I must not understand how Tor works because it seems pretty trivial to me for the FBI or a government agency to identify users. Where's the error in my thinking:
Tor works by routing a connection from your computer through a few hops in the network and then to the server. If the FBI operated the relay connected to your computer and also the server (say as a sting operation, or if they identified one and downloaded the logs), then wouldn't it be pretty easy to match the traffic through their relay (which has your naked IP address) to the traffic in the server logs?
It doesn't even need to be infiltrating TOR. They caught a kid who called in a fake bomb threat to get out of a college test because his connection to the TOR network coincided with the threat.
You could relay your traffic through one or more VPNs before connecting to the TOR network if you trust the companies not to keep logs or be beholden to the FBI/NSA.
But realistically your only friend in a worst-case scenario is the fairly reasonable hope that these agencies don't have the ability to parse all of their raw data, that they wouldn't waste time looking for you, and that you're not important enough for them to show their hand to everyone else and reveal exactly what they're capable of.
It seems likely that the NSA is running a large fraction of tor nodes, and doing exactly what you suggest. It would cost a trivial fraction of their budget, and yield huge amounts of relevant information.
The traffic is encrypted from relay to relay and end to end.
You can theoretically prove that someone used Tor and perhaps prove that they connected to a certain Hidden Service, but proving that they actually did something illegal (rather than just curiously browsing) is not easy to prove.
Also, I think that each relay is unaware of their order in the flow, so the other connected nodes could be a Hidden Service, a Tor client, or just another relay.
Tor works by routing a connection from your computer through a few hops in the network and then to the server. If the FBI operated the relay connected to your computer and also the server (say as a sting operation, or if they identified one and downloaded the logs), then wouldn't it be pretty easy to match the traffic through their relay (which has your naked IP address) to the traffic in the server logs?