Security & Operational Security (OPSEC) Guide

Operational Security (OPSEC) is critical for safely using darknet marketplaces. This guide covers essential security practices, from Tor Browser configuration to advanced privacy techniques. One mistake can compromise your anonymity.

⚠️

CRITICAL: Read This First

Darknet marketplace usage carries serious legal risks. This guide is for educational purposes only. Always verify you are complying with local laws. Poor OPSEC can result in identification, legal consequences, or financial loss.

1. Tor Browser Setup

Download & Installation

1

Download from official source ONLY:

  • Official website: torproject.org
  • Verify PGP signature (advanced users)
  • ⚠️ NEVER download Tor from third-party sites
2

Security Settings:

  • Set Security Level to "Safest"
  • Navigate to: Settings → Privacy & Security → Security Level
  • This disables JavaScript (prevents fingerprinting)
💡 Pro Tip: Some marketplace features may not work with "Safest" mode. Use "Safer" as minimum, but NEVER use "Standard" for darknet markets.

Critical Tor Browser Rules

DO: Keep Tor Browser window size default (don't maximize)
DO: Update Tor Browser regularly
DO: Use HTTPS-only sites when possible
DON'T: Install browser extensions or plugins
DON'T: Login to personal accounts (email, social media)
DON'T: Download files while using Tor (except necessary)

2. Operating System Security

Recommended OS Options

🥇 Tails OS (Best)

Live operating system that leaves no trace

  • ✅ Runs from USB (no installation)
  • ✅ Routes all traffic through Tor
  • ✅ No traces left on computer
  • ✅ Built-in encryption tools

Recommended for: Maximum security

🥈 Whonix (Excellent)

Virtual machine with Tor isolation

  • ✅ Complete network isolation
  • ✅ Protects against IP leaks
  • ⚠️ Requires VirtualBox setup

Recommended for: Advanced users

🥉 Windows/Mac/Linux (Acceptable)

Standard OS with Tor Browser

  • ⚠️ Less secure than Tails/Whonix
  • ⚠️ Leaves forensic traces
  • ✅ Easier to use

Minimum requirements: Full disk encryption, antivirus disabled during Tor use

⚠️

Windows 10/11 Telemetry Risk: Windows sends telemetry data to Microsoft. For high-security needs, use Tails or Whonix instead.

3. VPN Usage (Pros & Cons)

VPN usage with Tor is controversial. Here's the truth:

✅ Pros of VPN + Tor

  • Hides Tor usage from ISP
  • Adds extra layer of encryption
  • Protects against malicious Tor exit nodes

❌ Cons of VPN + Tor

  • VPN provider can see your real IP
  • Adds single point of failure
  • May slow down connection
  • Payment to VPN creates financial trail

VPN Configuration (If Using)

Recommended Setup: VPN → Tor

  1. Connect to VPN first
  2. Then launch Tor Browser
  3. ISP sees: You → VPN (encrypted)
  4. VPN sees: VPN → Tor (but not your traffic)
⚠️ Never use Tor → VPN: This exposes your Tor traffic to VPN provider and defeats anonymity purpose.

VPN Provider Selection

If using VPN, choose one with:

  • ✅ No-logs policy (verified by audit)
  • ✅ Accepts cryptocurrency (Monero preferred)
  • ✅ Located in privacy-friendly jurisdiction
  • ✅ No email required for signup

4. Device Security

Dedicated Device (Ideal)

Best practice: Use a dedicated computer/laptop only for darknet activities.

  • Clean installation of OS
  • No personal accounts or files
  • Only used with Tor Browser

Full Disk Encryption (Mandatory)

Windows: BitLocker (Pro version) or VeraCrypt

macOS: FileVault

Linux: LUKS (during installation)

🔒

CRITICAL: Without full disk encryption, all your marketplace activity can be recovered from your hard drive, even if you delete files.

Additional Security Measures

  • 🔒 Use strong, unique password for device login
  • 🔒 Enable automatic screen lock (5 minutes max)
  • 🔒 Disable cloud backup/sync (Dropbox, iCloud, OneDrive)
  • 🔒 Disable webcam/microphone when not in use
  • 🔒 Keep antivirus/firewall disabled during Tor use (can interfere)

5. PGP Encryption Basics

PGP (Pretty Good Privacy) is mandatory for secure marketplace communication. See our complete PGP tutorial for detailed instructions.

Why PGP is Critical

  • ✅ Encrypts shipping addresses (vendor can't leak)
  • ✅ Verifies vendor identity (prevents phishing)
  • ✅ Secures private messages
  • ✅ Required by most marketplaces

Quick PGP Checklist

6. Account Security

Username Selection

  • Never reuse usernames from other sites
  • ❌ Don't use real name, birthdate, or personal info
  • ✅ Use random, unique username (e.g., "shadow8392")
  • ✅ Different username for each marketplace

Password Best Practices

Minimum requirements:

  • ✅ 20+ characters
  • ✅ Mix of uppercase, lowercase, numbers, symbols
  • ✅ Randomly generated (use KeePassXC)
  • ✅ Unique per marketplace

Example: Kx9#mP2$wL8@vN4!qR6&

Two-Factor Authentication (2FA)

Always enable 2FA. Vortex Market supports:

  • TOTP (Time-based): Google Authenticator, Authy
  • PGP-based 2FA: Uses your PGP key
Recommendation: Use PGP-based 2FA for maximum security. TOTP apps can be compromised if phone is seized.

Login Security

  • 🔒 Never save passwords in browser
  • 🔒 Use password manager (KeePassXC, offline only)
  • 🔒 Log out after each session
  • 🔒 Verify .onion URL before login (bookmark it)

7. Common OPSEC Mistakes (AVOID THESE)

❌ Using Personal Email

Never register with personal email addresses. Use disposable email or no email.

❌ Logging In From Home IP

Your home IP can be tracked. Always use Tor, optionally with VPN.

❌ Reusing Crypto Addresses

Use a new cryptocurrency address for each transaction. Reuse enables blockchain tracking.

❌ Shipping to Real Name

Use fake/alternative name for deliveries. Real name links you to package.

❌ Discussing Markets on Clearnet

Never mention marketplace usernames/activity on Facebook, Reddit, etc.

❌ Finalizing Early (FE)

Only finalize after receiving product. Early finalization = no buyer protection.

❌ Keeping Bitcoin in Market Wallet

Markets can exit scam. Only deposit what you need, immediately.

❌ Ignoring Vendor Reviews

Research vendors thoroughly. Check reviews, history, dispute rate.

8. Advanced Privacy Techniques

1. Bitcoin Tumbling/Mixing

Bitcoin transactions are traceable. To anonymize:

  • Use cryptocurrency tumbler/mixer services
  • Or better: Switch to Monero (untraceable by default)
  • Never send Bitcoin directly from exchange to marketplace

2. Dead Drops for Packages

Highest security delivery method:

  • Use abandoned building, vacant lot, or public space
  • Coordinate pickup location with vendor
  • No connection to your real address
  • ⚠️ Advanced technique, requires trusted vendor

3. Separate Identities

  • Use different personas for buying vs. forum participation
  • Never link identities through writing style, timezone, or details
  • Maintain strict separation between accounts

4. Metadata Removal

Before uploading images/files:

  • Remove EXIF data (GPS, camera model, timestamp)
  • Use tools: ExifTool, MAT2, or online services
  • Take screenshots instead of uploading photos directly

Final Security Checklist

Essential (Must Have)

  • ✅ Tor Browser (Security Level: Safer/Safest)
  • ✅ PGP encryption for all messages
  • ✅ 2FA enabled on account
  • ✅ Strong, unique passwords
  • ✅ Never finalize early

Recommended (Should Have)

  • ✅ Full disk encryption
  • ✅ VPN (optional but helpful)
  • ✅ Dedicated device for darknet
  • ✅ Use Monero instead of Bitcoin
  • ✅ Regular security updates

Advanced (Maximum Security)

  • ✅ Tails OS or Whonix
  • ✅ Bitcoin tumbling/mixing
  • ✅ Dead drop deliveries
  • ✅ Separate identities
  • ✅ Faraday bag for phone

Related Guides

🔐

PGP Encryption Tutorial

Complete step-by-step PGP setup guide

 💰

Monero Payment Guide

Anonymous cryptocurrency transactions

 ⚠️

Safety Tips

Critical safety practices and red flags