The issue with public APs is that it can be used for MITM attacks, like sniffing network traffic.
Workflow
Normal Browser
Client <-1-> Server
TOR Browser
Client <-2-> Entry Relay <-2-> Middle Relay <-2-> Exit Relay <-1-> Server
- 1 … Actual communication
- 2 … TOR encrypted comm.
Comparison
Let’s compare the communication outgoing from the Client.
Scenario 1: HTTP
| Browser | Normal | TOR |
|---|---|---|
| Content | Plain | Encrypted |
| Destination | Plain | Encrypted |
Scenario 2: HTTPS
| Browser | Normal | TOR |
|---|---|---|
| Content | Encrypted | Encrypted |
| Destination | Plain | Encrypted |