you can disable the ability for websites to set a font as well. Doing these things protects you from various hacking attempts, but it does make your sessions very linkable as well. Probably close to 0% of Tor users disable loading images, so if you are the only person to do it don't be surprised when every single thing you do can be linked to a single entity. But you do protect yourself from image based exploits, or javascript based exploits, or font based exploits, etc. I think javascript being disabled is a no brainer, enough people do it that you will not really stick out horribly bad and it substantially protects you from hackers. On the other hand, it is less cut and dry with disabling images or fonts, because in this case you really will stick out like a sore thumb. If you are only using Tor to visit SR then it is probably best to disable images though, no need to have more attack surface than required and if you only go to one website and are always logged in when visiting it you don't need to worry about linkability between sessions because you are inherently linkable between sessions anyway.