Randomize non-pipelined requests to defend against traffic fingerprinting
According to Martin Henze (who works with Andriy Panchenko), the defense in #3914 (closed) is inadequate due to the fact that many sites forcibly disable pipelining.
He implemented a defense that randomizes non-pipelined HTTP requests as well, but it may need some cleanup. It also needs testing against their framework still, I believe.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information