So if u go onto tor n watch vids FBI might arrest you or when do they care enough or how do they decide who to go after

1. What Tor actually does — anonymity by design, not impregnable secrecy

Tor routes traffic through multiple volunteer relays so a destination sees a Tor exit or .onion endpoint rather than the user’s real IP, which protects location and network metadata against many kinds of monitoring but does not eliminate all ways of being identified ^{[1] [6]}.

2. How and when law enforcement breaks anonymity — targeted tools, not omniscience

Law enforcement breaks Tor anonymity in targeted investigations using a mix of tactics: exploiting browser or service vulnerabilities, deploying Network Investigative Techniques (NITs, i.e., malware), correlating timing/traffic patterns, tracing cryptocurrency, undercover interactions and conventional surveillance — methods assembled to produce evidence before arrests ^{[2] [7] [3]}.

3. Precedents that matter — Playpen, Silk Road and user deanonymizations

High‑profile cases show the pattern: the FBI used an exploit/NIT in the Playpen child‑porn investigation and obtained thousands of IP revelations after operating the site for a period under warrant ^[3]; Silk Road’s operator was unmasked mainly by operational mistakes and follow‑the‑money and physical surveillance rather than Tor being “cracked” outright ^{[7] [4]}; other incidents suggest exploits or unpatched browsers have exposed users’ IPs ^{[8] [5]}.

4. Legal authority, rule changes and competing narratives about scope

Changes to Rule 41 and the DOJ’s push for “remote search” warrants have been criticized as enabling broader use of hacking tools against anonymized targets, a contention pressed by civil‑liberties groups and the Tor Project which warn of mass hacking and legal overreach even as law enforcement argues such tools are needed to catch serious criminals ^{[9] [10]}.

5. How investigators decide who to go after — threat, evidence, and prosecutorial discretion

Agencies prioritize cases where activity crosses into serious crimes (child exploitation, large‑scale trafficking, terrorism, major fraud), where digital traces can be turned into provable evidence, and where resources and international cooperation make arrest and prosecution feasible; mere presence on Tor without criminal indicators generally lacks the threshold that triggers these complex operations ^{[2] [4] [3]}.

6. Practical risk for someone who just browses Tor videos

A user who only watches innocuous content and keeps software patched, avoids logging into identifying accounts, and does not interact with illicit services has a much lower practical risk of being singled out than someone who visits or runs criminal marketplaces, uploads illegal material, or visits honeypot sites — but browsing is not risk‑free because unpatched browser vulnerabilities and mistaken interactions with operated or seized sites have produced identifications in the past ^{[5] [3] [8]}.

7. Alternative views and implicit agendas in the reporting

Security agencies emphasize prosecuting criminals and the operational success of de‑anonymization ^{[6] [2]}, while civil‑liberties and Tor advocates stress the danger of legal expansion and warrantless hacking ^{[3] [9]}; industry and government advisories urge risk assessment and monitoring of Tor node traffic, which can reflect institutional priorities to reduce threat exposure ^{[6] [1]}.

8. Bottom line

Tor reduces casual surveillance but is not a guarantee against identification when law enforcement has cause and legal authority to act; the deciding factors are the nature of the activity, operational mistakes or vulnerabilities, and prosecutorial prioritization — not merely the act of “going onto Tor and watching vids” ^{[1] [3] [4]}.