Police in the US are continuing to raid the homes of people who operate exit nodes for the Tor anonymity network, most recently searching the condo belonging to a pair of outspoken privacy activists in Seattle.

On 30 March, Seattle Privacy Coalition cofounders Jan Bultmann and David Robinson were woken up at 6.15am at their condominium by a team of six detectives from the Seattle Police Department with a search warrant looking for child pornography, according to Seattle's alternative weekly newspaper The Stranger.

The married couple were made to sit outside the apartment while the police searched their property and examined their electronic equipment. In the end, police acknowledged that no child pornography was found, so Bultmann and Robinson were not arrested, and none of their assets were seized.

Nevertheless, the experience left the couple shaken and upset, particularly since many "hints and comments [were] made about our cars, our jobs, our histories... revealing that we were thoroughly researched".

The Tor anonymity network

The Tor network (named after The Onion Router project), is used by many people around the world to disguise their web traffic and ensure anonymity. While some people use it for legitimate reasons because they have privacy concerns, many other users who venture into the Dark Web also use it too.

The Dark Web is a section of the internet not discoverable by conventional means, such as through a Google search or by directly entering a website URL. As the websites are hidden, they are perfect for cybercriminals, who list thousands of goods and services for sale on secret underground marketplaces, including narcotics, chemicals, firearms and counterfeit goods, in addition to adverts for services such as hacking, gambling and sports betting.

The Tor technology consists of software that anonymises and redirects internet traffic through a worldwide network of relays, comprised of volunteers who set up their computers as Tor exit nodes, in order to offer at least three layers of encryption, whereby the source and the final destination of the Tor path is completely anonymised.

Confusing Tor exit node operators with cybercriminals

Researchers at King's College London recently found in a new study that 57% of all the websites hidden on the Dark Web are actively facilitating criminal activity such as the sale of drugs, illicit finance and extreme pornography.

And unfortunately, because some bad people use Tor to encrypt their traffic and disguise their activities on the Dark Web, when US law enforcement trace the IP address of said user, it will reflect the IP address of the exit node that Tor randomly assigns to the user, meaning the police think that whoever operates the node is the perpetrator of the crime.

In 2013, William Weber, an IT administrator in Austria, was found guilty of funnelling child pornography through one of his seven global Tor exit relays, given three years' probation and a €30,000 ($34,146, £23,750) bill for court and legal fees. Even though he was not the one doing the funneling, prosecutors found him responsible. He went bankrupt from defending himself in court and thus could not appeal the ruling.

And in April 2015, a man in Indianapolis who ran a Tor node remotely in a German data centre, paying for hosting with a company based in St Louis, was alerted by his wife that their family home had been swarmed by FBI agents holding automatic weapons at 5am, searching for unauthorised access of a computer, theft of trade secrets and conspiracy to steal trade secrets. Nothing came of the raid, but a desktop computer running Linux and a household server were seized.

Since Tor has now been around since 2002 and had its first stable release in 2015, law enforcement agencies must be slowly catching on that IP addresses don't always lead you to culprits, the going is slow and it is still happening.