The fixes have to be client-side and whatever can be done in the protocol because we don't know what malicious software relays run. I am glad to see devs are exposing what the problems are and iterating on potential solutions. Sites that just want your traffic will be quiet about the vulnerabilities, especially when keeping you vulnerable is so profitable.