Although Tor tries as much as possible to be resilient against attacks to de-anonymize users, it is vulnerable to one attack I mentioned earlier as a result of being a low-latency network. This attack is usually referred to as "traffic confirmation", or packet counting.
The gist of this attack is that an adversary monitors your network connection and the network connection of a website he thinks you're visiting. When he notices a certain number of bytes of traffic leaving your computer, he takes note of the number of bytes leaving. If he sees the same number of bytes arriving at the website a short time later, this gives a suspicion that you have just visited that site. If he continues to watch your internet connection and notice similar correlations for a long time period, then it becomes more and more likely that you are the person visiting the site. If they notice that you frequently send, say, 1 kb of traffic out seconds before the site you're visiting receives 1 kb of traffic, it gives them a good idea that you're visiting the site.
The good thing is that this attack is generally only useful if they already have a suspicion of who you are. In order for it to work, whoever is monitoring you must have a particular site they want to monitor, have a good idea of which people they suspect are going to the site, and specifically monitor those individuals while looking for patterns. Traffic confirmation is too "vague" of an attack to just use on random people. You can't just monitor every internet connection and connect similarly sized data transfers for all 3.6 billion people on the internet – there's just too many people sending about the same amount of data at around the same time coincidentally for you to be able to draw any conclusions about who is visiting which site. Keep in mind that even if an attack has an 85% success rate and a 15% false positive rate (which is the going rate for the most successful attack currently), that still is not good enough to randomly identify someone. Tor is used by ~2.5 million people, and even if you can narrow that down to just 15% of the Tor population (as would be the case for the most successful attack known today), that still leaves you with ~375,000 suspects. Far too many to press hate speech charges against or physically monitor to gather more information.
Also worthy of note is the fact that traffic confirmation is a probabilistic attack. This means that it does not definitively say "this person visited this site," rather it says "there is a high probability that this person visited this site."
Also, traffic confirmation only proves that your IP address contacted another IP address. Because of the way that websites work, the IP address does not identify which page on the website you visited, or what you posted (or if you even posted anything) on that website. It only reveals that you visited the website. For example, even if I could prove that you contacted Holla Forums's IP address, I would have no proof that you made that post, or even that you visited Holla Forums. For all I know, you could have been browsing Holla Forums. Holla Forums and Holla Forums are both hosted on the same IP, so knowing that you contacted Holla Forums's IP gives me no information on whether or not you did any bad goy things. It would be difficult to get a conviction based on traffic confirmation alone.
As a result, traffic confirmation is only used when someone has narrowed down the list of possible suspects to a small number and wishes to narrow it further and possibly find one "likely suspect." It would typically be used to obtain probable cause to get a search warrant and raid your house to search for more damning evidence. Traffic confirmation is just that – confirmation. It's used to confirm that someone you're already monitoring is doing something you already have good reason to believe he's doing.
TL;DR
Tor is not perfect, but it protects you from the vast majority of attacks against your anonymity – far more than a VPN or a proxy. The only realistic attack against Tor is traffic confirmation, which is only really useful when they already have a good idea who you are, and which also doesn't give them any information about what you're actually doing on a site.