A bunch of different things, few of which I got actual traction on, in true ADHD form (though some of that was being unable to go to the local hackerspace, for hardware work)
I'm not yet satisfied with the performance, and I still have quite a few ideas how to improve it, but it's still more than 44 times faster than it was when I started (measured on factoring everything between 2 and 10⁷; it's a lot more on larger / more-interesting sizes)
Regarding password storage with GPG, there is pass(1) (https://passwordstore.org) which is a wrapper around Git and GnuPG, and there are a number of front-ends for it. :)
I am involved in a non-profit that operates Tor exit nodes for a while ( https://nos-oignons.net ), and before then I was running exit nodes on my own.
The main benefit of setting up a non-profit is not shifting the risk to “the poor saps in the data center”: the police isn't going to kick down the door of the datacenter any more than they would raid your ISP.
The main benefit is that you get listed as abuse contact, and you get contacted the same way an ISP gets contacted: you get a somewhat-polite email (or a fax <3) asking who that IP address belongs to. At that point, you can explain what Tor is and that you do not know the origin of the connection; somehow, it's more difficult to have that conversation when you are in an interrogation room, talking to someone likely believes you are guilty.
I'm not sure MX records would work without either modifying SMTP servers or using Tor in transparent proxy mode.
Postfix, for instance, has [transport maps](http://www.postfix.org/transport.5.html), but those let you pick a transport based on the email domain, not the MX host.
> Google can monetize your information much easier than an ISP.
More to the point: Google is a more central actor, who gets to see the data of far more users, than your ISP ever will.
Moreover, this moves from giving a third party your data, to giving them your metadata, and while people consistently underestimate the value of metadata, there is still an incremental improvement there.
> people in most places around the world already have slow connections - sharing that with others would be the last thing they'd want to do
You seem to misunderstand how Tor works.
It doesn't require you to become a relay (i.e. carry other people's traffic) to use, and never has.
Furthermore, my experience with Tor on bad connections is that, once the connection to your entry guard is established (once per reboot, takes 30s to 1 minute on terrible connections with packet loss), Tor was just as slow as the original connection.
For those who have decent Internet access, it just works to watch Youtube videos, for instance, over Tor.
TAILS is not designed to be run in a VM. You can do it but it's not recommended. Whonix on the other hand is designed with VMs in mind. Qubes running Whonix isn't a half bad solution, though a live CD of TAILS is probably best becuause your system will have relatively few traits that can be uniquely profiled to you. https://panopticlick.eff.org
> The more people are aware that plaintext over Tor is a really, really bad idea [1], the more people will use end-to-end encryption.
Yes, but how does your collecting logs impact overall awareness?
Even if it did (say, you make the logs available through some snazzy web interface, it gets mass media attention), how does that balance out with the users who traffic you exposed?
I didn't mean that more exit nodes should collect and share their logs. That would indeed weaken the Tor network, by facilitating traffic correlation.
I meant inspecting/manipulating the traffic if it is unencrypted. As a political statement, this should of course never actually attack the client, but instead try to raise attention by e.g. injecting a message along the lines:
Hi, I'm a stranger and it was trivial for me to
inject this message. Please use HTTPS to prevent
me from doing this.
Thinking more about that, however, this may be a bad idea. People could perceive this to be a security hole in the Tor network itself, rather than HTTP itself, which could damage the reputation of Tor.
One thing which has been rather fun and successful, is speeding up uutils' implementation of integer factorisation: https://github.com/uutils/coreutils/pulls?q=is%3Apr+author%3... (uutils is a Rust reimplementation of the GNU coreutils and findutils)
I'm not yet satisfied with the performance, and I still have quite a few ideas how to improve it, but it's still more than 44 times faster than it was when I started (measured on factoring everything between 2 and 10⁷; it's a lot more on larger / more-interesting sizes)