Does using IP address over Tor with a one essential website expose me to any attack surface?

Question

I routinely access www.email-provider-of-my-choice.com via browser over Tor. My browser enforces https-only mode and I opt for never saving my credentials with this provider. I tend to use the domain address and not the Tor address of my email provider. Most of the time I access the internet via router which I control.

I do need to access my email when I occasionally travel (that includes accessing the internet via gateways that I do not control). From what I gathered accessing a website through Tor/VPN does somewhat reduce my attack surface.

And yet the following crossed my mind:

1. The Tor exit node may be malicious or it may be under attack as well (the node itself or its gateway).
2. There may some sort of global attack on the DNS servers that give response to www.email-provider-of-my-choice.com

Thus, my questions are following:

1. Does using raw IP to access my email provider reduce my attack surface in case of 1 and 2?
2. How does it fare in comparison with using a Tor address of this provider?
3. Does using IP address expose me to any new threat when compared with accessing the service via DNS?

I'm well aware that using a service via its IP instead of DNS does rely to some extent on the latter, i.e.

I need to ping www.email-provider-of-my-choice.com at least once, and perhaps to ping it one more time when I travel or when the address changes, in order to get their IP.

The user experience of using raw address is not a problem to me, let it be outside of the scope of the question.

Answer 1

Using the IP address instead of the domain name on the Tor network is less secure.

When you access the domain name using TLS, the certificate is inspected by your browser, and it will only connect if the certificate is valid and trusted by your browser. Even if the Tor exit node or the gateway is malicious, they have no way to tamper with the data and fool your browser because they don't have the private key of the site you are accessing.

If you use the IP instead of the domain, you can find one of those situations:

1. The site is hosted with other sites on the same IP

In this case, your browser cannot send the Host header, so the server does not know which site you want to access and cannot connect you.

2. The site hosts only one site

The certificate is generated for the domain, not the IP, so your browser will complain about an invalid certificate. You will have to inspect the certificate to see if it's a valid certificate for the site you want to access, validate if the domain points to the IP you are connecting, and then accept to access the site.

So use the domain. Taking over the domain is not something that is done all the time. And TLS will protect you.

The Tor exit node may be malicious or it may be under attack

Using the domain and validating the certificate (this is done automatically by the browser) protects against malicious activities from the node or any attacker.

There may some sort of global attack on the DNS servers

A global attack on DNS is something that is not going to be executed, and even if it does, it will be so noisy that everyone on the internet will be talking about it. There are some localized attacks on DNS infrastructure from individual ISPs all the time, but not something on a global scale.

There are attacks that change the DNS settings on the computer or the router to point to a tainted resolver, but those are not global. You can protect yourself from attacks on the router or your ISP by setting the DNS address by hand, using the server from a large entity (like Google or Cloudflare).

How does it fare in comparison with using a Tor address of this provider?

It's better for your privacy to use the Tor address because all your traffic never leaves Tor network. There will be no malicious exit nodes nor compromised gateways, no DNS provider will know you are accessing anything.