Originally created by @tailshark on #13599 (Redmine)

In proper form I did an initial search on this it was mentioned some years ago but never followed through on: https://labs.riseup.net/code/issues/6059

To start, I’m running a remastered version of Tails where I have swapped the .com out for the .onion. Security was lingering in my mind somewhat (anyone with CA keys being able to read traffic from the Tor exit) but the primary issue I had was that duckduckgo.com would intermittently stop responding across almost all of the exits I could reach simultaneously but the .onion address would still resolve and work. And on the note of security I found it very cumbersome to copy the .onion address into a new tab each time. Personally I’ve found my searches to be way more reliable without the intermittent downtime since doing the remaster change a number of months ago.

Replacing the address is not a big deal, especially in remastering, but may need some thought if you want it in your build process. Honestly it might be easier to do the change at boot rather than tor-browser installation unless you have an automated tor-browser post-installer already handy.

Here’s the code I’m using for the remaster:
——
find /usr/local/lib/tor-browser/distribution/searchplugins/locale/ -type f -print0\
| xargs –0 sed -i “s/duckduckgo\.com/3g2upl4pq6kufc4m.onion/g”
——

If this board eats the text I apologize in advance.

If you want something that modifies it at boot I can look at posting a commit on my gitlab fork.

P.S. Something I think is often left out of the “to onion or not to onion” conversation is it reduces possible connection interference. (e.g. if powerful attackers want to block traffic to certain sites it’s easier to block an exit to a specific clearnet address than it is to block access to a specific .onion).

Related issues

• Related to #12121 (closed)
• Related to #10265
• Related to #6059 (closed)