I think there have been other successful direct attacks on Tor. Traffic classifiers have 'predicted'/'identified' encrypted websites loaded through Tor with over 60% accuracy, and that was before hidden markov models were used. I think there was a fairly recent research paper that took into account hidden markov models, called something like 'missing the forest for the trees'. I don't recall the results, but I am sure that the accuracy jumped up significantly over 60%. Essentially the classifier that got over 60% accuracy only took a single loaded page into consideration to fingerprint a webpage, whereas with hidden markov models classifiers take an entire sequence of loaded pages into account to fingerprint a website. There was also an attack that could fairly accurately geolocate servers by measuring clock skew, not really a direct attack on Tor though. There are probably some others that I am not recalling as well. However as far as purely direct attacks on Tor go, pretty much in all cases they require the target to use at least one attacker controlled or monitored entry guard. Yeah way more worried about the attack from 2006 than this "new" one. This new attack is like 50% the 2006 attack anyway, "own the hidden services entry guard to deanonymize it". But instead of brute forcing circuits against a specific hidden service, they just hope they can enumerate enough hidden service .onions to own an entry guard used by some of them. They really are taking a kind of alarmist tone with their paper, from what I can see, considering that it is nothing really new. The only new part is the technique of forcing yourself to the position of a particular hidden services HSDIR (I guess, I still have not read the full paper). From what I can tell they are taking a completely different approach than I would, once they can detect all clients attempting to connect to the hidden service I would try to get the clients to that specific hidden service with an end point timing attack between the HSDIR node and the clients entry guard. I have no idea how many hidden services they enumerated, but the % of hidden services they deanonymized with this attack should extrapolate to the % of clients they can deanonymize connecting to any particular hidden service. That is the scary part and it seems they completely overlooked that attack angle.