This was mentioned several times in the reports. Among other things, the two Ricochet entry servers.
OK, “guard discovery attack” is ambiguous.
As I understand it, the “guard discovery attack” that vanguards is trying to deal with is one where you run a bunch of intermediate nodes, provoke a hidden service to set up a bunch of circuits, and hope that you detect one or more of those circuits being built through your node. You do this because you can’t see much, if any, traffic that doesn’t go to nodes you control.
Another way to discover guards (and other things) is just to watch the whole network, without necessarily operating any nodes, and observe the traffic from the hidden service to its guard. That still discovers the guard, but vanguards has no effect on it.
What I’m saying is that the German government probably approximates a global passive adversary well enough to have success with the second attack, and that I don’t see anything in the story that tells me which method they actually used.
The fact that there were a bunch of bogus nodes around then is perhaps relevant, but not dispositive.
Vanguards are a Tor feature, not a client feature, are they not?Tor can be configured as anything: client Socks5Proxy, router, HiddenService client & server, …
What I’m asking is why Ricochet, as a client of Tor, has any effect on whether vanguards are used or not. In the original architecture, the Tor program would be a separate entity that would be updated independent of Ricochet. Therefore Ricochet would be irrelevant to the choice to use or not use vanguards, heavy or light. So talking about how old Ricochet was would be basically irrelevant to anything.
If the Tor code was bundled in Ricochet (as now seems to be common but also seems like a bad idea from a security point of view), then presumably you’d have old versions of both.
I never used Ricochet and don’t know how it worked.
… but there’s still nothing that proves that it would matter either way.