The dark web,
without the setup.
Some of the most private corners of the internet — whistleblowing platforms, mirrors of news sites, privacy tools — only live as .onion hidden services on the Tor network. Normally you'd install Tor Browser to reach them. Searxly bundles its own Tor client, so the moment you open an .onion address it routes that tab through Tor automatically. Your real IP is hidden behind a three-relay circuit, the rest of your browsing is untouched, and there's nothing to install or configure. This page is the honest, detailed breakdown — including exactly where this stops short of Tor Browser.
Your Mac builds the circuit. Tor carries the rest.
Open a .onion address and Searxly routes that one tab through a bundled, code-signed Tor client — across three relays, into the hidden service. Here's what runs where, and what stays sealed on your machine.
.onion name is resolved at Tor, not your OS — so there's no DNS leak.3 encrypted hops
Only onion tabs take this path — Tor starts on your first one and stops when the last closes. The rest of your browsing stays on your normal, direct connection.
Named, not hand-waved.
.onion names resolve inside Tor and there is no DNS leak.onion tabs; the rest of your browsing stays on your normal connection (or the in-app VPN, if you use it)Why it takes three hops.
Tor's whole idea is that no single point ever knows both who you are and what you're looking at. It does that by bouncing your traffic through a chain of independent relays, each peeling back one layer of encryption — like the layers of an onion.
The guard
The first relay sees your real IP — but not what you're visiting. It only knows you're using Tor and which relay to hand off to next. Tor keeps this entry stable to resist certain attacks.
The middle
A relay in the path that knows neither end. It receives from the guard and forwards to the next hop, so it can't connect your identity to your destination.
The meeting point
For onion services, you and the site each build a path to a shared rendezvous relay. Even the destination never learns your IP — the address itself is the service's public key, so the connection is authenticated end-to-end.
A new circuit, on demand
One tap rebuilds the path through different relays — useful if a site is slow or you want a clean route. Combined with per-site isolation, your circuits aren't shared across the sites you visit.
No DNS leak
The .onion name is handed to Tor to resolve, not to your operating system's resolver. Your ISP never sees a lookup for the hidden service you're opening.
Layered encryption
Each hop only removes its own layer, so the guard can't read what the exit relays can and vice-versa. That's the “onion” in onion routing.
Hiding your IP isn't enough on its own.
A web page can try to find you in ways that go around the network — a direct WebRTC connection, a location prompt, a timezone read-out. Searxly shuts the highest-signal of those doors on every onion tab.
What each party can — and can't — observe.
“But the onion link is http, not https?”
Most onion services are served over plain http://, and that's perfectly normal — it isn't a downgrade. A .onion address is the service's cryptographic public key, so the connection to it is already authenticated and end-to-end encrypted by Tor itself. The usual reason for https — proving you're talking to the real server and stopping eavesdroppers in the middle — is already handled by the onion protocol. Searxly allows http only for .onion hosts; the normal web stays HTTPS-only.
- ✓The .onion address authenticates the service — there's no certificate to forge.
- ✓Tor provides the encryption end-to-end, all the way into the hidden service.
- ✕Cleartext
httpto the normal web is still blocked — the exception is scoped to onions only.
This is not Tor Browser.
Searxly gives you Tor's network protection — your IP is hidden, onions are reachable, there's no DNS leak. What it does not do is replicate Tor Browser's years of work on making every user's browser look identical (anti-fingerprinting). If your threat model is serious — a hostile government, a determined adversary — use the official Tor Browser. We'd rather tell you that plainly than let a convenient feature give you a false sense of safety.
Get Tor Browser→- ✓It hides your IP from onion services and routes you through a real 3-hop Tor circuit.
- ✓It blocks the loudest leaks — WebRTC, geolocation — and normalises timezone and language.
- ✕It is not full anti-fingerprinting. A determined site may still fingerprint your browser; Tor Browser is built specifically to resist that.
- ✕Don't sign in to personal or clearnet accounts in an onion tab — that links your identity to your activity.
- ✕Be mindful of what you access. Some onion content is illegal or harmful; reaching the network is a tool, not an endorsement.
Private corners of the web, one address away.
Local search, agentic tools for your own AI, keys that never leave — and now hidden services reachable over Tor, with no install and no DNS leak. Onion-only, and honest about where it stops.