Tor does a better job than most systems at trying to counter traffic classification, but it still isn't perfect. Even without using hidden markov models Tor traffic has been fingerprinted with over 50% accuracy. http://www.wired.com/threatlevel/2010/12/flaws-spotlighted-in-tor-anonymity-network/ The accuracy would almost certainly be significantly higher if they took markov modeling into consideration. In general, if your entry node is pwnt you are pretty much pwnt. A lot of people are paranoid about the exit node but I am far more worried about the entry node. You can take measures to protect against this sort of attack by adding chaffing to your circuit yourself. For example, if you load a lot of pages over the same circuit the fingerprint of any given page will be lost to the combination. However this muddying of fingerprints will not be present for hidden services because they use dedicated circuits. Still Tor does a much better job at countering this sort of attack than pretty much any encrypted VPN or proxy does. Encrypted VPN/SSL traffic can be classified with 90-99% certainty using even less sophisticated classifiers than this one. Throw in hidden markov modeling and the accuracy against VPN proxy and Tor alike is probably going to approach 100% if the target is viewing any substantially complex website or series of interlinked websites. Of course with out actually being able to decrypt the traffic you can not certainly prove what it is via traffic classification, but you can say that out of the ten million sites you have references for, the traffic Alice is getting has a 99% chance of coming from website number 374,982 in your database. Tor devs would argue that traffic classifiers are not as worrying as they are made to sound, because nobody has a big enough reference of fingerprints (after all, even if you have fingerprint for ten million websites, your dataset doesn't take another set of ten million other websites into consideration. So the accuracy figure is limited to the size of your reference database). Other people say that just making fingerprint references for all active hidden services (and it isn't impossible for an attacker to get such a list with a little work) plus all websites loaded through four or five malicious exit nodes is going to be enough. After all, there are a certain number of websites that most Tor users are loading, so if you have reference database for the top million some people would argue that it isn't that big of a deal that you don't have references for the bottom ten million. For a while people wanted ISPs to use traffic classifiers to try and detect people using encryption to download child porn. I don't think much came of it. I used to have the technical specs for an ISP level traffic classification system intended to detect people who loaded CP sites through encrypted tunnels...let me see if I can dig it up again.