I strongly suspect that the United States Military does *not* use the standard Tor software nor the standard Tor network. I strongly believe that they run their own Tor nodes, and only make them part of the public Tor network to gain a form of cover traffic. After all, if only the military used military Tor nodes, it wouldn't be very anonymous for them. This is the original reasoning given for why they opened Tor up to the public. However, they neglected to mention that if the military and the public use the military Tor nodes, it will still be anonymous for the military, even if military traffic is processed differently, provided they can avoid leaving any visible fingerprints that could differentiate between the two types of traffic. It is likely that any hidden services they host are behind dozens of Tor nodes that they own themselves. However, their nodes would still be listed on the public Tor network, and would still route traffic for others. Military traffic to these hidden services is also probably processed differently than the rest of the traffic going through their nodes. It is also probably very well camouflaged to make it very difficult if not impossible to distinguish from normal Tor traffic. I don't see the government risking China owning their entry and exit nodes. I also have other reasons to believe that this is true. It is entirely possible that I am just being paranoid though, although I also am certainly not the only person who suspects this to be the case. An interesting idea that someone else shared with me, is the possibility of using Tor as a covert channel. Imagine a normal Tor node that routes traffic. Let's say it is a hidden service, but not in the standard Tor hidden service sense. I will call this a 'meta hidden service', for lack of a better term. The node routes traffic to other nodes or websites as a normal node would. However, users of the 'meta hidden service' send traffic with specially crafted interpacket arrival characteristics through the node. They could send traffic to and from Google for all that it matters, because it is just cover communications. The real communications are encoded in the interpacket arrival characteristics. The Tor node itself looks for a signature that lets it know a secret message is being transmitted, then it decodes the packet arrival characteristics into the binary message. When the reply traffic comes from Google, it encodes the real reply message into the interpacket arrival characteristics in the reply traffic it sends back to the client. This allows for client anonymity still, but unfortunately the location of the 'meta-hidden-service' would have to be known by the clients. The big advantage here is that to an observer, even one who can see the entire Tor network, it looks like the client is merely surfing Google with a particular Tor node, but really they are communicating with a 'meta hidden service' via a covert channel. Interpacket arrival is just one way to do it.