> It is clear that the court does not understand how the Tor network works. The entire purpose of the network is to enable users to communicate privately and securely.
Tor does not actually hide your IP address from the public Internet. Someone technically ignorant might believe that (in which case, his expectation of privacy is based on a false assumption and is thus objectively unreasonable), but that's not the guarantee Tor provides. What onion routing does is ensure that someone sitting in the middle cannot identify both the source and destination of a packet.
But the legally relevant technical question is not whether someone can track the packet from the source to the destination. It's whether the user's IP address has been revealed to the public. That's necessarily the case even when communicating over Tor; that's just how the Internet works.
> But the legally relevant technical question is not whether someone can track the packet from the source to the destination. It's whether the user's IP address has been revealed to the public. That's necessarily the case even when communicating over Tor; that's just how the Internet works.
But you're only getting there with some kind of unusual globally omniscient consolidated definition of "the user's IP address" where because one member of the public knows the user but not the IP address (exit node) and a different member of the public knows the IP address but not the user (entry node) then "the public" knows the user's IP address, even though under expected operation there is no member of the public that actually knows the user's IP address.
By this logic "the public" knows the identity of every pseudonymous author because some members of the public know the pseudonymous work and different members of the public know the author in person, even if not one member of the public actually knows who writes under that pseudonym.
> I think you'd be hard pressed to argue that you have a 4th amendment right not to have the government link your pseudonym to your real name.
I would argue that it shouldn't be content-based. It isn't a matter of whether the information they want is the human corresponding to that pseudonym, it's a matter of whether you had a reasonable expectation of privacy in that information, which depends not on what the information is but on what you did to protect your privacy.
If you make a public statement under your pseudonym that identifies you then you don't have a reasonable expectation of privacy in that information. But if you take reasonable steps not to link yourself to your pseudonym, why should the government be completely unrestricted in how it obtains that information without a warrant, no matter how underhandedly or unexpectedly they behave?
The alternative is essentially an unwarranted expansion of the third party doctrine: Instead of saying that if a third party does know something the government can get it, it's saying the government can get anything a third party could know even if they wouldn't normally be expected to observe or record it -- or even if they implicitly or explicitly agreed that they wouldn't.
What does implementation details have to do with expectations? You can't just say the general public's expectations don't matter because they don't understand the implications of network routing.
Do Tor users expect their communications to be private? I think the answer is obviously yes.
Then why bother setting up any encryption at all? Why not just call the Internet an "anonymous network" and be done with it?
It's clear there is some difference between "expectation" and "informed expectation." If there were no distinction, then claiming you expected privacy in any situation would be legally sufficient to eliminate evidence collected while "violating" your expectation.
Because the law's notion of expectation of privacy is based off of the concrete reality of the tool, not of the abstract wish.
If you're a well informed Tor user, you would not expect coverage from the classes of attacks described. The Tor project itself specifically said that Tor does not defend against things like state actors.
The order demonstrates a perfectly adequate understanding of the technology: https://motherboard.vice.com/read/carnegie-mellon-university....
Tor does not actually hide your IP address from the public Internet. Someone technically ignorant might believe that (in which case, his expectation of privacy is based on a false assumption and is thus objectively unreasonable), but that's not the guarantee Tor provides. What onion routing does is ensure that someone sitting in the middle cannot identify both the source and destination of a packet.
But the legally relevant technical question is not whether someone can track the packet from the source to the destination. It's whether the user's IP address has been revealed to the public. That's necessarily the case even when communicating over Tor; that's just how the Internet works.