Hidden services publish their descriptors in a distributed hash table hosted by relays with the HSDir flag. These relays are run by volunteers in many different countries and they are not controlled by the Tor Project. Even if you seized the servers, you wouldn't get the hidden service's IP address. In fact you wouldn't get any information that isn't already available to anyone who knows the onion address and makes their Tor client fetch the descriptor. You establish a connection to the hidden service through introduction points and rendezvous points. The hidden service builds three-hop circuits to the intro and rendezvous points, so it is protected. You can read the details here: https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=rend-spec.txt Their main office is in Walpole, Massachusetts, but they have paid developers in several countries, and I think their servers are hosted near DC. Because they would get no useful information.