The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay.
Tor has written about this.
Hacker News thread.

  • Em Adespoton
    link
    fedilink
    arrow-up
    15
    arrow-down
    1
    ·
    edit-2
    2 months ago

    It’s worth noting that a sizeable number of Tor exit nodes are actually run by the German government. Meaning: they know exactly what’s going through those nodes.

    So all they need to do to unmask a Tor source IP is control the first hop too. They’re in a position where they can narrow searches down to activity they’re actually interested in without significantly decreasing the privacy of other Tor users, and then they can peel back the onion.

    This has been the case since shortly after Tor was created.