I feel the new oniux command is doing both the right thing and the wrong thing:

- right thing: catch every network access and redirect to Tor

- wrong thing: create the user expectation that (if you remember to prepend "oniux") it'll catch every network access and redirect to Tor

It is essentially moral hazard. What happens when you accidentally forget "oniux"? Or think you've booted up a Tails environment but it's not? Or mistake the Tor Browser window for a Firefox window? You only have to resolve a DNS name _once_ for the world to know you're interested in accessing it.

I like the idea that oniux should not only intercept gethostbyname(), but also always set standard environment variables pointing to its SOCKS proxy. That way curl can do the right thing - refuse to pass .onion names to gethostbyname() - but support automatically passing them on to a proxy. If it's a non-Tor proxy, it should also do the right thing and refuse to resolve .onion addresses, leaving only safe ways forward, which is passing on name resolution to whichever proxy is configured, and the only proxy that will resolve .onion addresses is the Tor proxy.