How it's engineered not to leak.
One idea, taken to its limit: your real identity should never leave the machine — and you shouldn't have to trust us that it doesn't. Here's the routing, the kill switch, the exact fingerprint surfaces we scramble, the anti-forensics, and an honest map of where a WebKit browser's guarantees end.
One switch you can't turn off.
Standard Searxly lets you raise privacy to Maximum when you choose. Maximum removes the choice: the app boots into Maximum Privacy over Tor and stays there. Every request either leaves through Tor — or doesn't leave at all.
Six defenses. Each fails closed.
The actual behavior — what it does, the leak it removes, and, where there is one, the honest edge.
Always-on Tor, over SOCKS5h
A Tor client is bundled and launched through the app's sandboxed helper. Every WebView's data store and the local search engine's upstream ride Tor's SOCKS proxy in SOCKS5h mode — the "h" means hostnames are resolved at the proxy, so your Mac never issues a DNS query that could reveal what you're visiting.
A single gate (PrivacyGate) decides the fate of every outbound request. In Maximum it permits traffic only through Tor; the instant Tor isn't verified up, page loads, native fetches and searches are refused rather than sent from your real address. There is deliberately no "just this once" clearnet path.
A fresh circuit for every tab
Tor treats a SOCKS username/password pair as a stream-isolation key. Maximum hands each tab its own random token, so two tabs open on the same site travel different circuits and exit from different nodes — closing the cross-tab correlation that per-destination isolation alone leaves open.
On networks that block Tor, pluggable-transport bridges (obfs4 and Snowflake, both served by the bundled lyrebird) disguise the connection, and if a direct handshake stalls, Maximum falls back to Snowflake automatically.
Scrambled, and folded into the crowd
A hardening script is injected into every page before its own scripts run, in every frame. High-entropy readouts are perturbed per-read, enumeration is capped, and the display is normalized to a common value — and each shim is native-code-masked so Function.prototype.toString can't reveal the tampering.
Amnesic, RAM-only browsing
Turn on amnesic mode and the whole session lives in memory: history and open-tab snapshots are never written, cookies and cache use a non-persistent store, and new search-history entries are dropped. Quit, and it's gone. It's a "boot into it" mode — the flag is snapshotted once at launch, so you never end up half-amnesic.
What you deliberately own — bookmarks, saved passwords, your settings — is kept. Amnesia forgets what you did, not what you own.
Anti-forensics the OS doesn't give you
macOS normally tags every download with the exact URL it came from (kMDItemWhereFroms — Finder's "where-from") and writes your open windows to disk so it can restore them. Maximum strips the source-URL tag off saved files — while keeping the Gatekeeper quarantine flag intact — and disables window-state restoration, so your browsing isn't quietly recorded where amnesic mode can't reach.
A runtime and an updater you can trust
Before the Tor binary is ever executed, its code signature is verified against the same team that signed the app — a swapped or patched binary is refused, and Tor won't start. It's the one substitution that could quietly defeat the whole model, so it fails closed.
Updates are just as careful. The check and the download ride Tor and are verified with the app's Ed25519 signing key, so even updating never reveals to a clearnet server that this Mac runs Searxly Maximum.
Proof, not a privacy promise.
The strongest claim is one you don't have to believe. Maximum ships three things you can check yourself, inside the app:
- ✓A live Network Ledger — every request, the lane it took, and a running "nothing left your real IP" tally, held in memory only
- ✓A one-tap self-test that fetches your address through Tor and confirms it returns as a Tor exit — over the same fail-closed lane, so it can't leak while checking
- ✓A runtime-integrity check that shows the bundled Tor binary is the one Searxly signed
The safest feature is the one that isn't there.
Anything that could send data off your Mac is removed from this edition — not toggled off, removed — so it can't be re-enabled, exploited, or leak by accident. The bridge binary is even excluded from the bundle when it isn't needed.
No managed VPN
No paid tunnel, no exit-node account, no billing identity. Tor is the only network path, and it needs nothing from you.
No wallet
The self-custody wallet and all its RPC and market traffic are gone. Nothing on-chain, nothing address-keyed, nothing to fingerprint.
No AI backend
Searxly ships no model and no cloud AI. The only intelligence is the one you bring; the Agentic Tools server that exposes tools to it is local, loopback-only and off by default.
No telemetry or feedback
No analytics, no crash beacons, no feedback webhook, no account. There's simply no code left that phones home.
Where a WebKit browser's guarantees end.
Security isn't marketing. Maximum raises the cost of tracking you a long way — but it's built on WebKit, not a patched engine, and we'd rather draw the edge than hide it.
It is not the Tor Browser
Tor Browser ships a hardened, patched engine tuned over years for one uniform fingerprint. Maximum uses Apple's WebKit, so some surfaces can only be blunted from JavaScript, not eliminated. For the very hardest threat models — a targeted state adversary — the Tor Browser remains the reference, and we say so.
Some fingerprint bits remain
Canvas, audio and font readouts are farbled and enumeration is capped, but a script measuring a full-width element's real geometry, or reading the Accept-Language header WebKit sends, can still recover a few bits. Letterboxing and locale masking narrow this; they don't zero it. Only a modified engine closes it fully.
The OS keeps some notes
Amnesic mode and the download-provenance strip cover what the app and Finder record. System crash reports and the macOS quarantine database are written by the operating system outside the app's sandbox — a sandboxed app can minimize what it hands over, but it can't reach in and scrub what the OS stores elsewhere.
Tor is Tor
You inherit Tor's own model: a malicious exit can see unencrypted traffic (so stick to HTTPS and .onion), and Tor is slower than the clear web. Maximum makes that trade deliberately — it would rather be slow and private than fast and traceable.
Built so there's nothing to trust.
Always on, fail-closed, and open to inspection. See the overview and the price, or read how the rest of the architecture is built — every layer documented the same honest way.
Coming soon · no account · no telemetry · source published for review