Darknet markets are as close as it gets to a free market, where you can order drugs and have it delivered to you by mail. The purpose of this thread is to discuss opsec, ask for help and discuss markets in general. This thread should be fully legal as long as you don't solicit or facilitate illegal transactions, meaning:
<Don't beg to buy from someone
<Don't attempt to sell to anyone here
<Don't link to dealer Instagram/Reddit/Snapchat accounts. These accounts are run by either scammers or feds.
<Don't directly link to any market. These links could be fake scam/fed markets, designed to phish your login details and steal your cryptocurrency. Only use
https://dark.fail/The following is my personal recommendation for good opsec while conducting business, however, you must [b]read the darknet market bible[/b] (.pdf attached) after you are done with this post. If you don't read theory, it's likely you will be caught and convicted.
>Will I be 100% safe?In theory, no. The darknet market bible, together with this thread, is meant to minimize the risk of getting caught as much as possible. If you follow the exact procedure outlined in the bible, you should be okay, especially as a small-time buyer.
Tails
Tails is an Linux-based operating system that runs entirely on your RAM and is wiped when PC is powered off. If the cops intercept your item, conduct a controlled delivery and seize your machine, they will not be able to find evidence linking you to the package and you can deny involvement via a lawyer.
You will want to install the Tails operating system to a USB flash drive with at least 8GB of storage. Personally, I'd go for USB 3.0, with at least 16GB storage for persistent volume purposes, or even 128GB or more if you want to store the Monero local node on it. You also need a PC with at least 1GB RAM to run Tails. The bible contains a guide for installing Tails in [b]2.A.2 Installing Tails[/b]. You can download it here:
https://tails.boum.org/install/index.en.html
>Why shouldn't I use Windows?These types of OS are usually installed on a hard drive where all your data is stored when it is powered off. It would be stupid to store your darknet-related files here (including wallets and wallet passwords), because if the police sieze your machine, they will find everything.
>I have previously conducted deals over Windows. How do I get rid of the evidence?You should uninstall and delete everything related to darknet markets, including Tor, PGP-related programs and files. The data will still be physically present on your drive, however. If your programs and files were stored on a hard disk drive (HDD), then you can use overwrite software, such as DBAN, that wipes the entire drive, or other software that overwrites only the space marked as deleted. Tails can also wipe the available disk space of any drive.
If your programs and files were stored on a solid-state drive (SSD), you should not use overwrite software as they could damage or even destroy your drive. Securely erasing an SSD is a bit more complicated, you can read more about it here:
https://security.stackexchange.com/questions/223110/how-to-securely-erase-the-free-space-on-an-ssd-in-windows-10
>How do I run Tails?You can insert the flash drive, restart your PC and enter the BIOS where you can change the OS boot order. Move your USB to the top of the list and exit the BIOS.
Persistent volume
This is the best place to store your darknet-related files, such as PGP private keys, wallet passwords, market private links, and passwords, etc. This is a LUKS-encrypted partition of your Tails USB, so if the cops manage to seize your USB, they won't get much out of it.
The persistent volume is encrypted with a password, so make sure to [b]use a long password that cops can't guess[/b]. Personally, I use one that's 32+ characters, with numbers, symbols, and without any real words. Do not store the persistent volume password digitally, especially on any old hard drive or the cloud, so write it down in a diary or something so you remember it. You should also back up your persistence volume regularly to not lose your files. The bible explains how to create it in [b]2.A.4 Setting up persistence volume[/b]
JavaScript
You must disable JavaScript in Tor every time you boot up Tails. It's a useful scripting language that allows for truly interactive websites, however, it's a major security risk, as it allows websites to run arbitrary code in your browser. Attackers can gather data that could lead to fingerprinting your system.
You can disable JavaScript by setting the security mode to [b]Safest[/b]. This can be done by clicking on the shield icon in the toolbar, or going to
Settings > Privacy & Security > Safest. You can also type in [b]about:config[/b] in your address bar and set [b]javascript.enabled[/b] to False.
>What's the risk?For a more practical example: in 2013, the FBI took over a tor hosting service named Freedom Hosting and inserted a malicious script in the pages of the onion sites hosted on that service. That malicious JavaScript used an exploit to run a payload that called home to a fed-controlled machine that sent the real IP address of the computer that had visited the site as well as a unique identifier for the computer. If a site complains that you have it disabled or asks you to enable it, you should leave immediately. The bible explains the risk of using JavaScript in [b]1.2 Using Reddit with Tor[/b]
Cryptocurrency
Tails comes with Electrum by default, which is a Bitcoin (BTC) wallet. Most markets accept Bitcoin, but for ultimate privacy, you should [b]conduct transactions with Monero[/b] (XMR), as Bitcoin is not private. The benefit of Monero is that you can run your own local node by downloading the entire blockchain (70+ GB) instead of using a remote node. If a remote node is compromised, they can match transactions to your IP address, defeating the purpose of Monero to begin with.
>How is Bitcoin not private?Bitcoin transactions are traceable and can easily be linked to your ID, so you should tumble your Bitcoin if you don't want to get caught. However, this is not a fool-proof method and can be illegal. The most secure way to spend your Bitcoin anonymously is to first [b]convert your Bitcoin to Monero[/b] through a non-KYC exchange like ShapeShift, MorphToken or Godex, over Tor without using JavaScript. This is known as cross-cryptocurrency tumbling. You can now pay with Monero, or you could convert your Monero back to Bitcoin through another non-KYC exchange like XMR.to, so that the resulting Bitcoin will be completely untraceable to your original Bitcoins since they were purchased with Monero, over Tor without KYC or JavaScript. The bible explains the pros and cons of this method in more detail in [b]3.2 Tumbling[/b]
>What type of Electrum wallet should I use?Set up a normal wallet. [b]Do not use two-factor authentication[/b]. It requires you to install apps on your smartphone which defeats the purpose of opsec. The bible explains the pros and cons of this method in more detail in [b]3.3 Setting up your wallet[/b]
>Should I use my existing wallets to conduct deals?If you've ever stored the passwords and mnemonic generation seeds for your wallets on an unencrypted drive, then no. If the police seize your machine and gain access to your wallet, they may be able to prove you sent money to a darknet market. The exception to this is if you are using Monero, as it anonymizes the receiver and sender. Make sure the passwords and mnemonic generation seeds for your wallets are stored in your persistent volume, or written down.