Complete OPSEC & Anonymity Guide

Why OPSEC Matters

Digital forensics capabilities have advanced far beyond what most people appreciate. Law enforcement agencies and private intelligence firms have developed sophisticated tools to correlate IP address fragments, browser fingerprint signatures, on-chain cryptocurrency patterns, metadata traces, and behavioural patterns across sessions and platforms.

A single failure — logging in from your home IP once, reusing a username across platforms, or sending Bitcoin directly from a KYC-verified exchange — can create a correlation chain that unravels years of careful operational security. True anonymity is not a single tool. It is a systematic, layered approach where every component reinforces the others.

🌐 Network & Browser Security

Tor Browser — The Foundation

The Tor Browser is the only browser that routes traffic through the Tor anonymity network, resolves .onion addresses, and includes the anti-fingerprinting protections necessary for darknet use. It is non-negotiable.

• Download exclusively from torproject.org — never from mirrors, app stores, or third-party sites
• Verify the cryptographic signature on every download before running the installer
• Set Security Level to Safest before opening any .onion site (disables JavaScript, WebGL, and other attack vectors)
• Never install additional browser extensions — they break Tor's anti-fingerprinting design
• Never resize the Tor Browser window — this creates a unique fingerprint from your screen resolution
• Do not enable WebRTC — it can leak your real IP address

Tails OS — Zero Persistence

Tails OS is an amnesic live operating system that boots from a USB drive and leaves zero trace on the host computer. Every session starts clean — no logs, no cached data, no history. Strongly recommended for any high-sensitivity operation.

• Download from tails.boum.org — verify via the official verification tool
• Boot directly from USB — never install to disk if you require zero persistence
• Tails routes all traffic through Tor by default — no configuration required
• Encrypted persistent storage can be enabled for saving configuration between sessions if needed

Whonix — Virtualised Tor

Whonix is a desktop operating system designed for advanced security. It uses two virtual machines: a Whonix-Gateway (handles all Tor routing) and a Whonix-Workstation (where you work). Even if the workstation is compromised, your real IP cannot leak.

VPN + Tor

Using a VPN before connecting to Tor (VPN → Tor) can hide from your ISP that you are using Tor. However, this adds a trusted party (the VPN provider) and is not a substitute for Tor Browser security. Never use a VPN as a replacement for Tor.

🖥️ Device & System Security

Dedicated Device Policy

Using a dedicated device exclusively for darknet operations eliminates cross-contamination between your normal digital life and sensitive activity. This is one of the highest-impact single OPSEC improvements you can make.

• Purchase with cash from a retail store — do not order online or use traceable payment
• Never log into personal accounts (Google, Apple ID, Microsoft) on the dedicated device
• Never connect to your home or work WiFi — use a dedicated mobile hotspot or public network
• Enable full-disk encryption immediately (LUKS on Linux, VeraCrypt on Windows, FileVault on macOS)
• Set a strong boot password — device encryption is useless without it

Physical Security

• Cover or physically disconnect webcams and microphones when not in use
• Be aware of your environment — shoulder surfing is a real threat
• Use privacy screens in public spaces
• Have a clear data destruction plan — know how to securely wipe the device

Operational Security During Sessions

• Never leave an active session unattended — use a lock screen or shut down
• Clear browser data and restart Tor circuits between market sessions
• Check for Tor circuit status — if a circuit looks unusual, rebuild it

🆔 Account & Identity Management

Username & Password Discipline

• Generate usernames using a random word generator — never based on your name, location, or interests
• Use a completely different username on every market and forum — never reuse
• Generate passwords using KeePassXC (offline) with maximum entropy — minimum 24 characters
• Store credentials only in KeePassXC — never in browser, never in cloud-based password managers
• Keep your KeePassXC database on an encrypted drive separate from your main system

PGP — Your Primary Communication Tool

PGP (Pretty Good Privacy) encryption ensures that only the intended recipient can read your messages. On Torzon, PGP is mandatory — vendors must publish keys, and all sensitive communication must be encrypted.

• Generate your PGP key pair on an air-gapped or Tails machine for maximum security
• Use RSA-4096 or Ed25519 key types — minimum 2048-bit for RSA
• Set a strong passphrase on your private key
• Never reuse a PGP key across multiple market accounts or identities
• Publish your public key on Torzon's vendor profile if you are a vendor
• Always verify vendor PGP keys before communicating sensitive information

Two-Factor Authentication

• Enable 2FA on all Torzon market accounts
• Use an offline TOTP app (Aegis on Android, Raivo on iOS) — never SMS-based 2FA
• Back up 2FA seeds in your encrypted KeePassXC database

💬 Communication Security

• Communicate with vendors exclusively through Torzon's encrypted messaging system
• Always encrypt messages with the vendor's PGP public key before sending
• Never share shipping details in plaintext — encrypt every message
• Minimise personal information in communications — use code words or general descriptions
• Never move communications off the market platform to clearnet channels
• Do not discuss market activity on Reddit, Discord, Telegram, or any clearnet platform
• If a vendor asks you to communicate outside the market, treat this as a red flag

🚨 Critical Red Flags & Common Failures