The fixes have to be client-side and whatever can be done in the protocol because we don't know what malicious software relays run. I am glad to see devs are exposing what the problems are and iterating on potential solutions. Sites that just want your traffic will be quiet about the vulnerabilities, especially when keeping you vulnerable is so profitable.

VPN or tor is the only way to obscure your IP on the internet, feel like I'm talking to a wall sometimes. Is this just beyond most people's understanding? Relays are already as dumb as they can possibly get.