On 1/16/20 5:01 PM, procmem@riseup.net wrote:

Hi. We are rolling out the vanguard plugin for our users and wanted to understand some options we can enable.

• In many parts of the Security README setting *circ_max_megabytes* is

recommended. Though it is discouraged for usecases involving Onionshare and Securedrop which we support. What is a reasonable limit to set? What happens is the max ceiling gets hit? Does it permanently disrupt the upload/download?

Setting circ_max_megabytes means that no circuit can be used to transmit more than that many megabytes. As soon as that limit is hit, the circuit will be force-closed.

I do not recommend using this option in your case, as you cannot anticipate the max file size that a securedrop or onionshare user may use, and the failure more here is non-obvious (their upload/download will just fail).

• "High load onion services may consider using 4 layer2 guards by

changing the *num_layer2_guards* option in the configuration file https://github.com/mikeperry-tor/vanguards/blob/master/vanguards-example.conf, but going beyond that is not recommended." Does this benefit clients too? We would like to enable options that mimic the configuration used by actual high load onion services to provide them with more cover.

Using more layer2 guards will not improve client performance. I recommend staying with the defaults, as they are backed by asn's analysis. Any other choice would be arbitrary or specific to a custom circumstance, and thus provide less cover.