News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Vanguards-lite/vanguards for tor clients? : OpSec | Torhoo darknet markets

I'm struggling to understand how to enable vanguards for tor clients.
The vaguards.py (github.com/mikeperry-tor/vanguards) script only handle HSLayer2Nodes, HSLayer3Nodes (HS = for hidden services).

In the tor specs I see that there is "vanguard-lite" which is a (-1hop)vanguard for clients, but I don't see anywhere how to enable it.

I'm confused, how am I supposed to enable it?
/u/aero
1 points
3 months ago
What do you mean how to enable it? sudo apt-get install vanguards -y && sudo service tor restart.
/u/cognac
1 points
3 months ago
Vanguard-lite is automatically enabled for any version after 0.4.7 something. Vanguard installation instructions on github: https://github.com/mikeperry-tor/vanguards but this is mostly useful for long-lived service. Lite is best for clients and short-lived services
/u/Paris A ⎝⎝✧GͥOͣDͫ✧⎠⎠
1 points
3 months ago
Vanguard-lite is built into tor process itself with the way it chooses it's path over the guards. You do nothing. The extra python vanguards script can be really good at providing some little extra protection for the ultra paranoid. Just don't try to use the script on a high activity or bandwidth site. You will get relays that will drop and it will be quite the pain. To prevent that you need to build your own custom paths and pay thousands of dollars extra a month in server expenses to have the privilege of keeping your servers private, safe, and stable. Do I seem bitter? It's because I am. These budget cuts are killing me.
/u/JustMyCold 📢
1 points
3 months ago
Wait every onion stream already has an extra guard layer by default?

So the default connection for onion streams is this by default:
Client hsdir: C -> G -> L2 -> M -> HSDir
Client intro: C -> G -> L2 -> M -> Intro
Client rend: C -> G -> L2 -> Rend
Service hsdir: C -> G -> L2 -> M -> HSDir
Service intro: C -> G -> L2 -> M -> Intro
Service rend: C -> G -> L2 -> M -> Rend

Just don't try to use the script on a high activity or bandwidth site. You will get relays that will drop and it will be quite the pain. To prevent that you need to build your own custom paths and pay thousands of dollars extra a month in server expenses to have the privilege of keeping your servers private, safe, and stable.

If you want to rant about it and why it's like that I'm here to learn :)
/u/Paris A ⎝⎝✧GͥOͣDͫ✧⎠⎠
1 points
3 months ago
When you use the vanguards script you get an added hop. It's to protect your layer 3 guards.
/u/JustMyCold 📢
1 points
3 months ago
Sorry but I'm still confused, what I gather from your comments is that vanguard-lite is built in into the tor process but the extra hop is added only when the script (vanguard.py) is used.
But isn't vanguards.py only for full vanguards (2 extra hop)? I don't see any config for vanguard-lite.
/u/Paris A ⎝⎝✧GͥOͣDͫ✧⎠⎠
1 points
3 months ago
The words "vanguard-lite" deals with a circuit process already built into tor. It deals with the way it selects it's paths. As in, it's built in with no configuration.

Vanguards.py is a script which does a lot more than what regular tor does. It creates layers of guards/relays to limit the amount of paths your connections go over. Limiting bandwidth and other stuff too. Look at the documentation vanguards has to understand it more. For the vast majority of people, the vanguards.py script does nothing valuable.
/u/JustMyCold 📢
1 points
3 months ago
Ok let me get it right one last time, in the vanguards specs it says:

Vanguards-Lite uses only one layer of vanguards:

-> vanguard_2A

-> guard_1A -> vanguard_2B
HS
-> guard_1B -> vanguard_2C

-> vanguard_2D


So this mean that if vanguard-lite is enabled, and as you said it is by default, every onion stream will already have an extra hop out of the box. Correct?

And on the tor browser circuit (the one shown near the url on the left) there are only 3 hops because it's the rendezvous circuit and it has one hop less than others client onion circuits like below:

Client rend: C -> G -> L2 -> Rend
Other client circuits: C -> G -> L2 -> M -> target


Have I understood correctly?
/u/Paris A ⎝⎝✧GͥOͣDͫ✧⎠⎠
1 points
3 months ago
So this mean that if vanguard-lite is enabled, and as you said it is by default, every onion stream will already have an extra hop out of the box. Correct?

No. As it's only a single layer after your guard. You don't need a buffer because the other hop is the middle.

Only when you are running the vanguard script is your onion processes having an extra hop. This is designed to keep your vanguard layers private. If there was no buffer it would be very simple for someone to know which user are using vanguards (from an overabundance of the same relays connecting to a single client). This happens transparently.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo