It seems to me from reading that metrics page that they still have not implemented directory guards. That makes it substantially easier to enumerate Tor clients. For a long time clients directly connected to the directory authority servers, the first time the client ran Tor and anytime that Tor had not been connected for about 24 hours or longer. Only after that did they use the directory mirrors, of which there are a few hundred. Quite a while ago they proposed adding directory guards, and having Tor users always connect to the DA's or mirrors through a set of random Tor nodes selected from a list of nodes included with the original download of Tor (optimistically trying nodes until you find some that are currently up). I thought they had implemented this by now but now it seems to me that they have not. That means watching the directory authority servers is a good way to enumerate Tor client IP addresses still. No matter what watching the Tor download page could do this though, unless users download Tor with open WiFi from a random location or similar. The best bet would be if they used directory guards + Tor starts coming bundled with popular Linux distros (even if it is out of date and doesn't include TBB, it could be used for the initial download of TBB from the centralized download site). I2P is still much weaker to client IP address enumeration though.