The attack against hidden services is pretty straightforward. Hidden services open new circuits (three nodes, entry -> middle -> final) for every client connection request. The entry guard is from a small selection of nodes (generally three), but the middle and final node are selected from the entire pool of Tor nodes. An attacker who wants to trace a hidden service can add a relay node to the network and then (even from the same relay node...) use a specially modified client that sends tons of new connection requests to the hidden service and sends it a specially modulated stream of packets (watermarked, via deliberately created inter-packet timing characteristics). After doing this it immediately tears down the circuit, rinses and repeats. Now it only needs to wait until it detects this watermarked stream passing through it as a relay, and then it can observe the node it forwards this data onto. Since it sent the stream, it knows that it is a relay on the path to the hidden service, it can also select to use another node under its control as a rendezvous node so it can identify the hidden services final node and know if it is it, and by viewing where the watermarked traffic came from it can determine if it is the middle or entry guard for the hidden service. If it is the middle node it identifies the hidden services entry guard (one of the three anyway), if it is the entry guard it identifies the hidden service. After identifying the servers three entry guards (which takes all of a couple of seconds to minutes), there are a few things the attacker can do. Powerful attackers (passive / external) like the feds (assuming they are not complete fucking retards, which is asking for a pretty big assumption on your part, but humor me) would probably do one of two things: if any of the entry guards are located in the USA they can do warrantless trap and traces of the entry guard to determine the IP addresses of the servers it communicates with and when, and then they could do an end point timing correlation attack to deanonymize the hidden service. If all of the entry guards are outside of the USA they could use a mutual legal assistance treaty to accomplish the same thing, although they may be delayed by some period of time ranging from hours to maybe even months, depending on the location of the entry guards. However there is a tremendous chance that any given hidden service has at least one entry guard in either the USA or Germany, and normally entry guards rotate every month to two months so even if they are out of luck this month next month they will probably be in luck. Less powerful attackers (active / internal), like me, would be forced to try and get the hidden service to use one of our entry guards (since we can not do passive/external surveillance on the entry guards as easily as the feds can). The number one way to accomplish this is likely via a CPU exhaustion DOS. If the hidden services three entry guards can not manage its circuits, it will select new ones that can. If an attacker can do a sustained CPU exhaustion attack against all selected entry guards until one of its entry guards is selected, it can deanonymize the hidden service with an end to end timing attack after its entry guard is utilized. One way around this attack would be to select to use strict guard nodes in Torrc, then if the hidden services entry guards are DOSed the hidden service becomes unreachable, but at least it can not be forced into selecting new entry guards until it is deanonymized. The solution in OP works like this. There are two instances of Tor running on the hidden service server. One (HST) manages the hidden services circuits, the other (CT) is a normal instance of Tor running as a regular non-hidden service client. In the Torrc of HST, it is configured to use CT as a socks proxy. This results in a circuit that looks like this Hidden Server <-> CT entry <-> CT middle <-> CT Exit <-> HST Entry <-> HST middle <-> HST Final <-> Clients Final Now the malicious client can still force the hidden service to open an arbitrary number of HST circuits, and can do the previously mentioned attack to trace up to HST entry. However, if the weak active attack does sustained DOS against all selected HST entry nodes until they own one of them, they are only in a position to identify CT exit instead of the hidden server. Likewise, if the feds use a trap and trace or MLAT to passively spy on HST Entry, they are only in a position to identify CT exit, not the hidden server. Normal Tor clients that do not serve hidden services will not open a new circuit per request, rather they rotate circuits approximately once every ten minutes. Thus, the force the hidden service to open a billion new circuits to send watermarked traffic down them attack becomes infeasible to carry out, and the hidden service remains as anonymous as a regular Tor client. This is probably adequate to protect from non-retarded-fed level attackers (if such a mythical beast actually exists).