It's not specific to AdBlock. If everybody used exactly the same fixed
list it wouldn't be an issue. But not there are a zillion ad networks
out there and incredible as it is some people actually click the damn
things. After all, if they didn't the industry wouldn't exist. Here's a
possible attack I can conceive:
Let's say Alice uses the default list, but chooses to unblock ads from
$ADSERVER because they frequently serve ads that relate to some niche
interest she has. $WEBSITE contains information which it is illegal to
possess in Alice's Orwellian island homeland. It is also one of those
annoying sites that embeds ads all over the place from multiple
networks and makes it impossible for neurodiverse types like her to
focus; exactly the sort of thing she wants the ad blocker to intercept.
Mallory controls one or more exits, and at some point has the ability to
see and tamper with Alice's unencrypted requests both to $WEBSITE and to
at least some of the servers on the block list. Alice's traffic stands
out because requests to $WEBSITE correlate with requests to $ADSERVER,
but not to the rest of the list (because she's not turned the blocker
off altogether). Her other connections can now be isolated from the
others by injecting some extra <img/> tags into all returned pages and
looking for the same correlation (they don't have to be real resources;
Mallory can just send back a pile of 1x1 gifs that nobody will notice).
What happens next to Alice depends on many factors, but she certainly
isn't safe.
Remember that in this situation your anonymity set is restricted to
people currently using Mallory's exit(s), not the entire population of
Tor users. So to my mind, such fingerprinting passes the plausibility
test. I'm quite out of practice at this stuff, and Mike may have had a
different attack in mind.