Most sites i see on tor are http://blahblahblah.onion even for sites that have logins such as dread or pitch. However, duckduckgo appears to have an https onion which i didnt think was possible. Now the question is if i submit my user/pass on an http onion is it actually safe and is my session with that site properly secure? I know in transport to me it is secure, but if the exit node knows i want the pitch onion is my account info safe from that node since pitch is http.
It basically doesn’t matter. Your connection already goes through 3 nodes on the Tor network and that is plenty enough. There is no reason why you should prefer HTTPS sites over HTTP on the Tor network.
Certs encrypt traffic. It’s wrapping your onion traffic up. Your search results are arriving securely.
