If anyone is interested in assisting development-wise, Firefox bugs tagged 'fingerprinting' in the whiteboard are a good place to start. You can also run Tor relays and help us improve the health of the network by working with Tor's new Relay Advocate (https://blog.torproject.org/get-help-running-your-relay-our-...). More people being involved in spec work (especially at the W3C) and focusing on fingerprinting and privacy concerns is also very useful - it's very hard to keep eyes on all the things happening everywhere.
We also appreciate users of Firefox Beta and Nightly (Nightly especially). The flags Tor features are developed behind (privacy.resistFingerprinting and privacy.firstparty.isolate) are experimental. I appreciate bug reports from users running these flags but you should expect them to break things on the web (resistFingerprinting especially; first party isolate is generally more stable and usually only has breakage on particular login forms).
Since I've seen this come up before in many previous discussions of Tor I think it's worth emphasizing/clarifying up front: Tor relays are not the same as Tor exit nodes. Relays do not talk to the public internet, they serve only the full encrypted internal Tor virtual network. So they won't ever send out traffic from an IP under your control to some website or general Internet system (and in turn tie that IP in any way to spam/abuse/whatever, at least not for that reason). It's not necessarily hidden that it is acting as a relay, but the relay itself will have no knowledge of the traffic it's carrying.
Plenty of people have reasonable concerns about the risks/inconveniences that might come with acting as an exit node, but on both a legal and practical level there are many more jurisdictions where merely relaying encrypted traffic between other relays isn't a problem. And it's still quite helpful, both for network speed and because purely internal Tor Hidden Services do not need any exit nodes at all.
Sites such as https://www.dan.me.uk/dnsbl then help people do this.
That site in particular may "warn":
> This DNS blacklist contains ALL tor nodes (entry, transit and exit nodes) - think carefully before choosing to use this list for blocking purposes.
but anyone who doesn't understand tor simply won't understand the decision and choose ALL.
Running a relay on your own address isn't sensible because of this. Nevermind an exit node.
I think it might be a problem if I also ran a mail server from home, but almost nobody does that anymore.
I could do some shenanigans on my modem and end up with a new dynamic IP from cox, but generally within hours that new IP would be on whatever list people use to track exit node IPs and the pain would start all over again.
I still contribute to Tor via VPS rentals and such, but relays are not no-risk alternatives to exit nodes. Period.
Edit: nvm, found the answer by pricechild below.
"Why you need balls of steel to run a Tor exit node":
Given the low level of technical knowledge with a great deal of US law enforcement, increasing militarization, no knock warrants, etc... Please think twice before running an exit node from your house. Do it in Colo somewhere with a small, plucky ISP owned by a first and fourth amendment absolutist.
Some anti-features that come to my attention off the top of my head:
* Biometric login (as of FF60)
* Dumb PR Stunts like Mr. Robot
* Balrog (Analytics and browser fingerprinting on AmazonS3)
* Social API
* VR sensors
* Google Chrome (large contract Mozilla has with them as they backport this into IPC)
* CloudFlare DNS (Department of Homeland Security partner and Tor arch-enemy)
What issues exactly? Tor Browser = Firefox ESR + some patches + some other stuff and tweaks. Before the release of the next ESR TB devs rebase and submit these patches to mainline Firefox, that's why you have prefs like privacy.resistFingerprinting and privacy.firstparty.isolate in mainline Firefox, see: https://wiki.mozilla.org/Security/Tor_Uplift
Are you talking about Web Authentication? What is wrong with it?
If that doesn't pan out, do you expect the ongoing work on this project to reduce the size of the patches that the Tor Browser project needs to carry on top of the Firefox trunk?
> The intention of Tor Uplift project is to land all Tor Browser patches so that Tor can directly use Firefox main trunk instead of a fork.
Are you referring to third-party login services and comment systems (such as disqus and similar)?
See the full list of bugs of breakage when privacy.firstparty.isolate is enabled: https://wiki.mozilla.org/Security/FirstPartyIsolation#First_...