Astor first I would like to say that everything you have said in this thread is very accurate, thanks for helping people to understand this attack. The second thing I want to say is that, although using persistent non-rotating entry guards can perfectly protect from this attack, it doesn't save hidden services from LE. They can still trace to entry guards, and then once again Tor is reduced to trusting a single hop proxy (well, actually three single hop proxies). So although the Tor configuration you suggest protects from an internal attacker (ie: the researchers in this paper), it doesn't protect from an external attacker who can monitor a targeted entry guard. If any of the entry guards are in the USA, tough luck because the feds don't even need a warrant for a pen register / trap and trace. Using layered guards can help to protect from this though, the trace always begins at the position of the attacker controlled node closest to the hidden service though. Layer enough guards and get lucky and you might have a moderately difficult to trace hidden service. Vanilla Tor is dangerously weak though. And the truth is that even some of the core Tor developers have essentially admitted this fact. They have taken to saying that you are even more screwed if you don't use Tor, which is an accurate although not very reassuring way to put things.