Zweimal gelang es überdies, sogenannte “Eintrittsserver”
We’ve already been over that. There are different ways to discover guards, and not all of them are “guard discovery attacks” in the sense that was bein used here.
Their discovery and blocking in the Tor network was reported at the time.
… and yet nobody knows for sure who was operating them or whether they were related to this. Yes, I did read it, and it gave me no new or convincing information.
I don’t think that’s easy.
It’s easy once you have the infrastructure set up and the aprovals in place.
And in order to get such extensive provider monitoring approved, serious criminal acts would have to have taken place.
The whole point of something like Tor is that you want to protect people even when some government does think “serious criminal acts” have taken place. What is and is not a “criminal act” is a matter of politics and can vary from place to place.
If it can’t protect against a government that considers something a priority, then it’s not serving its most important purpose.
Whether a “normal user” (whatever that means) can hide from some advertising tracker is a distinctly secondary concern, especially because if that’s all you care about, you don’t need anything as heavy as Tor to begin with.
It’s true that the German government is unusually well positioned to attack the network, and that other governments may have more trouble. It’s nonetheless a problem that the network’s guarantees can be breached.
Vanguards-lite has been auto enabled in the client for years.
The “client” here is the application using tor. The SOCKS client. I wouldn’t call the tor program itself a client of tor.