Editing Onion routing (section)

===Exit node vulnerability===
Although the message being sent is transmitted inside several layers of encryption, the job of the exit node, as the final node in the chain, is to decrypt the final layer and deliver the message to the recipient. A compromised exit node is thus able to acquire the raw data being transmitted, potentially including passwords, private messages, bank account numbers, and other forms of personal information. Dan Egerstad, a Swedish researcher, used such an attack to collect the passwords of over 100 email accounts related to foreign embassies.<ref>{{cite web |last=Bangeman |first=Eric |url=https://arstechnica.com/news.ars/post/20070830-security-researcher-stumbles-across-embassy-e-mail-log-ins.html |title=Security researcher stumbles across embassy e-mail log-ins |publisher=[[Ars Technica]] |date=2007-08-30 |access-date=2010-03-17}}</ref>

Exit node vulnerabilities are similar to those on unsecured wireless networks, where the data being transmitted by a user on the network may be intercepted by another user or by the router operator. Both issues are solved by using a secure end-to-end connection like [[Transport Layer Security|SSL/TLS]] or [[secure HTTP]] (S-HTTP). If there is [[end-to-end encryption]] between the sender and the recipient, and the sender isn't lured into trusting a false SSL certificate offered by the exit node, then not even the last intermediary can view the original message.