Security & OpSec Guide

The foundation of operational security is strict compartmentalization. You must never mix your real-life identity (clearnet presence) with your Tor identity.

• Username Hygiene: Never reuse a username, handle, or password that you have used anywhere else on the clearnet or other hidden services.
• Information Blackout: Absolutely no sharing of personal contact information, hints about your location, timezones, or local weather conditions in any communications.
• Dedicated Environment: Consider utilizing a highly secure operating system such as TailsOS or QubesOS booted from a USB drive for absolute hardware separation.

The darknet is rife with deceptive infrastructure designed to execute "Man-in-the-Middle" (MitM) attacks. These attacks intercept your connection, allowing an adversary to modify cryptocurrency addresses and steal your credentials.

• Trust No Source: Do not trust links from random wikis, anonymous forums, or Reddit. These are the primary vectors for MitM compromise.
• The Mandatory Protocol: Verifying the PGP signature of the onion link against the market's official public key is the ONLY way to be cryptographically certain you are on the genuine infrastructure.
• Never Bypass 2FA: Always enable Two-Factor Authentication using your PGP key. A MitM attack cannot successfully log in if they cannot decrypt the 2FA challenge generated by the genuine market server.

The Tor Browser is secure by default, but requires specific manual configurations to eliminate advanced tracking and de-anonymization techniques.

• Security Level: Immediately set the Tor Browser security slider to "Safer" or "Safest". This prevents malicious scripts from executing.
• JavaScript Execution: Disable JavaScript entirely (via NoScript or about:config) whenever possible during your analysis. Most genuine market infrastructure does not require JS to function.
• Window Fingerprinting: Never resize the Tor Browser window. Resizing the window allows tracking mechanisms to identify your monitor's exact resolution, creating a unique fingerprint tied to your hardware.

Cryptocurrency transactions inherently leave a permanent ledger of your activity. Breaking the link between your real-life fiat gateway and the darknet market is paramount.

• No Direct Transfers: NEVER send Bitcoin directly from a centralized or KYC-compliant exchange (e.g., Coinbase, Binance, Kraken) to TorZon Market infrastructure.
• Intermediary Wallets: Always route funds through an intermediary personal wallet strictly controlled by you (such as Electrum for BTC or the Monero GUI).
• Currency Choice: It is highly recommended to primarily use Monero (XMR) over Bitcoin (BTC). Monero utilizes ring signatures and stealth addresses to obscure the origin, amount, and destination of all transactions by default.