Feature #13599: Switch to the DuckDuckGo .onion by default

Feature #13599

Switch to the DuckDuckGo .onion by default

Added by tailshark 2017-08-06 18:15:01 . Updated 2018-01-19 10:34:14 .

Status:

Rejected

Priority:

Normal

Assignee:

tailshark

Category:

Target version:

Start date:

2017-08-06

Due date:

% Done:

Feature Branch:

Type of work:

Discuss

Blueprint:

Starter:

Affected tool:

Browser

Deliverable for:

Description

In proper form I did an initial search on this it was mentioned some years ago but never followed through on: https://labs.riseup.net/code/issues/6059

To start, I’m running a remastered version of Tails where I have swapped the .com out for the .onion. Security was lingering in my mind somewhat (anyone with CA keys being able to read traffic from the Tor exit) but the primary issue I had was that duckduckgo.com would intermittently stop responding across almost all of the exits I could reach simultaneously but the .onion address would still resolve and work. And on the note of security I found it very cumbersome to copy the .onion address into a new tab each time. Personally I’ve found my searches to be way more reliable without the intermittent downtime since doing the remaster change a number of months ago.

Replacing the address is not a big deal, especially in remastering, but may need some thought if you want it in your build process. Honestly it might be easier to do the change at boot rather than tor-browser installation unless you have an automated tor-browser post-installer already handy.

Here’s the code I’m using for the remaster:
——
find /usr/local/lib/tor-browser/distribution/searchplugins/locale/ -type f -print0\
| xargs –0 sed -i “s/duckduckgo\.com/3g2upl4pq6kufc4m.onion/g”
——

If this board eats the text I apologize in advance.

If you want something that modifies it at boot I can look at posting a commit on my gitlab fork.

P.S. Something I think is often left out of the “to onion or not to onion” conversation is it reduces possible connection interference. (e.g. if powerful attackers want to block traffic to certain sites it’s easier to block an exit to a specific clearnet address than it is to block access to a specific .onion).

Subtasks

Related issues

Related to Tails - ~~Bug #12121~~: Switch to the DuckDuckGo .onion by default	Rejected	2017-01-08
Related to Tails - Feature #10265: Test that DDG is the default search engine in Tor Browser	In Progress	2015-09-26
Related to Tails - ~~Feature #6059~~: Update DuckDuckGo	Resolved

History

#1 Updated by anonym 2017-08-07 17:23:27

Status changed from New to Confirmed
Target version set to Tails_3.2
Affected tool set to Browser

tailshark wrote:
> In proper form I did an initial search on this it was mentioned some years ago but never followed through on: https://labs.riseup.net/code/issues/6059

Did you really miss ~~Bug #12121~~ that has the exact same subject as the ticket you opened? :)

Any way, on ~~Bug #12121~~ you can see that we essentially defer to the upstream Tor Browser default, i.e. clearnet DDG, which is explained on Tor ticket #19735. Essentially it boils down to “if JavaScript is disabled, the clearnet DDG will graciously downgrade to a pure HTML version, but the DDG onion service will not which results in breakage”.

However, I just tested the DDG onion service with JavaScript disabled, and it now does graciously downgrade to the pure-HTML version. So, yay, now there’s one less reason not to use the onion service.

> P.S. Something I think is often left out of the “to onion or not to onion” conversation is it reduces possible connection interference. (e.g. if powerful attackers want to block traffic to certain sites it’s easier to block an exit to a specific clearnet address than it is to block access to a specific .onion).

That is a good point!

When it comes to pros/cons of this move, it’s obvious that the onion service provides better security properties than SSL and Tor exiting to the clearnet, and, as tailshark points out, that it works around DNS/CA-level (and similar) connectivity issues (malicious or not). However, I personally have noticed a significant delay when using the onion service the first time each session (well, each Tor restart), which is consistent with the extra overhead of setting up a HS circuit (more hops, rendezvous, no pre-built circuits like for non-HS circuits). Subsequent usage is fast enough (despite the extra hops) since KeepAliveIsolateSOCKSAuth will keep the circuit alive indefinitely. From the few Tor-related UX studies I’ve seen, such delays are very frustrating to users, so introducing them might be worse overall, despite those obvious pros, since it might end up with users using less secure alternatives. So IMHO it’s still non-obvious to me whether we should do this move or not.

Thoughts?

#2 Updated by tailshark 2017-08-07 17:48:12

I did miss the duplicate, sorry. I searched by the .onion address which itself was left out of the duplicate ticket. :)

#3 Updated by tailshark 2017-08-07 18:55:58

Just a followup thought… if “how fast DDG is visible” is a primary concern for user adoption it may be worth weighing how often the .com version is unreachable over Tor. For myself personally it was getting very aggravating as the .com would stop resolving in the middle of my research. If the unreachability of the .com exceeds a specific threshold (one that I’m not qualified to determine) then it would stand to reason that the .onion would offer a better overall user experience at that point.

#4 Updated by intrigeri 2017-09-01 13:16:21

Assignee set to tailshark
Target version deleted (~~Tails_3.2~~)
QA Check set to Info Needed

anonym wrote:
> Any way, on ~~Bug #12121~~ you can see that we essentially defer to the upstream Tor Browser default, i.e. clearnet DDG, which is explained on Tor ticket #19735. Essentially it boils down to “if JavaScript is disabled, the clearnet DDG will graciously downgrade to a pure HTML version, but the DDG onion service will not which results in breakage”.

+ another blocker that was mentioned there. Anyways.

Please explain why we should diverge from upstream Tor Browser on this one, i.e. a good reason to discuss this here instead of on the Tor bug tracker.

#5 Updated by intrigeri 2017-09-01 13:16:34

related to ~~Bug #12121~~: Switch to the DuckDuckGo .onion by default added

#6 Updated by Anonymous 2018-01-19 10:29:56

related to Feature #10265: Test that DDG is the default search engine in Tor Browser added

#7 Updated by Anonymous 2018-01-19 10:32:15

related to ~~Feature #6059~~: Update DuckDuckGo added

#8 Updated by Anonymous 2018-01-19 10:34:14

Status changed from Confirmed to Rejected

No news since 5 months and it seems that

we don’t want to diverge from TBB upstream
DDG onion service might result in breakage with JS disabled.

I will thus reject this ticket.