On a MITM attack, you can do even better. If you control both Mid and the server, then you know C, D, E, and the Guard identity. A+B is then trivial to calculate. There are only about 6000 Tor nodes, so if you only run one Tor non-exit node, you have something like a 1/6000 chance every 10 minutes to fingerprint the user this way. (That's a really rough estimate; the odds are better because you can exploit Tor behaviors like its IP-space diversity requirements, but worse because selection is not random, and is also based on things like seniority and bandwidth.) Additionally, if a user happens to choose your node as a guard when he starts his Tor session (so a smallish chance ~per day rather than per 10 minutes), then you can completely deanonymize him (ie. get his IP address) when he visits the site; this is a well-known attack which the NSA & friends are probably doing all the time on a very large scale.
Even on the main torproject website some huge headline warns people about JS.
Who in their right mind uses TOR with this enabled? I guess its even off by default now (but I might be wrong).
Yet thanks for this short guide, a little off topic though
Also reported few accounts with this massage. Guess its gone... for now.
How about experimental shutdown for new accounts? No more newbies? (account dealing inducing)
edit: O. and BTW staff member is wearing scam(ish) signature @ #11
100% proven, at least for me.