One big thing I see you missing is blocking of cookies. Either block them in the browser or use do not track plus extension for chrome.
You should also read this: http://nmap.org/book/osdetect.html
There was a hak5 episode about modifying IP settings in Windows to make your Windows PC look like a linux box.
I'd also add a foreign private proxy before you enter Tor, this should obviously not be registered under your details so you should look into hosts which will set up the host on your behalf (some will even take bitcoins). This will help mitigate the fact that a lot of Tor exit nodes are run by law enforcement agencies (some as honey pots of sorts, some for their own internal use).
I think lastly is the issue of web habits. All of this is pretty useless if you use the box to look at all your friend's Facebook profiles. Use one box for your Blackhat persona and another for your IRL persona. If you can even try to write differently ie using txtspk on your Blackhat persona and proper English on your IRL persona, I've been on forums where people would detect duplicate accounts by just their grammar.