Module: Security

Security & OpSec

Operational security defines the boundary between compromised data and structural anonymity. This guide documents the mandatory protocols required for safely interfacing with the DrugHub Market infrastructure. Neglecting these cryptographic and behavioral standards inevitably leads to severe identity or asset compromise.

Warning: Routine errors result in total loss of funds and identity exposure.

01

Identity Isolation

Total compartmentalization is the foundation of operational security. Never allow your real-life identity (clearnet) to intersect with your tor-based identity. This includes usernames, passwords, and stylistic communication habits.

  • Do not reuse credentials: Never use a username or password that you have utilized on surface web services, forums, or social media.
  • Avoid cross-contamination: Do not access your darknet identities from networks or hardware strictly associated with your personal life without proper virtualization (e.g., Tails OS, Whonix).
  • Communication discipline: Never disseminate personal contact information, clearnet email addresses, or identifying regional dialects within marketplace communication channels.
02

Verification & MITM Defense

Man-in-the-Middle (MITM) attacks are deployed globally across the tor network to intercept credentials and rewrite cryptocurrency addresses on the fly. You are solely responsible for cryptographic verification of your connection points.

The only absolute method to ensure infrastructure authenticity is to verify the PGP signature of the provided onion address against the known, trusted public key of the administrators.

Rule of Authentication

Do not blindly trust uniform resource locators (URLs) sourced from random wikis, clearnet forums, or Reddit threads. If the cryptographic signature fails, the node is compromised. Terminate the connection immediately.

03

PGP Encryption (The Golden Rule)

"If you don't encrypt, you don't care."

Relying on marketplace server-side encryption is a critical vulnerability. If the database is seized or heavily monitored, server-side unencrypted data is instantly readable by unauthorized third parties.

  • Client-Side Encryption Only: All sensitive communication, addressing, and specific coordinates must be encrypted locally on your own hardware using software like Kleopatra or GnuPG.
  • Never Use Auto-Encrypt: Ignore any "Auto-Encrypt" toggles provided by the web interface. You must manually encrypt the text blockade and paste the resulting PGP armor into the text field.
  • Key Management: Backup your private key safely. If you lose access to your private key on a passwordless marketplace, your account cannot be recovered.

Tor Hardening

Security Slider Always configure your Tor Browser security level to "Safer" or "Safest". This inherently disables dangerous web parameters.
JavaScript Execution Ensure JavaScript is disabled (via NoScript extension). Malicious scripts can break browser isolation and expose local metrics.
Window Fingerprinting Never resize your Tor Browser window. Altering the default resolution allows advanced fingerprinting algorithms to uniquely identify your session based on viewport dimensions.

Financial Hygiene

Blockchain analysis is highly sophisticated. Financial routing must be structured to break heuristic tracking.

Protocol Directives:

  • Never transmit Bitcoin (BTC) directly from a centralized exchange (e.g., Coinbase, Binance) to a darknet infrastructure address.
  • Always route funds through a personal, intermediary non-custodial wallet operating on local hardware (e.g., Electrum).
  • Monero (XMR) Recommendation: The utilization of the Monero protocol is highly recommended over Bitcoin due to its mandatory ring signatures and stealth addresses, effectively nullifying standard ledger analysis.

Emergency Revocation

If you suspect your session has been compromised via unauthorized extraction, immediately terminate your VM infrastructure.

Consult FAQ →