Nah Tor is still just as vulnerable to this. The techniques to protect from it add significant bandwidth and latency over head and Tor tries to be fast. Changing circuit doesn't really help much from this, a ten minute sample is more than enough to get a traffic fingerprint. Plus your entry guards are persistent for 30-60 days and are reused on many circuits so they have longer than a ten minute sample over all. By being added to the network by an attacker is the most likely way. Hackers could also pwn entry guards that are added by legit people though. Also you need to worry about your ISP doing these attacks, they can see all of your traffic flows regardless of the entry guard used and regardless of if it is malicious or not. The main techniques for getting around this sort of attack are morphing, padding, cover traffic. Morphing tries to make one traffic flow look like another, for example a website might try to mimic googles traffic fingerprint. Padding adds dummy traffic that distorts or removes the fingerprint depending on how it is implemented (morphing usually makes use of padding). Cover traffic is pretty much another implementation of padding that pads the entire flow (Tor currently pads packets but not flows...all Tor packets have 512 byte payloads via padding, but Tor doesn't add entirely dummy packets to pad the stream). Splitting is another technique that can hide fingerprints. So can multiplexing. Tor does use multiplexing and it helps against traffic classifiers, its why loading multiple pages simultaneously over the same circuit makes it harder to pick a fingerprint out.