factually

Keep Factually independent

Whether you agree or disagree with our analysis, these conversations matter for democracy. We don't take money from political groups - even a $5 donation helps us keep it that way.

Loading...Goal: 1,000 supporters
Loading...

Are vanguards enabled for the tor browser?

Checked on November 24, 2025
Disclaimer: Factually can make mistakes. Please verify important info or breaking news. Learn more.
GitHub
Tor Project
Whonix
Tor Project
Searched for:
"tor browser vanguards enabled November 2025"
Found 14 sources

Executive summary

Tor's new Vanguards system exists in two flavors: Vanguards‑Lite (the default for clients and short‑lived services) and Full Vanguards (an optional, higher‑security mode intended for long‑lived onion services) [1] [2]. Arti (the Rust Tor implementation) ships with Vanguards enabled by default as of Arti 1.2.2, and the Tor Project recommends most users keep defaults while operators of long‑lived onion services consider enabling Full Vanguards [3] [4].

1. What “vanguards” are and why they exist

Vanguards are an added guard‑topology mechanism designed to reduce guard discovery attacks that can make traffic‑analysis and eventual deanonymization easier; the add‑on was first announced in 2018 and later formalized into a specification that defines two variants, Vanguards‑Lite and Full Vanguards [4] [1]. The system adds one or more fixed “vanguard” relays into paths so an adversary must perform a larger Sybil or coercion effort to learn or control a service’s guards, trading extra path length and latency for stronger location anonymity [5] [1].

2. How Vanguards relate to Tor Browser specifically

Available sources do not claim that Tor Browser (the mainstream Firefox‑based client bundle) enables Full Vanguards by default. The specification explicitly says Vanguards‑Lite MUST be the default for onion client and onion service activity and Full Vanguards SHOULD be optional for services, indicating client‑side defaults favor the lighter form [1] [2]. There is separate reporting that Arti — a Rust Tor implementation used in some projects — has Vanguards enabled by default in Arti 1.2.2+, but that statement refers to Arti, not necessarily the Tor Browser bundle itself [3].

3. Arti vs. Tor Browser: where Vanguards are enabled now

The Tor Project newsletter and blog note “Vanguards are enabled by default in Arti 1.2.2 and later” and urge running recent versions [3]. The blog post “Announcing Vanguards Support in Arti” describes how to enable full vanguards in Arti’s TOML config and recommends most users keep defaults but suggests Full Vanguards for long‑lived services [4] [3]. This demonstrates an important split: Arti (an implementation) ships with Vanguards on, while mainstream Tor Browser releases use different Tor implementations and may follow different defaults — the sources do not state Tor Browser enables Full Vanguards by default [4] [3] [1].

4. How an ordinary user should interpret these facts

For ordinary browsing and onion‑site access, the specification mandates Vanguards‑Lite as the default for client activity — that is the designed behavior for client protection without heavy performance penalties [2] [1]. The Tor Project’s guidance is clear: most users should stick to defaults; only long‑lived onion service operators should consider Full Vanguards because it changes path selection and increases latency [4] [1].

5. Using the vanguards add‑on or external implementations

There is a maintained vanguards add‑on and reference implementation (GitHub) that can attach to system Tor or Tor Browser’s control port; historically people could run the add‑on alongside Tor Browser by pointing it at the browser’s control port [6] [7]. The Tor Project’s own docs and the vanguards README explain the add‑on is primarily intended for onion service operators and that it can be used as a regular Tor client if configured to the appropriate control port [6] [8].

6. Trade‑offs, limitations and open questions

Full Vanguards increases path length and latency and may reduce performance for some high‑traffic services; that’s why the spec and proposals treat Full Vanguards as optional for services and Vanguards‑Lite as default for clients [1] [9]. The Tor Project also warns deployment and defaults are delicate trade‑offs between security and scalability; some projects such as Whonix have chosen to ship vanguards by default for their environment, but that reflects project‑specific risk tradeoffs rather than a universal Tor Browser policy [10].

7. Bottom line and practical next steps

If your question is “Are vanguards enabled for Tor Browser?”: current reporting indicates Vanguards‑Lite is the normative default for client activity per the spec and Arti has Vanguards enabled by default, but the sources do not state that Tor Browser (the official browser bundle) enables Full Vanguards by default [1] [3] [4]. If you operate a long‑lived onion service, follow Tor Project guidance to enable Full Vanguards in the implementation you control (Arti or C‑Tor via torrc options), and for casual users stick with the Tor Browser defaults unless you have a specific operational need [4] [1].

Want to dive deeper?
What is Tor Vanguards and how does it enhance Tor Browser security?
Are Tor Vanguards included by default in the official Tor Browser distribution?
How do Vanguards compare to other anti-guard enumeration or guard rotation defenses?
Can I safely install and run Tor Vanguards alongside Tor Browser on Windows/macOS/Linux?
What are the privacy and usability trade-offs when enabling Vanguards with Tor Browser?
About
Blog
Contact
FAQ
Terms
Privacy
Manage data