CRITICAL WARNING
Failure to adhere to the strict operational security (OpSec) protocols defined below compromises connection integrity. Mistakes in cryptographic verification or identity isolation directly result in intercepted communications or loss of funds. Study these directives meticulously.
Identity Isolation
Compartmentalization is the foundation of network anonymity. You must never mix real-life identity metrics with Tor identity vectors.
- Unique Credentials: Do not reuse usernames, monikers, or passwords from clearnet entities or prior darknet forums.
- Information Silos: Never disclose personal contact info, geographical indicators, or conversational patterns that link to your actual persona.
- Isolated Hardware/VMs: Advanced operators isolate activities using operating systems like Tails OS or Whonix rather than base host machines.
MitM Defense & Verification
Man-in-the-Middle (MitM) attacks occur when an adversary intercepts the routing topology, presenting an identical, malicious proxy. Mitigating this risk requires strict cryptographic discipline.
- Always Verify Signatures: Verifying the PGP signature of the onion link against the known public key is the ONLY conclusive method of ensuring authenticity.
- Avoid External Indexes: Do not trust links aggregated on unverified wikis, public forums, or Reddit threads.
Tor Browser Hardening
Default configurations are insufficient for maximum network resilience. Software hardening is mandatory.
- Security Level: Adjust the Tor Browser security slider to "Safer" or "Safest". This disables vulnerable vector rendering.
- JavaScript Mitigation: Disable JavaScript globally using NoScript components for environments where dynamic scripting isn't strictly necessary.
- Viewport Integrity: Never maximize or resize the browser window. Doing so allows hostile nodes to perform window dimension fingerprinting.
Financial Hygiene
Cryptocurrency ledgers are inherently traceable unless properly obfuscated. Maintain strict directional workflows.
- No Direct Transfers: Never send funds directly from an exchange (e.g., Coinbase, Binance, Kraken) to market wallets.
- Intermediary Wallets: Route all transfers through local, non-custodial hardware or software wallets (Electrum, Feather Wallet, Monero GUI).
- XMR Superiority: Utilizing Monero (XMR) is highly recommended over Bitcoin (BTC) due to ring signatures and native privacy capabilities.
PGP Encryption (The Golden Rule)
Client-Side Doctrine
"If you don't encrypt, you don't care." PGP (Pretty Good Privacy) asymmetric encryption is mandatory. Operating without client-side encryption delegates your operational security to centralized servers, which is functionally equivalent to having no security at all.
All sensitive logistics, shipping vectors, and critical addresses must be encrypted client-side—on your local machine using Kleopatra or GnuPG—before being transmitted to any marketplace.
The "Auto-Encrypt" Vulnerability
Never utilize an "Auto-Encrypt" checkbox provided on a web form.
Using server-side auto-encryption transmits plaintext data across the network before it is encrypted. If the server is compromised or logging inputs, your plaintext data is captured regardless of subsequent encryption routines. Ensure localized block generation.