On Mon, Sep 16, 2024 at 08:17:25PM +0000, pasture_clubbed242--- via tor-relays wrote:
Something I always found confusing is what the difference is between the Vanguards Github project, and the version of Vanguards that Tor has implemented. I thought Vanguards was added into Tor no? Is the Vanguards project still useful despite this?
I'm not sure if this spec is the exact implementation or a recommendation for an external plugin. https://spec.torproject.org/vanguards-spec/full-vanguards.html I have also seen other mentions of an implementation elsewhere.
The "full" vanguards design includes other changes to how Tor handles edge cases and unexpected circuit/stream behavior which might be able to be used as a side channel, but the main tradeoff is that it slows down your circuits. You have to run it alongside your Tor, as a controller, which means it is not for "end" users. You can read about it on this blog post: https://blog.torproject.org/announcing-vanguards-add-onion-services/
Whereas the "lite" design is a subset of the full design, which we built into C-Tor back in 2021-2022 when it became clear that some of these guard discovery attacks we worried about might actually be more practical than first thought. You can read about vanguards-lite in Proposal 333: https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/333-van... and you can read one of the motivations for it in this research paper: https://petsymposium.org/popets/2022/popets-2022-0026.pdf
And lastly, there is a great explanation of both variations of vanguards in this blog post talking about adding them to Arti: https://blog.torproject.org/announcing-vanguards-for-arti/
--Roger