Critical Doctrine

Security & OpSec Guide

Mandatory operational security protocols for deep web navigation. Mistakes lead to total loss of funds or identity compromise. Read thoroughly.

01

Identity Isolation

Total compartmentalization is the foundation of operational security. You must ensure zero intersection between your clearnet persona and your Tor identity.

  • Do not reuse any usernames, passwords, or handles that you utilize on the clearnet.
  • Never mention personal details, weather, timezones, or local events in communications.
  • Do not use the same device for personal banking and darknet research simultaneously.

Rule of Thumb

Treat your Tor identity as a completely separate individual. If a piece of data exists in your real life, it does not exist in your Tor environment, and vice versa. Cross-contamination is permanent.

02

MitM Defense & Verification

The routing infrastructure is heavily targeted by Man-in-the-Middle (MitM) attacks. Malicious actors deploy spoofed portals that look identical to the authentic market to intercept credentials and hijacked deposits.

The Golden Rule of Verification

Verifying the PGP signature of the .onion link is the ONLY cryptographic way to ensure you are communicating with the legitimate server. Visual similarity means absolutely nothing.

  • Never trust links sourced from random wikis, open forums, Telegram channels, or Reddit.
  • Always cross-reference mirrors against a known, locally saved public PGP key.
03

Tor Browser Hardening

Security Level

Navigate to preferences and adjust the Security Slider to "Safer" or "Safest". This disables dangerous web features that can be exploited to bypass proxy layers.

JavaScript Mgmt

Disable JavaScript globally via NoScript whenever possible. Malicious exit nodes or compromised endpoints can use JS execution for deanonymization.

Window Sizing

Never resize the Tor Browser window. Leave it at the default launch size. Maximizing it allows endpoints to fingerprint your monitor resolution.

04

Financial Hygiene

Blockchain analysis is sophisticated. A direct transfer from a KYC-compliant exchange to a darknet entity is an immediate red flag that permanently ties your real identity to your market activities.

The Intermediary Wallet

Never send funds directly from Coinbase, Binance, or Kraken to a market address.

Exchange → Local Intermediary Wallet → Market

Currency Choice

Bitcoin (BTC) is a public ledger. Use Monero (XMR) for all transactions to utilize built-in ring signatures and stealth addresses.

XMR Recommended Stack
05

PGP Encryption Protocol

"If you don't encrypt, you don't care."

Relying on a marketplace's infrastructure to secure your communication is a fatal flaw. If the server is compromised or seized, plain-text messages stored in the database are immediately exposed to adversaries.

Client-Side Only
  • All sensitive data (shipping addresses, contact info) must be encrypted on your local machine using tools like Kleopatra or Gpg4win before it ever touches the browser.
  • Never use the "Auto-Encrypt" checkbox provided by marketplace messaging systems. Server-side encryption requires transmitting your plaintext data to the server first.
  • Always enable Two-Factor Authentication (2FA) via PGP. This ensures only someone holding your private key can decrypt the login challenge.

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

hQEMA7V/...[ENCRYPTED_BLOCK_EXAMPLE].../8Xq
-----END PGP MESSAGE-----

Example block. Your output must look like this before pasting.