We are making fun, but this is going to be a real life test to see if TOR is really as anonymous as it claims it is. Same can be said with for Bitcoin although Bitcoin only claims to be pseudo-anonymous (you have to actively follow some rules to be completely anonymous).
If you do it right and know how TOR and bitcoin internals works, then you can remain anonymous. Knowledge is power.
I read something a while back about Tor and anonymity. As I recall, Tor only provides anonymity to website visitors. The actual website they're visiting (even if it's a hidden site) is fairly easily locatable.
Well, again, if you know what you're doing, you can remain anonymous. Take a reading of
http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services:
Because location-hidden services do not use exit nodes, they are not subject to exit node eavesdropping. There are, however, a number of security issues involving Tor hidden services. For example, services that are reachable through Tor hidden services and the public Internet are susceptible to correlation attacks and thus not perfectly hidden. Other pitfalls include misconfigured services (e.g. identifying information included by default in web server error responses),[20] uptime and downtime statistics, intersection attacks and user error.
So first off, don't provide any identifying information on your hidden server. Second, in order to avoid correlation attacks and intersection attacks, I guess you'd have to make sure server is resistant to DDoS attacks so that there is do downtime that can be oberserved, and also I would think that if you also setup your server such that is works as a TOR router in the background when not servicing requests to ensure that there is always a constant stream of TOR traffic flowing along the wires from your government-monitored ISP. That way there is no way for an adversary to identify your location by monitoring the response to your TOR traffic to some DDoS or other attack indented to cause a break your TOR traffic. Keep in mind, I'm not an expect on this, so if anyone else can offer advice, I would appreciate it.
I'd suppose if the government or your ISP suspects that you might be running a hidden service, they could momentarily disconnect or throttle your internet bandwidth, and then see if they can detect a momentary lapse in service to your hidden service.
But I would think the guy who runs Silk Road knows this and has taken steps to mitigate his exposure in case he's attacked. A good step would have been to locate the server in a country that is either extremely privacy loving or extremely hostile towards western countries like the US, UK, etc. Either would probably offer him the protection he needs.
That and always make sure you are operating with a constant background of TOR packets flowing to/from your physical location to camouflage traffic to your hidden service. But ultimately, the problem is Silk Road is a centralized hub. What is needed is a distributed peer-to-peer network marketplace...
