Platform Crypto OPSEC Harm Reduction News FAQ → Enter Marketplace

Operational Security · Comprehensive Guide

Operational Security (OPSEC) Guide

A complete, detailed guide to remaining anonymous online. Covers the tools, practices, red flags, and common mistakes that determine whether your operational security holds or fails.

Why You Must Think About OPSEC

Every darknet marketplace arrest that has been publicly documented has one common thread: the arrested individual made an operational security error. Not a technology failure — a human behavior failure. The Silk Road's Ross Ulbricht was identified because he used the same username "altoid" in darknet forum posts as in an old clearnet Stack Overflow post asking about Bitcoin. Hansa Market operators were caught partly because they used personal email addresses in server rental agreements.

Technology is a tool. Tor hides your IP. PGP encrypts your messages. Monero obscures your financial trail. But technology cannot protect you from revealing your real identity through behavioral patterns, reused usernames, shipping details, writing style analysis, or routine mistakes under pressure. OPSEC is about discipline — forming and maintaining habits that leave no exploitable information trail.

The question you must constantly ask is: "If this action were observed and logged, what could it reveal about my identity?" If the answer is "anything meaningful," reconsider the action.

The Five-Step OPSEC Process

The US military's OPSEC methodology applies directly to darknet anonymity:

1. Identify Critical Information: What information, if exposed, could identify you? Your real name, home address, device fingerprint, IP address, transaction history, shipping details, communication patterns.

2. Analyze Threats: Who might be trying to identify you? ISPs logging traffic, law enforcement, malicious vendors, blockchain analysts, forum participants.

3. Analyze Vulnerabilities: Where can your critical information leak? Through network traffic (IP exposure), device metadata, payment trails, written communication, behavioral patterns.

4. Assess Risk: What is the probability and impact of each exposure? Prioritize accordingly.

5. Apply Countermeasures: The tools and practices documented in this guide.

Essential Tools for Anonymity

Tor Browser — The Foundation

The Tor Browser (torproject.org) routes your internet traffic through at least three volunteer-operated relays. Each relay only knows the previous and next hop in the chain — no single relay knows both your real IP and your destination. The traffic between relays is encrypted in layers (hence "onion routing").

Critical Tor Browser configuration: Set security level to Safest (click the shield icon → Change...). This disables JavaScript, WebGL, and other features that can be exploited to deanonymize you. Many darknet marketplaces, including Nexus, are designed to work without JavaScript.

Never maximize the Tor Browser window — browser window size is a fingerprinting vector. Never resize it from the default. Never enable JavaScript for marketplace sites. Never log into personal accounts from Tor Browser.

Tails OS — Amnesic Live System

Tails OS (tails.boum.org) is a live operating system you boot from a USB drive. It leaves no trace on the computer you use it on. All internet traffic is forced through Tor at the OS level — no application can "leak" around Tor. After shutdown, RAM is overwritten to prevent cold boot attacks.

For maximum security, use Tails on a dedicated USB stick on a computer that is not connected to any personal accounts and is not used for regular activities. Keep the Tails USB physically secure. Update Tails regularly — it receives active security maintenance.

Tails' Persistent Storage feature allows you to save encrypted files (including your PGP key) between sessions. Use a strong passphrase for persistent storage.

VPN — Optional Tor Pre-Layer

The debate over VPN + Tor vs Tor alone is nuanced. A VPN (Virtual Private Network) before Tor (VPN → Tor) hides the fact that you're using Tor from your ISP, which can be useful if Tor usage itself would attract attention. However, it shifts trust to the VPN provider — if they log or are compelled to provide records, your Tor usage can be documented even if Tor's anonymity holds.

If using a VPN, requirements: no-log policy (verified by audit or history), payment with XMR or anonymous cash, no account information linkable to your real identity, jurisdiction outside 5/9/14 Eyes alliance. Reputable options include Mullvad (mullvad.net, XMR payment accepted), ProtonVPN (protonvpn.com), and IVPN.

PGP Encryption — Message Security

Pretty Good Privacy (PGP) is an asymmetric encryption system. You have a key pair: a public key (share freely) and a private key (never share). Anyone can encrypt a message using your public key. Only your private key can decrypt it. Digital signatures use the reverse: you sign with your private key, others verify with your public key.

On darknet marketplaces, PGP is essential for: encrypting shipping address details sent to vendors (so only the vendor can read them), encrypting sensitive communications, verifying vendor identity through PGP-signed messages, and verifying official platform announcements.

Install: GPG4Win (Windows), GnuPG (Linux/macOS via Homebrew or package manager). Generate a 4096-bit RSA or Curve25519 (Ed25519 + X25519) keypair. Use a unique keypair for each marketplace identity — never reuse a PGP key across different personas.

Dedicated Device

Using a dedicated device for darknet activity significantly reduces cross-contamination risk. If your regular laptop has work emails, personal accounts, and location services, any malware or logging application could expose those associations. A cheap second-hand laptop (purchased with cash, not registered) running Tails provides strong physical isolation.

Red Flags — What to Watch For

Certain behaviors and circumstances consistently indicate compromised OPSEC:

  • Site behaving differently than usual — Phishing sites, compromised mirrors, or honeypot operations may look identical but behave subtly differently (different captcha flow, extra login step, slightly different layout).
  • Vendor requesting unusual communication channels — A legitimate vendor has no reason to move conversation off the marketplace to Telegram, Signal, or email. This is a social engineering vector.
  • Pressure to skip escrow — "Finalize early" (FE) requests are a red flag. Even trusted vendors should not require escrow bypass.
  • Sudden username changes or account transfers — High-reputation vendor accounts are sometimes sold to scammers who then exit-scam buyers.
  • Unusually low prices — Significantly below-market prices often indicate a scam, counterfeit product, or rip-off scheme.
  • New accounts with too-good-to-be-true feedback — Freshly created vendor accounts with suspiciously high positive ratings may be sockpuppet-boosted.

What You Should Avoid

Never access the darknet from work, school, or library networks. These networks are logged. Even with Tor, the act of using Tor can be recorded. Network administrators may flag Tor traffic.

Never use the same username across any platforms. A single matching username between a darknet marketplace and a clearnet forum, social media profile, or gaming platform can uniquely identify you. Use a random username generator and verify it doesn't match any existing accounts.

Never discuss your darknet activity with anyone. Social exposure is the highest-risk vector. Most investigations begin with a tip from someone who knew about the activity.

Never take marketplace screenshots and share them. Screenshots may contain metadata, screen resolution, installed font information, or contextual visual clues that reveal your setup.

Never enable browser extensions in Tor Browser. Extensions can fingerprint your browser, leak data outside Tor, and may be compromised by adversaries.

Never save sensitive files to cloud storage. Cloud files are accessible to the service provider, law enforcement via subpoena, and potentially through account compromise.

Comprehensive OPSEC Checklist

  • ✓ Using Tor Browser at Safest security level
  • ✓ Using Tails OS on dedicated USB (preferred) or at minimum a dedicated device
  • ✓ Using a no-log VPN before Tor (optional but recommended)
  • ✓ All marketplace communications PGP-encrypted
  • ✓ Paying exclusively with XMR acquired through non-KYC method
  • ✓ Using a unique username not found anywhere else online
  • ✓ Not enabling JavaScript in Tor Browser
  • ✓ Not reusing PGP keys across different personas/marketplaces
  • ✓ Not accessing from home network without VPN (preferably not from home at all)
  • ✓ Not discussing activities with anyone
  • ✓ Verifying all onion addresses via PGP signature before use
  • ✓ Bookmarking verified addresses and not searching for them
  • ✓ Monitoring the warrant canary
  • ✓ Keeping Tor Browser and Tails updated
  • ✓ Using separate email addresses with no personal details for marketplace registration
  • ✓ Never providing accurate personal information — not even partial
  • ✓ Encrypting all shipping address details before sending to vendor
  • ✓ Using a pickup address (PO box, parcel locker) rather than home address when applicable