Security & OpSec Manual

Compartmentalization is the foundation of network anonymity. Never mix real-life identity markers with your Tor routing profile.

• > Do not reuse usernames or passwords from clearnet sites or external forums. Generate unique credentials utilizing offline entropy.
• > Never provide personal contact info (emails, social handles, external messaging apps) under any circumstances.
• > Maintain separate hardware or distinct virtual machine segregation for specific operational scopes if possible.

Man-in-the-Middle (MitM) attacks intercept traffic by providing a fake gateway to capture credentials and rewrite destination addresses.

• > Verifying the PGP signature of the onion link against the official public key is the ONLY way to be sure you are on legitimate infrastructure.
• > Do not trust links sourced from random wikis, unverified forums, or Reddit. These are primary vectors for manipulation.
• > Always implement 2FA (Two-Factor Authentication) utilizing PGP decryption.

The Tor Browser applies out-of-the-box mitigations, but user behavior can override automated defenses.

• > Navigate to settings and elevate the security slider to "Safer" or "Safest" to disable malicious execution vectors.
• > Ensure JavaScript is globally disabled (via NoScript extension configurations) on critical endpoints.
• > Never resize the browser window. Altering dimensions allows adversaries to fingerprint your specific hardware display metrics.

Ledger analysis is highly sophisticated. Clearnet off-ramps constantly monitor transactional logic.

• > Never send cryptocurrency directly from a KYC exchange (e.g., Coinbase, Binance) to a darknet entity.
• > Route funds through an intermediary personal wallet (Electrum for BTC, official GUI for XMR) before transacting.
• > We highly recommend the use of Monero (XMR) over Bitcoin (BTC). XMR employs ring signatures and stealth addresses to enforce baseline privacy.