isn't everyone using TOR today using tomorrow's out of date TORbrowser? Meaning that traffic today can be recorded and analysed for vulnerabilities tomorrow.
Its really hard to open an RPC chat session on packet logs. Or request GPU diagnostic information after the connection is terminated.
Most finger printing isn't just write/response times. Latency is a bad indicator of individuality. It's a lot more in depth and requires actively speaking to that browser and noting what features it does/doesn't present, how those features are unique, and how long certain tasks take to process.
Each individual piece of data is small (generally, some browser features make ID trivial), and common. But building up several can give you some confidence in an identity.
Its really hard to open an RPC chat session on packet logs. Or request GPU diagnostic information after the connection is terminated.
Most finger printing isn't just write/response times. Latency is a bad indicator of individuality. It's a lot more in depth and requires actively speaking to that browser and noting what features it does/doesn't present, how those features are unique, and how long certain tasks take to process.
Each individual piece of data is small (generally, some browser features make ID trivial), and common. But building up several can give you some confidence in an identity.