The Best Deep Web Search Engines

TorDex – Search Tor Hidden Services

TorDex Deep Web Search Engine

TorDex is a onion search engine build in the programming language called Rust. It implements a search algorithm like Google page rank, although not perfect it is one of the best search engines on Tor.

Fresh Onions

Fresh Onions

Fresh Onions is a simple onion site crawler that has the ability to search for Tor sites by title. They also have some helpful tools to find misconfigured onion sites and phishing pages.

not Evil – Search Tor

Not Evil is one of the oldest search engines on Tor. They don’t have any sponsors and run the site as not for profit.

OnionDir | Find Onion Sites & Reviews

Onion DIr

Onion Dir isn’t exactly a search engine but rather a helpful directory of onion sites. Onion Dir moderates every submission and tried to keep the site free of spam.

Why You Should Disable JavaScript on Tor

JavaScript is a major vector for exploits nowadays. It widens your attack surface significantly.

Consider that enabling JavaScript in your web browser is equivalent to automatically running whatever program a website sends you when you connect to it, and automatically running whatever programs and third-party resources send to you as well.

Though we don’t usually think of them this way, JavaScript scripts are programs. They are Turing-complete. In theory, they are also sandboxed. However, sandboxes are not perfect, and sometimes a vulnerability is discovered that allows an attacker to break out of a sandbox.

Modern JavaScript browser APIs are so complex that they can introduce vulnerabilities without anyone even realizing it. For example, the Spectre vulnerability that was discovered in almost every CPU recently was initially exploitable through JavaScript because browsers provided a high-precision timer API. Simply by allowing the running JavaScript to know the time accurately, an attack vector was opened that allowed any website to read anything open in your browser (including passwords).

You can disable JavaScript in Tor Browser by changing the security settings. On the Safer level, JavaScript is disabled on all non-HTTPS sites. This is important because non-HTTPS sites are not encrypted, and they can therefore be modified in transit. Anyone in between you and the server (including the Tor exit node) could modify and inject JavaScript on the page to do whatever they want.

On the Safest level, all JavaScript is disabled on all websites. This is definitely, as the name implies, the safest option. If you come across a website that breaks with JavaScript disabled, and you decide that you really need to use it (think about this carefully), you can always use NoScript to temporarily allow scripts on that website or tab only.