That was never in question. We know that mobile phones can be geolocated. My doubts are about the practicality of the attack viz a fishing expedition -- ie, starting from zero knowledge and the assumption that some people are using the mail to ship drugs, LE would obtain all geolocation data and look for patterns to identify suspects for further investigation (which doesn't have to include Tor use, after all, I bet a majority of online drug vendors don't use Tor). I find that scenario utterly impractical. kmf added the idea that a seized package's drop location can be determined. That is a little more practical, but not something worth doing, IMHO, unless you're looking for a major drug distributor. kmf and I agree that there are trivial ways to defeat the attack, such as not bringing a geolocation device, mixing up your drop locations, and obfuscating your connection to the Tor network.