DuckDuckGo should onionize their links

Why doesn’t the TOR project ask DuckDuckGo to convert all clear web sites that have a .onion equivalent to be replaced on DDG Onion. Like why when you are on DDG Onion, you click on let’s say nytimes.com from DDG , DDG didn’t replace with the .onion sites so it will be faster and less confusing.

Go contact them directly yourself.

Forward your DuckDuckGo inquiries using the method(s) above. That being said, I will give you a technical answer to think about.

Any entity in a position to rewrite URLs can perform social engineering attacks, such as phishing; such convenience comes at the cost of more trust, and therefore, more potential for abuse.

Duck doesn’t have any forums or direct contact. You can only give them feedback. I’ll give them a try but I doubt they’ll care.

About social engineering, you have a point. Given that onion adresses aren’t remembered by humans, Duck could (hacked or forced by gov) sneakily change it to a duplicate site to de-anonimise.

But couldn’t it be done in a way that is transparent and not possible to tamper with ?

···

On Wednesday, 20 December 2023 at 5:36 PM, Frank Lý via Tor Project Forum noreply@forum.torproject.org wrote:

FranklyFlawless
December 20

Overbite9491:

Why doesn’t the TOR project ask DuckDuckGo to convert all clear web sites that have a .onion equivalent to be replaced on DDG Onion.

Go contact them directly yourself.

DuckDuckGo Help Pages

Contact DuckDuckGo

DuckDuckGo is an independent internet privacy company that offers a private alternative to Google search & Chrome in one free app.

Overbite9491:

Like why when you are on DDG Onion, you click on let’s say nytimes.com from DDG , DDG didn’t replace with the .onion sites so it will be faster and less confusing.

Forward your DuckDuckGo inquiries using the method(s) above. That being said, I will give you a technical answer to think about.

Any entity in a position to rewrite URLs can perform social engineering attacks, such as phishing; such convenience comes at the cost of more trust, and therefore, more potential for abuse.


Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

1 Like

From about:manual#onion-services:

In practice, this means that after selecting the “Always” radio button, then searching on DuckDuckGo for the query “nytimes.com”, then accessing it, the URL in the address bar will briefly show https://www.nytimes.com/, then be automatically rewritten by Tor Browser to https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/ thereafter. This solution eliminates DuckDuckGo as a potential point of trust while providing you the convenience of URL rewriting.

3 Likes