I create a web site that isn't indexed by any search engines. I post the the link on this forum so only SR community members know about it. Like all web servers, mine records the IP address of everyone that accesses my site. I filter out the Tor exit nodes. Now I have a list of SR members' real IP addresses. Some people use VPNs, but those are relatively easy to filter out too, since the IP address belongs to a hosting provider instead of a residential ISP. Mullvad uses Leaseweb, Private Internet Access uses FDC Servers. If I was serious about performing the attack, I would get lists of the top residential ISPs in the most represented countries: US, UK, Australia, Germany and on down the list. It would be easy to identify the people accessing the site from home. Visiting a link like cnn.com is probably safe because so many people visit that site, but if it's some obscure web site, or a site you've never heard of before, definitely only visit it over Tor.