So long as you have deep control of inbound and outbound peers you can deanonymize traffic by throttling one end and finding streams that are affected. The service providers selling faux security don't have to be involved.