TLS fingerprint leaks Private Browsing mode

A convenient TLS fingerprinting utility: https://tls.peet.ws/api/clean (source: https://github.com/pagpeter/TrackMe)

Tor Browser in the default Private Browsing mode has the exact same fingerprint across Windows, Linux, Mac.

Once Private Browsing mode is switched off the fingerprint changes. According to https://tls.peet.ws/api/all the change is due to ordering of TLS extensions (possible different extensions? didn't check).

This allows a server to determine if a visitor is using Private Browsing mode or not - privacy violation. Even when there is no persistent session of any kind with the site, merely by visiting it once.

There is also what appears to be an additional bug. The fingerprint changes to two possible values and alternates seemingly at random:

"peetprint_hash": "e2adb2393d96fccea75e94428581f340" and "peetprint_hash": "2eb215311454f1bcef8d33d5281a880d"

Neither of those fingerprints match the consistent Private Browsing fingerprint: 3838f472ba00b12aab5a866552abf7a4

The TLS fingerprint should remain identical throughout

To reproduce:

Open fresh installation of Tor Browser. visit https://tls.peet.ws/api/clean verify "peetprint_hash": "3838f472ba00b12aab5a866552abf7a4" switch private browsing mode off relaunch tor browser open 10 tabs, on each visit visit https://tls.peet.ws/api/clean observe e2adb2393d96fccea75e94428581f340 and 2eb215311454f1bcef8d33d5281a880d refreshing tabs will randomly switch between these fingerprints

I observed behavior (result lustering) inconsistent with true 50/50 random behavior. whatever is biasing the random behavior may serve as another leak.