Project

General

Profile

Feature #13599

Switch to the DuckDuckGo .onion by default

Added by tailshark about 2 years ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
08/06/2017
Due date:
% Done:

0%

Feature Branch:
Type of work:
Discuss
Blueprint:
Starter:
Affected tool:
Browser

Description

In proper form I did an initial search on this it was mentioned some years ago but never followed through on: https://labs.riseup.net/code/issues/6059

To start, I'm running a remastered version of Tails where I have swapped the .com out for the .onion. Security was lingering in my mind somewhat (anyone with CA keys being able to read traffic from the Tor exit) but the primary issue I had was that duckduckgo.com would intermittently stop responding across almost all of the exits I could reach simultaneously but the .onion address would still resolve and work. And on the note of security I found it very cumbersome to copy the .onion address into a new tab each time. Personally I've found my searches to be way more reliable without the intermittent downtime since doing the remaster change a number of months ago.

Replacing the address is not a big deal, especially in remastering, but may need some thought if you want it in your build process. Honestly it might be easier to do the change at boot rather than tor-browser installation unless you have an automated tor-browser post-installer already handy.

Here's the code I'm using for the remaster:
----
find /usr/local/lib/tor-browser/distribution/searchplugins/locale/ -type f -print0\ | xargs 0 sed -i "s/duckduckgo\.com/3g2upl4pq6kufc4m.onion/g"
---

If this board eats the text I apologize in advance.

If you want something that modifies it at boot I can look at posting a commit on my gitlab fork.

P.S. Something I think is often left out of the "to onion or not to onion" conversation is it reduces possible connection interference. (e.g. if powerful attackers want to block traffic to certain sites it's easier to block an exit to a specific clearnet address than it is to block access to a specific .onion).


Related issues

Related to Tails - Bug #12121: Switch to the DuckDuckGo .onion by default Rejected 01/08/2017
Related to Tails - Feature #10265: Test that DDG is the default search engine in Tor Browser In Progress 09/26/2015
Related to Tails - Feature #6059: Update DuckDuckGo Resolved

History

#1 Updated by anonym about 2 years ago

  • Status changed from New to Confirmed
  • Target version set to Tails_3.2
  • Affected tool set to Browser

tailshark wrote:

In proper form I did an initial search on this it was mentioned some years ago but never followed through on: https://labs.riseup.net/code/issues/6059

Did you really miss #12121 that has the exact same subject as the ticket you opened? :)

Any way, on #12121 you can see that we essentially defer to the upstream Tor Browser default, i.e. clearnet DDG, which is explained on Tor ticket #19735. Essentially it boils down to "if JavaScript is disabled, the clearnet DDG will graciously downgrade to a pure HTML version, but the DDG onion service will not which results in breakage".

However, I just tested the DDG onion service with JavaScript disabled, and it now does graciously downgrade to the pure-HTML version. So, yay, now there's one less reason not to use the onion service.

P.S. Something I think is often left out of the "to onion or not to onion" conversation is it reduces possible connection interference. (e.g. if powerful attackers want to block traffic to certain sites it's easier to block an exit to a specific clearnet address than it is to block access to a specific .onion).

That is a good point!


When it comes to pros/cons of this move, it's obvious that the onion service provides better security properties than SSL and Tor exiting to the clearnet, and, as tailshark points out, that it works around DNS/CA-level (and similar) connectivity issues (malicious or not). However, I personally have noticed a significant delay when using the onion service the first time each session (well, each Tor restart), which is consistent with the extra overhead of setting up a HS circuit (more hops, rendezvous, no pre-built circuits like for non-HS circuits). Subsequent usage is fast enough (despite the extra hops) since KeepAliveIsolateSOCKSAuth will keep the circuit alive indefinitely. From the few Tor-related UX studies I've seen, such delays are very frustrating to users, so introducing them might be worse overall, despite those obvious pros, since it might end up with users using less secure alternatives. So IMHO it's still non-obvious to me whether we should do this move or not.

Thoughts?

#2 Updated by tailshark about 2 years ago

I did miss the duplicate, sorry. I searched by the .onion address which itself was left out of the duplicate ticket. :)

#3 Updated by tailshark about 2 years ago

Just a followup thought... if "how fast DDG is visible" is a primary concern for user adoption it may be worth weighing how often the .com version is unreachable over Tor. For myself personally it was getting very aggravating as the .com would stop resolving in the middle of my research. If the unreachability of the .com exceeds a specific threshold (one that I'm not qualified to determine) then it would stand to reason that the .onion would offer a better overall user experience at that point.

#4 Updated by intrigeri about 2 years ago

  • Assignee set to tailshark
  • Target version deleted (Tails_3.2)
  • QA Check set to Info Needed

anonym wrote:

Any way, on #12121 you can see that we essentially defer to the upstream Tor Browser default, i.e. clearnet DDG, which is explained on Tor ticket #19735. Essentially it boils down to "if JavaScript is disabled, the clearnet DDG will graciously downgrade to a pure HTML version, but the DDG onion service will not which results in breakage".

+ another blocker that was mentioned there. Anyways.

Please explain why we should diverge from upstream Tor Browser on this one, i.e. a good reason to discuss this here instead of on the Tor bug tracker.

#5 Updated by intrigeri about 2 years ago

  • Related to Bug #12121: Switch to the DuckDuckGo .onion by default added

#6 Updated by u over 1 year ago

  • Related to Feature #10265: Test that DDG is the default search engine in Tor Browser added

#7 Updated by u over 1 year ago

#8 Updated by u over 1 year ago

  • Status changed from Confirmed to Rejected

No news since 5 months and it seems that

  • we don't want to diverge from TBB upstream
  • DDG onion service might result in breakage with JS disabled.

I will thus reject this ticket.

Also available in: Atom PDF