I have writing experience in other fields and would be keen to start drafting something for AirVPN and other users in the near-term. As a civil libertarian, I believe everyone has the right to be free of interference when using or communicating on the net. If they want our shit, they should get a warrant. Full stop. Maybe AirVPN could think about some free VPN hours to those putting a bit of time into this resource?
In the first instance, users probably require a 'Threat Assessment Model' resource to determine what level of computer security they need to attempt for their own purposes.
Models I have seen normally come down to about 7 levels, from the 1st level - just a normal user who uses VPN + basic firewalls etc (not really trying to hide) - all the way through to paranoid users who are the next Snowden or Silk Road 2.0 e.g. using virtual environments, chaining of virtual and VPN environments, + Tor, + identity separation, + PfSense + Tor Bridges + JonDoNym mixers + advanced hardware networking solutions + use of hidden onion addresses + MAC spoofing + intrusion detection + hidden encrypted containers inside encrypted volumes, encrypted swap, BIOS and other firmware updates etc etc.
After users know where they sit on the threat continuum, then the tools they need to use to achieve their preferred level of anonymity/psuedo-anonymity can be further explored in a solid document. This would use materials on this website, plus 100s of pages of info I have already collated across numerous security forums.
It could be condensed down into something manageable e.g. I imagine 50 pages or so and split up into various chapters e.g. firewalls, general networking, O/S (host) configuration, using virtual environments, nesting/chaining VPN connections, advanced O/S e.g. Qubes/Whonix, whistleblowers e.g. TAILS, secure communication methods, using Tor safely, configuring browsers, OpenVPN configurations, SSH/SSL tunnelling, Tor over VPN/VPN over Tor, using Tomato/DD-WRT etc routers, open-source encryption options etc etc.
Anyway, if you like this idea, I can start on the preliminary threat assessment article in the next week or so. Shouldn't take too long.
PS Apparently the keyboard cadence finger-printing only works in Tor if you 'temporarily allow' scripts on that page. If you never allow scripts (not even for trusted websites), then apparently they CANNOT achieve this form of finger-printing (yet). Also, the mssfix value of 1360 also works for me, but agree the most common values need to be explored, so AirVPN users can 'hide in the crowd' and not make their signature MORE unique by accident i.e. very unusual directive in custom settings.