That is called a correlation not an intersection, two totally different sorts of attack. And yes it really is that easy. Researchers have done this attack against the live Tor network and traced hidden services in a matter of minutes to days prior to entry guards. Now entry guards can be traced in a matter of hours to days. When you can force the server to open as many circuits as you damn well please, it really isn't going to take that long for some of your nodes to be on the circuit enough times to enumerate the entry guards. Give me 12 high bandwidth VPS for a month and I will trace any hidden service you want to its entry guards. from the paper hmm lets see how entry guards changed the attack Damn I even remembered this paper wrong, I thought it had taken them days to weeks to trace the hidden services and that they had used multiple nodes, not minutes to hours with a single node. And entry guards were the defense to this attack, and now the entry guards are traced in minutes to hours instead of the hidden service itself. Even with the significant increase in Tor network size following this attack (a few times as large) it isn't going to take longer than a week at the max to do this same attack. Really if you guys want to argue with linked citations, quotes from traffic analysis experts and someone who has been studying this shit for years, go right ahead and knock yourselves the fuck out. What if I get a quote from one of the Tor devs saying that I am right will you believe me then? Cuz I already know that they all know this attack will trace entry guards without any problems. They also all know that FBI can trap and trace the shit out of the entry guards if they are in USA, and MLAT the shit out of them if they are in any other country, to deanonymize the hidden service. In the #tor IRC Arma, the person who implemented Tor in the first place, said that hidden services are fucked, and that is more or less a direct quote. Please tell me geniuses what more do you need to convince you? If cited papers from world experts, full of technical details, including how this attack was carried out live against the Tor network, plus the words of someone who has been studying traffic analysis for years, plus the words of the person who implemented the fucking network in the first place, are not enough to convince you that you don't know what the hell you are talking about, then please tell me what it will take. Put up a fucking hidden service and buy me some VPS nodes and I will tell you its entry guards, will that convince you? If you don't even know how to fucking spell *Tor* then why are you acting like you know more about it than I do? People learning misinformation from idiots like you guys talking about shit you heard from other idiots talking about shit they heard from other idiots talking about shit they heard from DISINFO agents is why there are so many people who think Tor hidden services offer protection from anything other than Joe Blow putting a complaint in to a sites hosting provider. Actually that is going too far, it can also protect substantially from someone who can add nodes to the network but not order nodes on the network to be monitored at their ISPs after the node that has direct contact with the hidden service is identified. Entry guards boosted it up from 'Joe Blow' not being able to pwn it to 'Someone with a moderate level of computer knowledge and a little bit of money to spend on it, who gets a bit of bad luck and doesn't spend much effort on it' not being able to pwn it without a bit of extra work. It is still fully in the 'law enforcement can pwn it with little work' and 'someone with a moderate level of computer knowledge, a bit of money, a bit of luck, and a significant amount of effort, can still probably manage to fully pwn it' category. I know I can trace hidden service to its entry guards with little work, and I know if I was law enforcement I could then order the ISP to give me the logs from the entry guard (and start logging if they are not already), since trap and trace can be done without a warrant if LE can prove that it directly relates to a criminal investigation. Guess what being able to technically prove that a trap and trace will deanonymize a targeted hidden service is more than enough legal justification to use one for the literally few seconds required to obtain the hidden services real IP address after its entry guards are identified. And if you think entry guards being outside of USA is going to help at all look up MLAT I don't have time to explain every single detail of every little thing over and over to people who are content to argue in the face of overwhelming evidence, seems like a complete waste of time to me. Then again I shouldn't be so hard on Tor, I am not certain if the feds realize how easy it is to trace hidden services either, their traffic analysis operations are almost entirely focused on spidering P2P networks with (extremely expensive) simple spidering programs looking for CP files. Then again I wouldn't be surprised at all if they are already passively monitoring all of the interesting hidden services, with 50% of a correlation attack already done, waiting for clients to use their poisoned entry guards to deanonymize themselves. With out proper intelligence it is impossible to know their true capabilities, especially at the level where they start trying to keep the information secret / compartmentalized (for example, not something they give a shit about with the P2P spidering, the entire name and technical details of operation fairplay against the CP traders can be discovered with simple google searching and digging around academic articles on law enforcement oriented traffic analysis......but if there were an ongoing traffic analysis operation against Tor users the average agent would probably not even be aware of it....and a lot of published LE documentation shows that they struggle with much easier things than Tor, but who knows maybe it is misinfo to an extent, and who knows about the documentation that has a classification level stamped on it). Regardless I would have to assume that at least a significant number of people who would go into FBI traffic analysis would independently learn about ways to trace hidden services (I had a copy of a cyber career path guideline for FBI that shows their educational structure and if I am remembering correctly they started training agents who selected this specialty about traffic analysis after 8 years worth of other general computer and computer forensic / security / etc training). Who knows what they know, but I know that they can pwn Tor hidden services and we should assume that they know they can too.