> turning it off increases your signature.

Tor endpoints are pretty easy to identify, there are plenty of handy databases for that, using it to begin with increases your uniqueness. If noscript was set to strictly disallow javascript by default, that decreases the degree to which it increases your signature relative to the baseline of using tor.

Then we have to account for the simple fact that many, many fingerprinting techniques rely on javascript, so taking them out of the picture reduces the unique identity that can be gleaned.

Are we absolutely, positively sure that the tradeoff is worth it? Without a strict repeatable measurement, I think I'm highly skeptical about whether or not a default of "allow" is a net boon to hiding your identity. I remember the rationale about the switch mostly being directed towards "most of the web is broken otherwise and that's bad."

Every server knows that you're using tor, we're only talking about whether they can match your traffic to you repeatably, and particularly across sessions, which then enables traffic analysis that can lead to complete deanonymisation.

If TBB changed to js off by default that signal would be less evident, and also, fingerprinting would be harder.