The first is a somewhat clever attempt to unmask someone ann undercover investigator was already talking to. Police should have narrowed scope of the warrant by only asking for data on viewers within a narrow window after they sent the link.

Even better might have been to directly link to some service that they already control on a honeypot URL, and then gone after the ISP for customer details.