Obviously, the original IP address of the TOR user isn't available to the website they are viewing, but when the website responds back to the exit node, what information is the exit node maintaining that allows it to route back to the user? How is that response communication structured such that a malicious exit node isn't trivially able to de-anonymize the user?
Thanks.
As simple as it sounds: via TCP tunnel. Tor uses it's routing to make a TCP pipe, triple-encrypted(as the min length of the path is 3), but - after all - as the pipe is made, it is just a regular TCP/IP pipe, working both sides. So the reply comes back in exactly reverse order, speaking of encryption layers, but via the very same one pipe, it's called a "circuit" or "chain"
