Reach .onion sites · Tor built in

The dark web,
without the setup.

Some of the most private corners of the internet — whistleblowing platforms, mirrors of news sites, privacy tools — only live as .onion hidden services on the Tor network. Normally you'd install Tor Browser to reach them. Searxly bundles its own Tor client, so the moment you open an .onion address it routes that tab through Tor automatically. Your real IP is hidden behind a three-relay circuit, the rest of your browsing is untouched, and there's nothing to install or configure. This page is the honest, detailed breakdown — including exactly where this stops short of Tor Browser.

How it works

Your Mac builds the circuit. Tor carries the rest.

Open a .onion address and Searxly routes that one tab through a bundled, code-signed Tor client — across three relays, into the hidden service. Here's what runs where, and what stays sealed on your machine.

Your Mac · stays local
Onion tabEphemeral & in-memory — wiped when it closes. WebRTC, geolocation, timezone and language are locked down.
Bundled Tor clientA signed Tor, supervised by the sandboxed app's XPC helper. Nothing to install.
SOCKS5h proxyThe .onion name is resolved at Tor, not your OS — so there's no DNS leak.
Tor circuit
3 encrypted hops
Tor network · off your Mac
Guard → Middle → RendezvousThree independent relays. No single one knows both who you are and where you're going.
Per-site isolationStream isolation gives every destination its own circuit — sites can't be linked to one path.
.onion hidden serviceAuthenticated by its address (its public key) and never learns your real IP.

Only onion tabs take this path — Tor starts on your first one and stops when the last closes. The rest of your browsing stays on your normal, direct connection.

3Relay hops
0DNS leaks
Per-siteCircuit isolation
IPHidden by default
The mechanism

Named, not hand-waved.

Tor client
The official Tor binary, bundled inside the app, code-signed with the Hardened Runtime and supervised by the sandboxed app's XPC helper — no Homebrew, no download, no separate Tor Browser
Routing
Onion tabs use a per-tab SOCKS5 proxy into the local Tor. Hostname resolution happens at the proxy (SOCKS5h), so .onion names resolve inside Tor and there is no DNS leak
Scope
Onion-only. Tor carries .onion tabs; the rest of your browsing stays on your normal connection (or the in-app VPN, if you use it)
Isolation
Each onion tab uses an ephemeral, in-memory data store, and Tor is configured with stream isolation — every destination gets its own circuit, so two sites can't be linked to the same path
Live circuit
Searxly talks to Tor's cookie-authenticated control port to show the real relays in your circuit — and to build a fresh one with “New circuit for this site.”
Consent
A one-time disclosure before your first onion sets honest expectations about what Tor does and doesn't protect
Lifecycle
Tor starts lazily on your first onion and is torn down when the last onion tab closes; any leftover process is reaped on the next launch
Onion routing, explained

Why it takes three hops.

Tor's whole idea is that no single point ever knows both who you are and what you're looking at. It does that by bouncing your traffic through a chain of independent relays, each peeling back one layer of encryption — like the layers of an onion.

The guard

The first relay sees your real IP — but not what you're visiting. It only knows you're using Tor and which relay to hand off to next. Tor keeps this entry stable to resist certain attacks.

The middle

A relay in the path that knows neither end. It receives from the guard and forwards to the next hop, so it can't connect your identity to your destination.

The meeting point

For onion services, you and the site each build a path to a shared rendezvous relay. Even the destination never learns your IP — the address itself is the service's public key, so the connection is authenticated end-to-end.

A new circuit, on demand

One tap rebuilds the path through different relays — useful if a site is slow or you want a clean route. Combined with per-site isolation, your circuits aren't shared across the sites you visit.

No DNS leak

The .onion name is handed to Tor to resolve, not to your operating system's resolver. Your ISP never sees a lookup for the hidden service you're opening.

Layered encryption

Each hop only removes its own layer, so the guard can't read what the exit relays can and vice-versa. That's the “onion” in onion routing.

Closing the side doors

Hiding your IP isn't enough on its own.

A web page can try to find you in ways that go around the network — a direct WebRTC connection, a location prompt, a timezone read-out. Searxly shuts the highest-signal of those doors on every onion tab.

WebRTC
Disabled in onion tabs. WebRTC can open a direct peer connection that bypasses the proxy and reveals your real IP — so it's switched off entirely
Geolocation
Denied. A page that asks where you are gets a permission error instead of a location
Timezone
Reported as UTC, so your local timezone can't be used to narrow down where you are
Language
Reported uniformly (en-US), instead of leaking your system's preferred languages
Identity
A generic user agent with no “Searxly”/private markers, and an in-memory session that's discarded when the tab closes — no cookies or storage persist
Navigation
Onion tabs only follow normal web links — other URL schemes that could escape the Tor path are blocked
Who sees what

What each party can — and can't — observe.

Your ISP / network
Sees that you're connecting to the Tor network — not which onion sites you open or what you load
The guard relay
Sees your IP and that you use Tor, but not your destination or content
The onion service
Serves you the page, but never learns your real IP; the connection is authenticated by the .onion address itself
Searxly, the app
Runs the local Tor for you and keeps no logs of it. Your searches, keys and AI prompts never left your Mac to begin with
A page's scripts
Can't read your IP via WebRTC, your location, your timezone or your languages — those are blocked or normalised on onion tabs
A common worry

“But the onion link is http, not https?”

Most onion services are served over plain http://, and that's perfectly normal — it isn't a downgrade. A .onion address is the service's cryptographic public key, so the connection to it is already authenticated and end-to-end encrypted by Tor itself. The usual reason for https — proving you're talking to the real server and stopping eavesdroppers in the middle — is already handled by the onion protocol. Searxly allows http only for .onion hosts; the normal web stays HTTPS-only.

  • The .onion address authenticates the service — there's no certificate to forge.
  • Tor provides the encryption end-to-end, all the way into the hidden service.
  • Cleartext http to the normal web is still blocked — the exception is scoped to onions only.
Honest about limits

This is not Tor Browser.

Searxly gives you Tor's network protection — your IP is hidden, onions are reachable, there's no DNS leak. What it does not do is replicate Tor Browser's years of work on making every user's browser look identical (anti-fingerprinting). If your threat model is serious — a hostile government, a determined adversary — use the official Tor Browser. We'd rather tell you that plainly than let a convenient feature give you a false sense of safety.

Get Tor Browser
  • It hides your IP from onion services and routes you through a real 3-hop Tor circuit.
  • It blocks the loudest leaks — WebRTC, geolocation — and normalises timezone and language.
  • It is not full anti-fingerprinting. A determined site may still fingerprint your browser; Tor Browser is built specifically to resist that.
  • Don't sign in to personal or clearnet accounts in an onion tab — that links your identity to your activity.
  • Be mindful of what you access. Some onion content is illegal or harmful; reaching the network is a tool, not an endorsement.

Private corners of the web, one address away.

Local search, agentic tools for your own AI, keys that never leave — and now hidden services reachable over Tor, with no install and no DNS leak. Onion-only, and honest about where it stops.