I know I just wanted to lend support to your opinion. Tor Project is *obsessed* with linkability, they focus disproportionately on preventing linkability attacks. Traceability has always been a secondary issue for them. Browser fingerprinting is a trivial sort of linking attack and disabling javascript makes it substantially more effective (although the practical implications of this are debatable). Hacking somebodies browser with malicious javascript is an advanced sort of attack that can lead to tracing in addition to linking (in addition to communications security compromise, stored data compromise, and essentially total compromise of the entire system).