then how did they arrest hundreds for trading child porn on the darknet?
By contacting the users through Tor and getting them to reveal themselves.
They created their own server, distributing child porn for months, and exploited a hole in the Firefox browser that was packaged into the TOR Browser bundle. I suspect that the hole involved enabling javascript or some similar method to get the browser to identify their real IP address.
And I'm equally sure that the same hole is being exploited by various intelligence services who are rooting out 'subversive' elements in Iran and Syria.
Social engineering.
They found a vulnerability between the chair and the keyboard.
Three big reasons:
1. Bugging the FireFox software that came with the Tor bundle. That’s why I check the hashes after each and every download and report if they don’t match.
2. Users blithely giving out identifiable personal information
3. CP being left unencrypted or with pitiful protection that it might as well have been, like happens every day all across America with other kinds of digital information. I’d bet a fair number of those arrested practically had a neon sign pointing to the pictures/movies in question.
If you want to access Tor and “bring anything home”, your only safe bet is to ensure it never gets stored on a magnetic hard drive as these are near-impossible to totally erase, that it is secured as all hell and most importantly that you DO NOT save passwords on paper or in digital form.