If the VPN is in Sweden we already know all traffic to it from outside of Sweden and all traffic that exits it to outside of Sweden is being logged by Swedish signals intelligence. You don't need to have the hidden service if you have all of its HSDIR nodes, you can do timing attack from the targets entry guard to the HSDIR node request for the hidden service. Although then to actually tie users to their accounts on SR would require a bit more handy work, although once you are pretty certain the user is surfing SR fingerprinting attacks could be used to tie them to specific accounts with little hassle, if they make posts or send messages the attacker can view. Cookie to access hidden services (and tell if they are up without owning their HSDIR node) is pretty old feature. How much info they can see depends on the implementation and the way you use it but in the majority of cases FDE is not actually FDE. At least the boot sector is usually on the drive without being encrypted, often other things are not encrypted as well. This was news to me (other than boot sector which obviously cannot be encrypted) as I thought FDE meant that the entire drive looked like randomness, but in most cases there are still non encrypted areas, just no areas that you would normally have anything incriminating on or write to at all for that matter. You can put the boot sector on a USB stick and boot from that, but there will still be some non encrypted areas on the drive in most cases.