Your mixing up general Tor use vs Tor hidden services. With hidden services there’s not really an exit node because the traffic never exits the Tor network.

Charlie could only see the machine in the final step of requesting the illegal content it Charlie was hosting the hidden service themselves. These requests can come from many different Tor operators not just exit nodes.

To be clear, Bob is not the host of the illegal content. Bob is just the second-to-last hop before the content reaches the end destination (Charlie). My understanding of the tor network is that it obfuscates traffic across many hops. The path content takes from the host to Charlie:

Host -> Node 1 -> Node 2 -> ... Bob -> Charlie

this obfuscates the Host from Charlie. But Charlie knows that Bob sent him illegal content. Yes, Bob didn't host the content. The host is obfuscated. But Bob is still delivering illegal content and Charlie knows it.

Exit nodes are not the nodes that are directly facing tor users. Those nodes are called "Guard Relays".

Guard Relays usually don't have these issues, since you have to be somewhat technical to actively probe relays by requesting content through tor. And technical people know there isn't any point to rading an operator's home.

> Bob is still delivering illegal content and Charlie knows it

Does BOB know they are delivering illegal content?

No... is it even possible to send unencrypted traffic by Tor? If it's even possible, Charlie must be the only person in the world doing it.

> Does BOB know they are delivering illegal content?

He does when Charlie knocks on his door and informs him that he delivered CSE to him. Ignorance of the fact that one is breaking the law is rarely accepted as a defense. Carriers usually get this protection when when meet some standards of safeguards and cooperation with law enforcement.

Ignorance of the law is not generally accepted as a legal defense, but ignorance of facts is. Most crimes involve a mental state of knowledge or intent with respect to the wrongdoing, and an exit node operator does not know what users are accessing.

Taking the wrong jacket by mistake is not theft, and operating the exit node through which someone downloads CSAM is not criminal possession of CSAM or knowing facilitation thereof.

Do you think drug mules get off scot-free when they say "I didn't know what was in that package"?

If the prosecutor can't convince the jury that they did know, yes.

That rarely happens in practice because prosecutors are usually pretty good at their jobs, and tend not to bring cases they can't prove.

The prosecutor doesn't need to definitively prove that the mule knew he was transporting drugs. Only that a reasonable person should have known.

Back to our Tor example: if you've been repeatedly told by the government that your node is being used for illegal activity, it's hard to plead ignorance.

You've described the legal mental state of negligence, and it's true that some crimes use it. Some jurisdictions have "criminally negligent homicide" as a crime with a lower penalty than manslaughter (reckless homicide) for example.

A look at federal drug distribution statutes in the USA[0] shows the mental state used for most of the forbidden acts is "intentionally" or "knowingly". Other jurisdictions could have different laws, but in the USA, it does appear the prosecutor has to prove that a drug mule knew what they were doing.

Similarly, the federal statute in the USA criminalizing distribution and transmission of child pornography[1] says "knowingly". Someone operating an ISP, an internet router, a VPN, or an exit node has no obligation (and often no ability) to inspect the data they're transmitting to find out if it contains child pornography, and knowing that there's a certain probability a given amount of random traffic contains some does not trigger criminal liability because the operator does not know that any particular data is child pornography.

In another comment you mentioned that ISPs can aid law enforcement because they know details about their customers. They usually do for billing purposes, but in many jurisdictions they're not required to. There is not, to my knowledge a KYC law in the USA for providing internet service.

[0] https://www.law.cornell.edu/uscode/text/21/841

[1] https://www.law.cornell.edu/uscode/text/18/2252A

Continuing to operate a Tor node after being informed by the government that it's being used for illegal activity means the operator did this "knowingly". It's even more egregious than a drug mule transporting an unmarked package:

Imagine the government tells the mule that their employer is shipping dugs in these packages, and the mule still tries to claim that they didn't know that they might be transporting drugs.

It's not enough in parts of the world usually considered free and democratic for an information services provider to know that some of the data they're transmitting might be illegal. If it was, everyone from ISPs to messaging apps to social media sites would be at risk. In the case of child pornography, most jurisdictions require them to report it if they discover it, but they are not required to actively attempt to discover it.

The EU Chatcontrol proposal seeks to change that in some cases (TOR exit nodes not among them), and most people here are vehemently opposed to it.

Hidden service connections don't go through exit nodes. In theory it's two back-to-back Tor connection that meet somewhere in the network, but you can also think of it (possibly more correctly) as a six-hop Tor connection to an exit node that is only used to directly connect to the backend server. If set up right this prevents government sniffing at all points.

The final recipient is going to be able to decrypt the content, right? Regardless of "hidden service connection" or "exit nodes". Charlie is the final recipient and will be able to decrypt the content and know that it's illegal content.

Is there some mechanism that prevents Charlie from knowing who sent the content to him? Fundamentally, you can't stop the government from sniffing at the endpoint. Because they're not really "sniffing" they're just requesting content like any normal Tor user.

> Is there some mechanism that prevents Charlie from knowing who sent the content to him?

That is, in fact, the whole point of Tor. In the hidden service case, neither end can identify the other.

Sorry, in case I wasn't clear, I'm not talking about identifying the site hosting the content. I'm talking about the second-to-last hop in the traffic. My understanding is that Tor obfuscates traffic by sending through several hops, each one decrypting a layer of traffic (hence the "onion" network). So we have:

Host -> Node 1 -> Node 2 -> .... -> Bob -> Charlie.

Charlie doesn't know where the Host is. But Charlie does know that Bob sent him illegal content. Or is that final link, from Bob to Charlie, also obfuscated somehow? If so, how did OP get raided by police if he's supposed to be hidden?

OK, so there are basically three cases:

1. Charlie is running a client and downloads something. In which case Bob is an entrance node, not an exit node, but it's essentially the same thing. Charlie does know that the next hop is Bob. Depending on whether the ultimate destination is a hidden service or on the clearnet, Charlie may or may not know who's running that service.

2. Charlie is running a hidden service, and somebody uploads something. Charlie knows that it came via Bob, but doesn't know where it came from.

3. Charlie is running a regular clearnet Web server, and somebody uploads something to Charlie via Bob's exit node. Again Charlie sees that the traffic comes from Bob.

In the first two cases, Charlie has to be actually running the Tor software, and knowingly using Tor. So Charlie also knows that (a) Bob is just a relay, (b) Bob doesn't actually host the content, (c) Bob doesn't handle more than a packet or two of the content at a time, and deletes those as soon as they've been relayed, (d) Bob doesn't know, and can't find out, what the content actually is, (e) Bob doesn't know, and can't find out, where the content originally came from, and (f) Bob is really unlikely to keep any record of the whole connection after the session is over, which means probably no more than 10 minutes or so.

If that's enough to go after Bob, then it's enough to go after Bob... but historically it hasn't been. Bob can reasonably claim not only that he doesn't know what that particular traffic was, but that, although he knows there's probably some illegal traffic, most of the traffic he relays is probably legal.

In the third case, it looks to Charlie like Bob is the ultimate user. Unless Charlie does some investigation, Charlie may go raid Bob. But Charlie should then find out all that other stuff.

I think the most common actual case is that Charlie is running a honey pot, either as a hidden service or on the clearnet, and somebody gets the content from Charlie via Bob. But the same basic ideas apply.

The main issue isn't that Charlie doesn't know what the content is, but that Bob doesn't.

[Oh, and on edit, just to be clear: In the first two cases, that "packet or two" that Bob may ephemerally buffer is encrypted so that Bob can't read it, nor can any other relay. In the third case, where Charlie is a clearnet service, the end user is usually still using TLS, so Bob still can't read it. And none of the non-exit relays can read it no matter what.]

> So Charlie also knows that (a) Bob is just a relay, (b) Bob doesn't actually host the content, (c) Bob doesn't handle more than a packet or two of the content at a time, and deletes those as soon as they've been relayed, (d) Bob doesn't know, and can't find out, what the content actually is, (e) Bob doesn't know, and can't find out, where the content originally came from, and (f) Bob is really unlikely to keep any record of the whole connection after the session is over, which means probably no more than 10 minutes or so.?

But at the end of the day Charlie, the government agent, is catching Bob in the act of delivering illegal content.

Imagine a government agent buys drugs on the dark web and arrests the courier. The courier protests, "I didn't know it was drugs, I didn't ask what was in the package". Do you think that defense is going to keep the courier out of prison?

It sounds like Germany is treating Tor operators as common carriers, and not holding them liable for content they delivery. They're being quite generous in that regard, in most countries the node operators are probably not met with such leniency.

> Do you think that defense is going to keep the courier out of prison?

Yes. That happens every day.

> It sounds like Germany is treating Tor operators as common carriers,

That's probably because they basically are common carriers. And the service isn't particularly designed for illegal activity, even it can be useful for that. It's especially not designed for activities that tend to be illegal in the "free world".

> in most countries the node operators are probably not met with such leniency.

The Tor network has been running for about 20 years. There are on the order of thousands of relays. Unlike users, relay operators aren't anonymous; there's a public list of their IP addresses. The relays are all over most of Europe, especially Western Europe, and the Americas, especially the US and Canada, with a not-insignificant number of them in other countries.

So far as I know, nobody's ever been arrested, let alone convicted, for running a Tor relay. If they have, it's been in the sort of country where you also get arrested for running a newspaper. That may change soon, but it's still the case so far. Oh, and a good chunk of the funding for development (but not relay operation) comes from the US government.

You say "leniency", I say "not being an authoritarian hellhole".

>Imagine a government agent buys drugs on the dark web and arrests the courier. The courier protests, "I didn't know it was drugs, I didn't ask what was in the package". Do you think that defense is going to keep the courier out of prison?

Well, yes, otherwise FedEx and UPS would quickly go out of business.

FexEx and UPS receive immunity as carriers in exchange for several things. Minimum standards around recordkeeping and knowing their customers is one. Assisting the government with law enforcement (tracking down customers, scanning packages, etc.) is another.

Juries aren't stupid, they're not going to buy it when the courier says, "I just saw this online ad for deliveries on the dark web. Sure, it paid way more than normal delivery jobs but that's not cause for suspicion, right?"

And that's exactly what a tor node is doing: delivering content from the dark web. As far as I'm concerned, Germany is being very generous in its decision to let these operators continue to operate despite knowing full well that they are enabling criminal activity.

> Imagine a government agent buys drugs on the dark web and arrests the courier. The courier protests, "I didn't know it was drugs, I didn't ask what was in the package". Do you think that defense is going to keep the courier out of prison?

I, recently, bought a computer mouse from an online shop. The courier who brought me the package had no idea it contained a computer mouse. It might have been listed on the manifest outside the package, but even then, the courier had no way of knowing whether that was true without opening the package.

So, yes, I do think that defense can keep the courier out of prison.

Reality demonstrates otherwise: plenty of drug mules are in prison because the jury didn't buy into this defense.

Because it's not illegal to do that and if they're accessing hidden services they know they're accessing it via TOR and aren't directly connected to the illegal host. The most common reason exit nodes get raided is because they're the exit for some illegal user and appear as the source of the illegal activity.