If the hidden service your a visiting resides outside of the NSA - Euro surveillance zone, then the more of the Tor network that resides outside of it, the more likely the hidden service is to pick entry guards that are outside of it (assuming the operator takes no steps to select entry points outside of it). In that case, they can only watch one end of the connection, and fingerprinting a triple encrypted circuit (or more if you use a VPN or SSH tunneling) is all they have. I expect to see the other network layer attacks successfully deployed in the wild before I see that one.