This has been bugging me a little so I wanted to see what people who know more about this stuff have to say about it.
Now there has been plenty of discussion on this subreddit about tor de-anonimization. The general idea is that if someone had enough control over parts of the tor network that they could figure out the IP addresses of tor users. I'm not gonna bother finding sources but you can search the subreddit for some examples.
This has been written off by many here as hidden site traffic never leaves the tor network and even if someone could find your IP, all they could see is that you visited a hidden site, but what about in the case where the same person de-anonimizing you also controls the hidden site? Would this not allow them to not only associate an IP address with visiting the site, but also see all of the site activity by that IP address?
I get that using proper opsec (PGP) means that even if a site is a honeypot whoever is running it can't see the address associated with orders or any communication by that user, but if they could associate an IP address with an account and see that account making orders from that IP address that's as good as having your name and address is it not? A quick subpoena to your ISP and they will have that + more. Even if you are not ordering to the same location as the internet connection you are using, they would still be able to see that someone is making orders from that location, which I would think would be enough for investigation if they decide you are a worthwhile target.
I don't know too much about the technical details of all of this so I'm hoping someone who does can explain whether or not this would be possible.
Stay Safe
[deleted]