I understand that it is possible to use Cloudflare’s Onion Service (link) to protect ToR users from a needless loop to the Internet (from random exit node to Cloudflare) when the destination site is ultimately a Cloudflare subscriber (ToR user → Cloudflare site), but I’m curious if it is possible to invert this?
Internet user hits Cloudflare and traffic is backhauled across ToR. For sites infrequently visited (out of cache) isn’t there a correlation attack for an adversary monitoring both the front (user → CDN) and rear (CDN-> origin site) connections?
Allowing backhauling across ToR would ameliorate this to some degree (two layers instead of one).
Thoughts?