymity. The Tails home page is safe, because it's https. If you log in to reddit without https, then you're at risk---but reddit credentials aren't usually valuable, so it's less likely that anyone's watching.