[tor-talk] How to identify owners of .onion services?

[williamwinkle at openmailbox.org]

With all the talk about the N_S_A targeting traffic between exit nodes 
and destination websites, I am wondering how this may work for hidden 
services (.onion domains). There are no exit nodes as everything occurs 
within the hidden services network.

How would it be possible for an adversary to learn that Person X rented 
a Tor hidden server from a hosting company that provided .onion domains 
and hosting (assuming that Person X paid for his/her hosting with 
Bitcoins and did not do anything stupid to tie his or her 'clear web' 
identity to his or her .onion identity)?