You could easily avoid this problem by providing a letter of guarantee. A rogue tor node won't be able to sign a message with an address, that is under your control.
This doesn't solve anything: if the rogue Tor node change a deposit address, they can also sign a Letter of Guarantee from any address under their control, and display said address as the "official" one.
Just use .onion if you use Tor.
No. You did not understand what I said. Here is an ELI5...
Say, I am running a mixer. I have a clearnet version as well as a .onion one. I show this address on my homepage & bitcointalk thread and declare that I'll sign a message through it as letter of guarantee - 1HRnZx1ukJ338WfcqK6T59ZEWTuzehUcu1. The letter of guarantee will contain the deposit address signed by the mixer. An user can verify whether the deposit address he/she has received through Tor browser is signed by this address, i.e. 1HRnZx1ukJ338WfcqK6T59ZEWTuzehUcu1, which itself can be cross verified by visiting the home page or bitcointalk thread on clearnet.
Now, you are running a rogue Tor node and want to change the deposit address.
Tell me, how can you provide a letter of guarantee containing that changed deposit address signed by the address visible on my homepage & bitcointalk thread through clearnet, i.e. 1HRnZx1ukJ338WfcqK6T59ZEWTuzehUcu1?Err you start an instance with ChipMixer and just scrape the information from their site via tor and save the token to receive the funds later?
Captchas are fairly bypassible afaik and you'd already have to put on the effort to search for the key and verify it you're better off getting ChipMixer to list their ssl public key...
(which I can't get access to on mobile).