[kreneskyp]

Yes. If someone captures identifiable information then a user can be identified. This can be minimized by using SSL to connect to services. A service may share data so you should also use only a single service within a Tor session. That includes closing tabs to prevent ajax requests.

A new session can be created by restarting Tor or from the tor indicator if within TAILS.

[lucb1e]

Note that, although you are right that you should usually use https on tor, it does NOT APPLY to hidden services. Hidden Services are end-to-end encrypted, regardless of whether you use http or https. That is also why a site like Silk Road simply used http: it was a hidden service.

The reason for this is that it never leaves the Tor network. Traffic from a tor client to a hidden service goes (encrypted) through relays, but never exits. Basically you are entering a validation of the public key when you type in the .onion address, so nobody can tamper with the connection.