I didn't say you could correlate based on the actual data stream, you need to insert artifacts such as interpacket arrival patterns (or just use the patterns that naturally arise). It doesn't matter if you can't decrypt O (the packet) if you can detect the unique timing pattern between packets. lets say you have O----O--O-----O-------O---O-O--------O a stream of encrypted packets that goes through multiple relays, with each relay performing decryption operations on another layer: O----O--O-----O-------O---O-O--------O -> 1 -> P----P--P-----P-------P---P-P--------P -> 2 -> etc Even though the content of the packets changes, the interpacket arrival characteristics are not obfuscated and they work perfectly well to determine that one stream of packets is linked to another stream of packets that was observed at another point. The encryption mode that Tor uses actually doesn't increase data size with additional layers of encryption. You don't need to be able to understand it, you can correlate the stream based on interpacket timing characteristics. Tor is low latency it doesn't hide that pattern and it has been proven in so many different papers that I can give you a billion citations if you want. The size of the packets actually stay the same because Tor uses padding. Sizes staying the same is a good thing. However the size of the stream doesn't change. Also the interpacket arrival times don't change. It ain't my theory its an attack that some academics came up with. I doubt that FBI tried to use this attack to catch pedo sites simply cuz if they did they would have traced them all. Another possibility is that they have traced them all and wait for you to use a poisoned entry node to deanonymize you when you visit them. Another possibility is that they don't care because they already have their man power exhausted from following up on IP addresses detected trading CP on public P2P networks. e No I did not see the light alone but a shockingly large percentage of people seem to be incapable of understanding this attack (or anything else) even after they read the damn technical paper on it. I think anyone who downloaded that .pdf has seen the light, altho if they actually took anything from that encounter is a different question . Huh? Yes it really is best to assume that Tor can be compromised. It is actually known that Tor can be compromised, but it is best to assume that the attacker who you worry about the most can pwn it. Indeed most people think Tor is a lot more secure than it really is. I doubt they take the hidden CP sites down they will use them as honeypots first. It really doesn't require much skill at all, you simply need to read a whitepaper and know how to work with a programming language, and have a spare node or two to add to the network. I don't think it is good to assume you are secure because nobody is there to attack you. LE job is bust people who buy and sell drugs. Yup yup.