BTW Have you ever looked at what you are calling an onion? There are not 7 hops there are 6, and the client always selects the rendezvous which can be a node it owns. Client <-> Entry Guard <-> Middle Node <-> Rendezvous <-> Servers Final <-> Servers Middle <-> Servers Entry <-> Server The client can force the server to open circuits to as many rendezvous as it wants Server <-> Entry(a-c) <-> Middle1 <-> Final2 <-> Malicious RendezvousA Server <-> Entry(a-c) <-> Middle3 <-> Final4 <-> Malicious RendezvousB Server <-> Entry(a-c) <-> Middle5 <-> Final6 <-> Malicious RendezvousC Server <-> Entry(a-c) <-> Middle7 <-> Final8 <-> Malicious RendezvousD Server <-> Entry(a-c) <-> Middle9 <-> Final10 <-> Malicious RendezvousE Server <-> Entry(a-c) <-> Middle11 <-> Final12 <-> Malicious RendezvousF Server <-> Entry(a-c) <-> Middle13 <-> Final14 <-> Malicious RendezvousG etc If you own node # whatever (and even faster if you own multiple nodes) you are going to have the hidden service use it on one of the circuits it builds eventually. And you can force a hidden service to open and close as many circuits as you please, and send data for any of these circuits. I could have SR server open a thousand new circuits for me, that means it is going to have circuits leading to it with up to 2003 unique nodes being used (of course nodes can be re-used in different circuits, and probably will be, so it will not be that high most likely). And then I can send a little data through all of them, close all of them and then make it open a thousand new circuits. If SR stops opening circuits on demand it is DOSed, it can't tell my circuit creation request apart from anybody elses since we are all anonymous. And if it re-uses multiple circuits for multiple clients there will be serious linkability attacks to start worrying about. Each of these circuits use an entry node from the smaller selected pool of 1-3 guards, but the middle and final node are taken from the total selection available in the Tor network, and each circuit created uses different nodes selected from the total available consensus. An attacker who owns some of the nodes on the network is obviously going to own some of the nodes on a circuit to the hidden server after they force it to create an arbitrary number of circuits to rendezvous points. Now they send this pattern to the server via interpacket time delays O-----O--O------O-O-O----O--------O----------------O-O Even though O changes to P changes to J etc at each hop, the interpacket timing characteristics are not modified so the attacker can detect this stream of packets at any of their nodes they happen to pass through. They know they are either final, middle or entry. Server <-> Entry <-> Middle <-> Final <-> Malicious Rendezvous They can determine if the are final since they know the rendezvous IP address. They can determine if they are potentially middle if they get data from a Tor relay IP address and send data to a Tor relay IP address (although it is also possible that they are entry guard and the hidden service is a relay) They can determine if they are potentially entry if they send data to an IP address that isn't a public Tor relay (although they could also be middle and the hidden service uses a bridge for entry guard). If the hidden service uses a bridge for entry guard, it can be determined by trying to treat the identified non-Tor IP address as a bridge. If acts as a bridge, then it is the entry guard for the hidden service, if it does not then it is the hidden service and you are the entry guard. If you never send data to a non-Tor IP address from any of your nodes, that means the hidden service is not using a bridge and that one of the IP addresses you eventually send data to either belongs to the hidden service or to one of its entry guards. You could just do the attack for long enough and see if three distinct IP addresses stick out, if so they are the hidden services entry guards. If four IP addresses are identified three of them are the entry guards and one of them is the hidden service, but if this happens one of the identified entry guards should be one of your malicious Tor nodes so you will be able to deanonymize the server. Otherwise you have traced it to its entry nodes and now you just need to pwn one of them to deanonymize the server (again, the best route for this would be a trap and trace, as far as LE level attacker goes).