...around here(Asia) finding an open AP is simple as finding apple pie. the wifis are either open or the password is something simple that never changes(phone number of the place usually), there's no way of telling if the person is inside the restaurant either or 50 meters down the street - only the expensive establishments have one time use code systems and such.
also, in most western countries buying a data capable simcard anonymously is easy as pie as well and buying a phone to use it with anonymously is easy as well(after you do that, you just keep both of those separate from your usual sim and phone). additionally, all the 3g connections are natted to hell and back so that's an extra hurdle, needing nasty parsing of the logs since just the ip doesn't tell anything.
besides though, mostly the feds care about who it was(the dealer) getting paid to than who paid(the client).
I don't get their point about TOR though, since they say that it could be easily blocked. blocked how? within your network? who cares about that though? and if you can't use TOR how are you getting hooked up with your dealer in the first place?
browser fingerprinting isn't that good though. it's a crap way, suitable for selling what's almost(mostly) fake user tracking data.