The sites that you visit can know that you are using Tor, because the <a href="https://metrics.torproject.org/exonerator.html">list of exit nodes of the Tor network</a> is public.
Parental controls, Internet service providers, and countries with heavy censorship can identify and block connections to the Tor network that don't use Tor bridges.
[[!img doc/anonymous_internet/tor/tor.svg size="600x" link="no" alt="A Tor connection goes through 3 relays with the last one establishing the actual connection to the final destination"]]
Observe your traffic. That is why <i>Tor Browser</i> and Tails include tools to encrypt the connection between the exit node and the destination server, whenever possible.
Pretend to be the destination server, a technique known as <i>machine-in-the-middle</i> attack (MitM). That is why you should pay even more attention to the security warnings in <i>Tor Browser</i>. If you get such a warning, use the [[New Identity|doc/anonymous_internet/Tor_Browser#new-identity]] feature of <i>Tor Browser</i> to change exit node.
A powerful adversary, who could analyze the timing and shape of the traffic entering and exiting the Tor network, might be able to deanonymize Tor users.These attacks are called <i>end-to-end correlation</i> attacks, because the attacker has to observe both ends of a Tor circuit at the same time.
No anonymity network used for rapid connections, like browsing the web or instant messaging, can protect 100% from end-to-end correlation attacks. In this case, VPNs (Virtual Private Networks) are less secure than Tor, because they do not use 3 independent relays.
End-to-end correlation attacks have been studied in research papers, but we don't know of any actual use to deanonymize Tor users. For an example, see <a href="https://www.freehaven.net/anonbib/cache/murdoch-pet2007.pdf">Murdoch and Zieliński: Sampled Traffic Analysis by Internet-Exchange-Level Adversaries</a>.