I looked into the Silk Road story again and it looks like I was misremembering how they caught DPR, but splitting your "personally identifiable" and other browsing is still a good idea.

Let's say you use the Tor browser to browse some regular (non-Tor) site that is illegal in your country for whatever reason. But let's say you then remember you still haven't paid your taxes so you open a new tab and quickly go do that. But you're still in the Tor browser, so your e-banking traffic is going out the same exit node as your "illegal" traffic. Now, anyone that saw both of those things come out of the same node can conclude that it's somewhat likely both were done by the same person. If that someone is the government, they can get access logs from your bank and see which account was accessed by the exit node's IP. The more times you do this, the stronger the link between you personally and the illegal site is.

Of course, doing your taxes through the same Tor session is something most people would know to not do, but if your entire device is tunneled through Tor, you no longer have a say in what data it leaks. Your banking app probably sends requests periodically in the background to check for updates or whatever, your email client syncs your emails, etc. If any one of those services can be coerced by your government (and chances are they can) then whatever illegal things you do in that session can be loosely linked to you. I say loosely, because there are many people on one exit node, but the data points start adding up after a while (and depending on the insanity of your leaders, just being on the list of candidates might be enough to disappear you).

As for how they would get that metadata in the first place, there are a few ways. The exit node might be under their jurisdiction, but since we're talking about bypassing censorship, it certainly isn't. They could also have compromised the "illegal" server (hacked/coerced/honeypot...), in which case it's just a matter of cross-referencing the site's logs with anything they can get their hands on (and if the government is authoritarian enough, they probably already have access to a lot). The last option is compromising the exit node, which is also not impossible. There's nothing stopping your government from setting up a thousand Tor exit nodes and logging all the metadata. If you're constantly running Tor, chances are you land on one of their exit nodes eventually.

DISCLAIMER: the above was probably a bit too paranoid, but as I have zero experience hiding from an authoritarian government, I'm not in a position to judge how much paranoia is justified. It's entirely possible that none of this applies because your specific adversary doesn't employ these specific de-anonymization tactics, but that is something you need to know for your specific situation. I assumed an "everything is fucked" threat model here, but yours might not be as severe and other types of mitigations might be more appropriate.

> Let's say you use the Tor browser to browse some regular (non-Tor) site that is illegal in your country for whatever reason. But let's say you then remember you still haven't paid your taxes so you open a new tab and quickly go do that. But you're still in the Tor browser, so your e-banking traffic is going out the same exit node as your "illegal" traffic.

That isn't how Tor works. Tor creates a new circuit for each new host you connect to, and they also create new circuits for the same host fairly regularly (every 15 minutes I think) -- both of which are done specifically to avoid this precise attack.

I also don't have experience dealing with an authoritarian regime, and there are many more aspects to OPSEC than just using Tor (after all, Tor doesn't look like normal internet traffic unless you use obfuscators -- so an authoritarian regime can just target all Tor users, which is why having Tor be used by more people is important for improving anonymity). But Tor has already dealt with obvious attacks like the one you outlined.