This guide is dedicated to serve as a newbie Opsec guide. In order to make your opsec stronger and not let the law enforcment easy life we created this guide to protect the community. you might want to get updateds regarding tor project and more updates on dread opsec forum.
If you don’t want your hotel or your ISP to know you use Tor, use a VPN.
(The VPN will be your first hop.)
Never use a free VPN (marketeer-Promoter/business or academic one).
Entering Tor, first you will be presented with an Entry Guard. The Entry Guard may stay with you for 2-3 months.
Set your browser’s homepage to “About Tor” or “Blank Page.
The only BIG one.
This is the most important note in this whole post, so I will repeat it.
Graphically set Tor to “Safest Mode” under “Privacy & Security” | Security (if you have that option).
When using the Tor browser, never click a Clearnet link (example: www.new.com/major-emergencry/); you will give yourself away and may encounter the Malicious Exit-Guard.
Switch to a Clearnet browser for that purpose.
In The Marketplace
When you arrive at the marketplace?
Time to switch gears to intuition and logic.
How did you arrive here?
Did you click on some link?
Did you blindly trust some link?
Verify and authenticate the marketplace.
Learn to do so. Don’t be afraid to ask how. Practice.
When you are in a market, calm down, go especially slow during checkout and double-check what you are submitting.
ALWAYS encrypt your personal information and NEVER let the market do it for you.
That was an always statement. Remember it.
Be courteous with the vendor. Remember; you are anxious, he is rushed.
You might have to learn to wait.
Don’t let your deal Auto-Finalize. That’s your responsibility.
Absolutely never pay the marketplace from the legitimate cryptocurrency exchange.
That was an always statement. Remember it.
You pay from your own wallet.
When making the transfer, add an extra dollar or two for the transfer to make sure you do not come up short and have to re-do the process. Markets tend to hike up actual prices and add transfers fees and you don’t want an exact monetary exchange taking place. The rest stays in your wallet.
SAFETY & SECURITY
Do not under any circumstances be complacent when in the marketplace. If you are tired, wait another day.
It won’t kill you and you will reduce your risk of doing something irreversible. This isn’t Amazon.
Do not upload photos to a Clearnet website. You are uploading physical evidence of a potential criminal prosecution what you obtained and possibility used in a crime and signing for it and the property no longer belongs to you once you have uploaded it, especially since it is now on the Clearnet time-stamped with the IP you visited and your browser data.
Tor keeps a decentralized distributed hash table between onion relays. So, by exiting dread’s onion and connecting to a .com site you then exit the safety of TOR’s network, resolve for a DNS, give that domain your IP, make a handshake and access it and along the way you may encounter the Malicious Exit Node.
If you want more anonymity, do not mix together the two worlds (cleanet and darknet in same time).
When you visit a hidden service (like Dread), it works differently as there are no IP addresses involved; the hidden service connects (over TOR) to a non-egress node called a “rendezvous server” and you ALSO connect to that same rendezvous server (also over TOR) – the rendezvous server then joins up the two connections and you don’t lose your anonymity.
Learn GPG/PGP/OpenPGP like your life depends on it.
We are on PGP version 2.3.3 but GPG 1.4.23 still works fine.
The point being — use it to encrypt your message to the vendor — no matter what. That was an always statement. Remember it.
NEVER make a PGP key online.
Set RSA Keys to 4096 and expiration to never and use a strong pass-phase key.
Make use of obfs4 bridges they are fantastic in protecting your anonymity and I personally get speeds of up to 6.4 Mbps
Avoid the Exit Node: how? Once you are done with Dread or with your Market logout and close the browser.
Do not go elsewhere. It ends right then and there. Shutdown.
The more people there are on Tor — the safer you are. Embrace the benefits of osf4 bridges.
Learn to practice patience. Do not count weekends. Do not repeatedly message the vendor. You are one of many clients and all this involves risks.
Join sub-forums. Read and write reviews. Engage in the community. It will give you a whole new sense of understanding and will open doors for you.
- Use a different username for each market.
- Tor has A LOT of vulnerabilities — all the more reasons for you to be on guard.
- Passwords are your greatest weakness. Learn to rely on KeepPassXC.
- Learn to rely on KeepPassXC for your passwords and bookmarks.
- Never re-use the same password.
- Use a different PGP for each market. Don’t leave trails.
- Never log into two or more sessions at once.
- Never log into two or more sessions at once. EVEN at different sites.