"Updated Security researchers speaking at the Hack in the Box conference in Amsterdam this week have demonstrated that users of hidden services on Tor are putting themselves at risk of being identified - if an attacker is willing to put in the time and resources.
The discovery is significant, because browsing hidden services had been thought to be more secure than the more typical practice of using the Tor network to browse the open web anonymously.
Not so, say Filippo Valsorda, a member of CloudFlare's security team, and George Tankersley, an independent researcher. In their presentation, the pair showed that it's surprisingly easy to subvert anonymous access to a hidden server - and thus possibly identify a user of that server - if you're sneaky about it.
That's bad, because hidden services are operated not just by dodgy sites like the Silk Road but also by legitimate sites like Facebook. Tor often hits the headlines for enabling things like online drug souks and other criminal operations, when it can be and is used by journalists, whistleblowers, security researchers, and anyone who values their privacy, to exchange information and surf the web anonymously."
http://www.theregister.co.uk/2015/05/30/researchers_claim_tracking_hidden_tor_services_is_easy/
awww, that's the magic keywords! Depends who you are then. If you are a low volume, small buyer, no goverment will spend their resources to go after you. If you are a bulk buyer/reseller or vendor, then you need to keep your shits tight. If you didn't know that till now, then you're in the wrong game.