Searxly · Maximum · full mechanism
▲ Deep dive

How it's engineered not to leak.

One idea, taken to its limit: your real identity should never leave the machine — and you shouldn't have to trust us that it doesn't. Here's the routing, the kill switch, the exact fingerprint surfaces we scramble, the anti-forensics, and an honest map of where a WebKit browser's guarantees end.

The core idea

One switch you can't turn off.

Standard Searxly lets you raise privacy to Maximum when you choose. Maximum removes the choice: the app boots into Maximum Privacy over Tor and stays there. Every request either leaves through Tor — or doesn't leave at all.

ON YOUR MACSearch · keys · AI · vaultRuns and ranks locally; encrypted at rest
THE ONE LANEBundled Tor · SOCKS5hSignature-checked · hostnames resolve at the proxy
THE WORLD SEESA Tor exit nodeNever your IP. If Tor is down → blocked
100%Traffic over Tor
SOCKS5hNo DNS leak
1 circuitPer tab
0Off-device features
The mechanism, layer by layer

Six defenses. Each fails closed.

The actual behavior — what it does, the leak it removes, and, where there is one, the honest edge.

01
Routing

Always-on Tor, over SOCKS5h

A Tor client is bundled and launched through the app's sandboxed helper. Every WebView's data store and the local search engine's upstream ride Tor's SOCKS proxy in SOCKS5h mode — the "h" means hostnames are resolved at the proxy, so your Mac never issues a DNS query that could reveal what you're visiting.

A single gate (PrivacyGate) decides the fate of every outbound request. In Maximum it permits traffic only through Tor; the instant Tor isn't verified up, page loads, native fetches and searches are refused rather than sent from your real address. There is deliberately no "just this once" clearnet path.

Stops real-IP & DNS exposureTor's model a hostile exit can read cleartext — use HTTPS / .onion
02
Identity

A fresh circuit for every tab

Tor treats a SOCKS username/password pair as a stream-isolation key. Maximum hands each tab its own random token, so two tabs open on the same site travel different circuits and exit from different nodes — closing the cross-tab correlation that per-destination isolation alone leaves open.

On networks that block Tor, pluggable-transport bridges (obfs4 and Snowflake, both served by the bundled lyrebird) disguise the connection, and if a direct handshake stalls, Maximum falls back to Snowflake automatically.

Stops same-site cross-tab correlation · censorship
03
Fingerprint

Scrambled, and folded into the crowd

A hardening script is injected into every page before its own scripts run, in every frame. High-entropy readouts are perturbed per-read, enumeration is capped, and the display is normalized to a common value — and each shim is native-code-masked so Function.prototype.toString can't reveal the tampering.

Canvas 2D — getImageData / toDataURL / toBlob noised
WebGL 1&2 — getParameter & readPixels farbled
Audio — AudioBuffer & analyser noised
OffscreenCanvas — same readback defense
Fonts — measureText noise + FontFaceSet.check cap
Viewport — inner/client/visualViewport letterboxed
Time & locale — timezone → UTC, language masked
WebRTC — RTCPeerConnection removed
Stops cross-site fingerprint linking · WebRTC IP leakEdge an offsetWidth probe & the Accept-Language header still leak a few bits — WebKit ceiling
04
Traces

Amnesic, RAM-only browsing

Turn on amnesic mode and the whole session lives in memory: history and open-tab snapshots are never written, cookies and cache use a non-persistent store, and new search-history entries are dropped. Quit, and it's gone. It's a "boot into it" mode — the flag is snapshotted once at launch, so you never end up half-amnesic.

What you deliberately own — bookmarks, saved passwords, your settings — is kept. Amnesia forgets what you did, not what you own.

Stops on-disk session traces after you quit
05
Forensics

Anti-forensics the OS doesn't give you

macOS normally tags every download with the exact URL it came from (kMDItemWhereFroms — Finder's "where-from") and writes your open windows to disk so it can restore them. Maximum strips the source-URL tag off saved files — while keeping the Gatekeeper quarantine flag intact — and disables window-state restoration, so your browsing isn't quietly recorded where amnesic mode can't reach.

Stops URL provenance & window state written to diskEdge system crash logs & the quarantine DB live outside the sandbox
06
Supply chain

A runtime and an updater you can trust

Before the Tor binary is ever executed, its code signature is verified against the same team that signed the app — a swapped or patched binary is refused, and Tor won't start. It's the one substitution that could quietly defeat the whole model, so it fails closed.

Updates are just as careful. The check and the download ride Tor and are verified with the app's Ed25519 signing key, so even updating never reveals to a clearnet server that this Mac runs Searxly Maximum.

Stops tampered runtime · an update path that outs you
Privacy self-test
Fetch my IP — through Tor
check.torproject.org over the fail-closed Tor lane
IsTor: trueExit: 185.220.…Real IP hidden
If Tor weren't up, the test simply can't run — same lane as everything else
Watch it work

Proof, not a privacy promise.

The strongest claim is one you don't have to believe. Maximum ships three things you can check yourself, inside the app:

  • A live Network Ledger — every request, the lane it took, and a running "nothing left your real IP" tally, held in memory only
  • A one-tap self-test that fetches your address through Tor and confirms it returns as a Tor exit — over the same fail-closed lane, so it can't leak while checking
  • A runtime-integrity check that shows the bundled Tor binary is the one Searxly signed
Attack surface, subtracted

The safest feature is the one that isn't there.

Anything that could send data off your Mac is removed from this edition — not toggled off, removed — so it can't be re-enabled, exploited, or leak by accident. The bridge binary is even excluded from the bundle when it isn't needed.

No managed VPN

No paid tunnel, no exit-node account, no billing identity. Tor is the only network path, and it needs nothing from you.

No wallet

The self-custody wallet and all its RPC and market traffic are gone. Nothing on-chain, nothing address-keyed, nothing to fingerprint.

No AI backend

Searxly ships no model and no cloud AI. The only intelligence is the one you bring; the Agentic Tools server that exposes tools to it is local, loopback-only and off by default.

No telemetry or feedback

No analytics, no crash beacons, no feedback webhook, no account. There's simply no code left that phones home.

Honest about limits

Where a WebKit browser's guarantees end.

Security isn't marketing. Maximum raises the cost of tracking you a long way — but it's built on WebKit, not a patched engine, and we'd rather draw the edge than hide it.

01

It is not the Tor Browser

Tor Browser ships a hardened, patched engine tuned over years for one uniform fingerprint. Maximum uses Apple's WebKit, so some surfaces can only be blunted from JavaScript, not eliminated. For the very hardest threat models — a targeted state adversary — the Tor Browser remains the reference, and we say so.

02

Some fingerprint bits remain

Canvas, audio and font readouts are farbled and enumeration is capped, but a script measuring a full-width element's real geometry, or reading the Accept-Language header WebKit sends, can still recover a few bits. Letterboxing and locale masking narrow this; they don't zero it. Only a modified engine closes it fully.

03

The OS keeps some notes

Amnesic mode and the download-provenance strip cover what the app and Finder record. System crash reports and the macOS quarantine database are written by the operating system outside the app's sandbox — a sandboxed app can minimize what it hands over, but it can't reach in and scrub what the OS stores elsewhere.

04

Tor is Tor

You inherit Tor's own model: a malicious exit can see unencrypted traffic (so stick to HTTPS and .onion), and Tor is slower than the clear web. Maximum makes that trade deliberately — it would rather be slow and private than fast and traceable.

▲ Searxly Maximum

Built so there's nothing to trust.

Always on, fail-closed, and open to inspection. See the overview and the price, or read how the rest of the architecture is built — every layer documented the same honest way.

Coming soon · no account · no telemetry · source published for review