[valarauca1]

This.

The default tor browser ensures most tor users look identical so malicious services cannot finger print individual users. It disables a small group of firefox features which make finger printing extremely trivia (RPC Chat, GPU access).

In most cases of people being de-anonimized on TOR they're normally running an alternative browser, or out of date TORbrowser.

[draugadrotten]

> out of date TORbrowser.

isn't everyone using TOR today using tomorrow's out of date TORbrowser? Meaning that traffic today can be recorded and analysed for vulnerabilities tomorrow.

[valarauca1]

No.

Its really hard to open an RPC chat session on packet logs. Or request GPU diagnostic information after the connection is terminated.

Most finger printing isn't just write/response times. Latency is a bad indicator of individuality. It's a lot more in depth and requires actively speaking to that browser and noting what features it does/doesn't present, how those features are unique, and how long certain tasks take to process.

Each individual piece of data is small (generally, some browser features make ID trivial), and common. But building up several can give you some confidence in an identity.