Tor relays - newbie question : Tor | Torhoo darknet markets

Click the little shield looking thing beside the circuit beside the domain you are visiting. See how it says secure? Each layer is encrypted and yes encryption is held right to the web server.

When you flow through the Onion Network each packet flows down the network in fixed-size cells.

These cells are unwrapped by a symmetric key at each router and then the cell is relayed further down the path.

Tor isn’t an anonymising service, but it is a service that can encrypt all traffic from A to B to C.

We start off with your "message" (we haven’t sent it yet). We need to encrypt the "message" N times (where N is how many nodes are in the path).

We encrypt it using AES, a symmetric key crypto-system. The key is agreed upon using Diffie-Hellman. There are 4 nodes in the path (minus your computer and Dread) so we encrypt the "message" 4 times.

Our packet (onion) has 4 layers.

Node 4 adds its layer of encryption now. It doesn’t know who originally made the request, all it knows is that Node 3 sent the request to them so it sends the response message back to Node 3.

You, the client, and hidden service (Dread) talk to each other over a rendezvous point.

All traffic is end-to-end encrypted and the rendezvous point just relays it back and forth. Note that each of them, client and hidden service, builds a circuit to the rendezvous point; at three hops per circuit, this makes six hops in total.

In the end, it comes down to encryption. Encryption: first, all connections in Tor use TLS link encryption, so observers can't look inside to see which circuit a given cell is intended for.

Because you are not leaving .onion (as Dread is an Onion/Hidden Service) you are not getting decrypted and prepared for the clearnet by the exit node.

So, in short, use Tor just for the .onion world.