Give me a few thousand dollars and I can trace hidden service . Feds can for sure. Unless they are exceptionally incompetent. All you need to do is put some nodes on Tor. Then you write a little program that opens connections to hidden services, using the machine it is run on as its own rendezvous point (three hops between it and the hidden service). It sends a stream with a detectable pattern in the packet flow. You just send this once and then immediately close the circuit. Then it does this same thing again and again and again. The nodes you add to the network analyze the traffic passing through them looking for the pattern that you have sent to the hidden service. This causes the hidden service to open a new circuit each time, and each time it uses new final and middle node but the same entry guard nodes. This lets you trace to the hidden services entry guards in a matter of minutes. Then you flood the entry guards with create cells to DOS their CPU. They can no longer route traffic while they are DOSed so the hidden service selects new entry guards to use in the mean time. Rinse and repeat. If you can DOS enough identified entry guards eventually the hidden service selects one of yours and then you have its IP address. It costs a lot more processing power for the entry guards to try and process the create cells, than it does to create them. If SR has manually overridden Tors default settings to use strict entry guards this will only allow for it to be DOSed but not traced by a purely active attacker. Although once feds have traced to entry guards they can become a passive attacker at one of the entry guards to deanonymize the server. Tor hidden services are not very anonymous, in the grand scheme of things. I certainly would take Tor projects advice, and not rely on Tor for strong anonymity in that specific case. For clients, it is less bad. When it comes to hidden services I really am a big fan of Freenets Freesites. They are less about anonymity per-se and more about extreme censorship resistance via spreading lots of chunks of the site out over a huge network that has no centralized listing of participating nodes. It is more redundancy and censorship resistance than anonymity per-se, but I think that is more the goal for a site like SR. Tor tries to give censorship resistance (but not redundancy) via making it hard to trace the server. Freenet gives censorship resistance and redundancy because there is no centralized server to target, the site is stored across hundreds or thousands of different servers and taking down a subsection of those servers will not take the site down. Also the Freenet servers are not associated with any particular site or any particular content, so there is not the same liability like there is with a Tor hidden service where someone needs to configure a specific server to host a specific site. Tahoe-Lafs is another thing to look into, it also aims to give censorship resistance and redundancy. But I still prefer Tor for client anonymity, versus Freenet for plausible deniability / anonymity for clients.