Middle nodes know they are not exit nodes, that leaves them as either middle or entry nodes. Middle nodes only get connections from Tor relays and bridges, Entry nodes only get incoming connections from clients. A node operator who knows they are not an exit node could get connections from Tor relays, clients or bridges. If they are getting a connection from a Tor relay they know they are a middle node. If they get a connection that isn't from a Tor relay it could be from a client or a bridge. They can try to use the connecting party as a bridge to confirm if it is one, if the connecting party acts as a bridge then they know they are a middle node and if it doesn't then they know they are an entry node. Or they could just count the number of extend cells they have forwarded on. If they forwarded two extend cells they are an entry, if one they are a middle node. I am not sure if it applies to hidden service connections, I don't know if circuit shut down cells will end up being forwarded all the way up to the hidden services entry node or if they will stop at the clients exit node. If they are forwarded all the way to the hidden services entry nodes then it would work against hidden services as well. C = client H = Hidden Service M = Malicious Node G = Good Node (open unused circuit) Client <-> CM <-> CG <-> CG (active circuit to hidden service) Client <-> CG <-> CG <-> CG <-> HG <-> HG <-> HM <-> Hidden Service if the circuit tear down cell goes all the way out to HM, which it PROBABLY does actually since hidden services make a new circuit per client and there would be no point in keeping the hidden services circuit up after the clients circuit is torn down (but I am not positive I will look into it more), then if the client exits Tor while the connection to the hidden service is still active, the attacker who owns CM and HM will see a shut down circuit packet at CM and then shortly after they will see a shut down packet at HM. All the current research I have read points to a single packet being enough to utilize a timing attack, and thus I believe that this attacker could probably link the client to the hidden services IP address. Of course the attacker in this scenario will need to additionally identify the hidden services IP address, but as they are one of its entry guards they could just send the .onion address of interest a watermarked stream and wait to see if they observe themselves relaying that stream back to the hidden service they are an entry guard for.