How would exit node sniffing help SR, when it's a hidden service that doesn't involve exit nodes? Perhaps studying fingerprinting attacks at entry nodes, or brute forcing hidden service directories, might help SR and its users, but I don't understand how your suggestion would be helpful.