It seems like German law enforcement has carried out a successful timing analysis attack on Tor users.

https://www.krone.at/3530134

What implications could this have for anonymity and privacy? Well it has always been known that Tor is not completely foolproof and that a nation state adversary who can see and monitor the entire internet backbone could theoretically carry out timing attacks to deanonymize users. The NSA has had the capability to deanonymize some Tor users, some of the time since at least 2012. The Krone article would suggest that this is now a practical attack even for law enforcement, who are usually considered to have less capabilities than intelligence agencies. However, The Tor Project has published this post in response to the news, which goes into a bit of detail and concludes that the success of the operation was more down to luck and user error. The suspects in this case were apparently using an outdated version of Tor, one that lacks some of the in built protections included in recent versions. This appears to have made them easier to deanonymize.