[luckylion]

The CP, Drug markets etc on Tor is typically on hidden services, not on the clearweb.

The whitelist approach may work similarly to adblocker lists, where you say "I trust Jim's List Of Friendly Websites". I don't know how good it is for performance though.

[sdan]

Obviously you can do a block for *.onion. But suppose someone searches up "how to make a [insert bad thing]" or something else inappropriate on something as simple as Google. It'd be somewhat hard to block all urls from Google or DDG that contain some text (not to mention that I've heard that people who are in this business use acronyms or other slang... which to the general user (like me) probably won't know.

Don't want to take that risk.

[luckylion]

I believe the blocking is done on a domain/host level, so you'd block google.com in that case. That's likely not required, because google.com is generally thought to be okay, but you are correct that even that may be problematic. If your IP has searched for "$governmentBuilding blueprints" and there's a bomb planted at that building a week later, you could become a person of interest (provided that Google saves the ip for queries).

Blocking *.onion on the other hand wouldn't be necessary from a "legal protection" standpoint: hidden services don't see the original IP of the client.

[swinglock]

Google knows IPs are shared and track on L7, they know Tor, NAT, CGNAT. So I'd wager if you share access to Google via Tor you'd get issues with Google quite quickly if not logged in and easily L7 traceable, in form of captchas and blocks everywhere.