Actually hidden services can be traced up to their entry guards with this attack: http://freehaven.net/anonbib/cache/hs-attack06.pdf and then deanonymized by anyone who compromises one of the guard nodes (easily done with a court order if they are in USA, still easily done if they are in a foreign country via a MLAT although might take a bit longer). Hidden server should change its location periodically