If you use Tor the same way you have used a regular browser there could be an 'image' of your online habits to compare with (not applicable within the darknet).

But if the user doesn't use it in the same way, the likely attack in most cases is traffic correlation. This works by having large visibility over entry nodes and visibilty over the final destination (ex: a website). Given enough activity and time you can by process of elimination deanonimize the user's ip.