Clients do not clear HS descriptor cache on SIGNAL NEWNYM
Currently, Tor clients do not clear their hidden service descriptor cache when they process a SIGNAL NEWNYM control port command. Thus, anyone who can ‘tag’ a client with a unique HS descriptor, and then test for the presence of that descriptor later, can track the client until the descriptor expires up to 72 hours later or until it is stopped and restarted, whichever happens first. We should fix this.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information