OPSEC & Anonymity Guide

Why OPSEC Matters

Operational Security (OPSEC) is the practice of protecting sensitive information and behaviors from adversarial discovery. In a digital context, this means systematically identifying what information exists about you, where it lives, who has access to it, and what could go wrong if it were exposed.

Law enforcement agencies and private analytics firms now employ sophisticated correlation tools that can reconstruct digital identities from fragments: IP address logs, browser fingerprints, transaction metadata, linguistic patterns, and timing analysis. A single unguarded moment — an accidental clearnet login, a reused username, an unencrypted message — can collapse years of careful practice into a traceable chain.

The threat model for darknet activity includes not only law enforcement but also other market participants who may attempt deanonymization for competitive or financial gain. Robust OPSEC protects against both.

This guide follows the principle of layered security: no single tool or practice is sufficient. The goal is to build a stack of overlapping protections where failing one layer does not immediately expose you to the next threat.

Threat Landscape

IP/DNS CorrelationHigh

Browser FingerprintingHigh

Crypto Chain AnalysisMedium

Human ErrorVery High

Physical SurveillanceLow-Med

Key Principle

The weakest link in any OPSEC setup is human behavior. Technical tools fail when the person using them makes shortcuts. Consistency is more important than any individual tool.

Network Security

🌐

Tor Browser Configuration

Download only from torproject.org — verify installer signature
Set Security Level to Safest (Shield icon → Advanced Settings)
Never enable JavaScript unless strictly required on a specific site
Do not install any browser extensions — they break fingerprint uniformity
Never maximize the window — browser window size is a fingerprinting vector
Do not log into Google, Facebook, or any clearnet account over Tor
Request a new circuit for each sensitive site (New Circuit button)

🧅

Tails OS (Recommended)

Tails is an amnesic live operating system that boots from USB
Every session starts clean — no persistent traces on the computer
All traffic is automatically routed through Tor at the OS level
Download from tails.boum.org only — verify cryptographic signature
Persistent storage can be enabled with strong passphrase (LUKS-encrypted)
Do not use Tails on a computer with a compromised BIOS/UEFI

🖥️

Whonix (Advanced)

Whonix is a two-VM system: Gateway (Tor) and Workstation (isolated)
Provides stronger isolation than Tor Browser alone
The Workstation cannot connect to the internet without going through the Gateway
Works with VirtualBox or KVM on Linux/Windows hosts
Available from whonix.org — verify GPG signature
Best combined with a dedicated physical machine

🔒

VPN Considerations

VPN + Tor: hides Tor usage from ISP, but VPN provider sees you use Tor
Tor + VPN: not recommended — reduces anonymity, creates exit node trust dependency
Choose VPN providers that accept XMR payment and keep no logs
Mullvad and IVPN accept Monero and are independently audited
A VPN alone is not a substitute for Tor — never use VPN-only for .onion access

Device & System Security

Physical Isolation

Use a dedicated device for darknet activity — not your daily-use machine
A used laptop purchased with cash (no paper trail) is ideal
Remove or disable the device's built-in microphone and camera
Never bring a secondary phone to the same location as your dedicated device
Keep the dedicated device powered off and disconnected when not in use
Do not store it in a location that could be searched under warrant

Disk Encryption

Enable full-disk encryption before first use — LUKS on Linux, BitLocker or VeraCrypt on Windows
Use a strong, long passphrase — not a word or predictable pattern
A VeraCrypt hidden volume can plausibly deny the existence of sensitive data
Encrypt individual files containing market credentials separately
Never store credentials in a cloud-synced folder (iCloud, Google Drive, OneDrive)
Store encryption passphrases in memory only, or in an air-gapped encrypted document

Metadata & Artifacts

Clear browser history after every session — or use Tails which does this automatically
Remove EXIF metadata from any images before uploading
Do not take screenshots on the same device you use for clearnet activity
Print documents at a public printer, not your home device (printer metadata)
Disable swap/pagefile to prevent sensitive data being written to disk

Software Hygiene

Keep Tor Browser and OS updated — security patches are critical
Use only open-source software where possible for sensitive operations
Do not install software from unverified sources on your dedicated device
Periodically reinstall your OS from scratch (especially on Tails — it's automatic)
Audit running processes and network connections regularly

Cryptocurrency Hygiene

💎

Monero Best Practices

Purchase XMR from a no-KYC source: LocalMonero, Haveno, or cash ATM
Use Feather Wallet or the official Monero GUI — open-source, audited
Create a new wallet for each market account or session cycle
Never reuse deposit addresses provided by the market
Wait for sufficient confirmations (10+) before transacting
Do not combine wallet outputs from multiple sources without reviewing transaction graph

₿

Bitcoin Safety Measures

If using BTC, never send directly from a KYC exchange
Use CoinJoin (Wasabi Wallet, JoinMarket) before moving funds to market
Enable full BTC node or use Electrum with Tor only
Use fresh Bitcoin addresses for each transaction
Strongly consider converting to XMR via atomic swap before depositing
Remember: BTC chain analysis tools can trace most mixing attempts

Identity & Communication

Account Creation

Usernames must be randomly generated — no personal references
Use a different username on every market you access
Never use your darknet username on any clearnet platform
Passwords must be long (24+ chars), random, unique per account
Use KeePassXC (offline, encrypted) for credential storage
Enable all available 2FA options on market accounts

PGP Communications

Generate a dedicated PGP key for darknet use only
Use RSA 4096-bit or Ed25519 key type
Never use your darknet PGP key for clearnet communications
Verify vendor PGP keys before sending sensitive information
Encrypt all delivery address messages regardless of whether the platform encrypts by default
Rotate your PGP key periodically (annually at minimum)

Critical Red Flags & Mistakes to Avoid

Network & Access Mistakes

Accessing .onion sites over clearnet or VPN-only connection
Using home WiFi or any traceable IP for darknet access
Logging into clearnet accounts (email, social media) during a Tor session
Using a borrowed or shared computer for market access
Connecting from a location linked to your identity (home, office)

Cryptocurrency Mistakes

Sending BTC directly from KYC exchange to market wallet
Reusing deposit addresses across multiple sessions
Using blockchain explorers while logged into Google
Converting market earnings to fiat without proper mixing
Storing large crypto balances on the market platform

Identity Mistakes

Reusing usernames from clearnet platforms on darknet markets
Using the same writing style, slang, or idiosyncratic spelling across platforms
Discussing market activity on clearnet forums, Discord, or Telegram
Clicking links in unsolicited messages — likely phishing attempts
Sending unencrypted delivery addresses via private message

Physical & Device Mistakes

Using a smartphone for darknet activity — phones are highly deanonymizable
Taking screenshots or photos of the market interface on a personal device
Leaving the dedicated device powered on and unlocked when not in use
Storing written credentials in predictable physical locations
Using market-related software on a device that has been through customs