OPSEC COMPLETE GUIDE: STAY ANONYMOUS ONLINE
Operational security (OPSEC) is the discipline of protecting sensitive information from adversaries. For darknet market users, OPSEC is not optional — it is the difference between safety and exposure. This guide covers tools, methodologies, red flags, and the mistakes that get people caught.
UNDERSTANDING YOUR THREAT MODEL
PASSIVE SURVEILLANCE
ISPs log connection metadata (timestamps, data volumes). Government agencies may receive this data via legal process. Your ISP can see you are using Tor even without reading your traffic.
Mitigation: Tor Browser, Tails OS, VPN bridge into Tor (Tor over VPN)
ACTIVE INVESTIGATION
Targeted investigation using controlled deliveries, undercover vendors, traffic correlation attacks, and analysis of communication patterns and shipping metadata.
Mitigation: PGP encryption, counter-surveillance drops, physical OPSEC
BLOCKCHAIN ANALYSIS
Chainalysis-style transaction graph analysis can link BTC addresses to real identities via exchange KYC data. Even mixed coins retain statistical analysis vulnerability.
Mitigation: Use Monero (XMR) exclusively. Never use KYC exchange coins directly.
ESSENTIAL TOOLS FOR STAYING ANONYMOUS
TIER 1: ABSOLUTE ESSENTIALS
TOR BROWSER
Download exclusively from torproject.org. Routes all traffic through three encrypted relays. Keep it updated. Use "Safest" security level. Never install extensions — they break anonymity.
torproject.org ↗TAILS OS
Amnesic live operating system. Boot from USB, use it, shut down — leaves zero traces on host hardware. All traffic routes through Tor. Runs in RAM only. The gold standard for secure browsing.
tails.boum.org ↗PGP ENCRYPTION
Use GPG4USB or Kleopatra on Windows; GnuPG on Linux/Mac. Generate 4096-bit RSA or Ed25519 keypairs. Never share private keys. Verify all vendor public keys via signed test messages before sharing sensitive info.
gpg4usb.org ↗TIER 2: ENHANCED SECURITY
WHONIX
Virtual machine system that routes all traffic through Tor at the OS level. Even if an application is compromised and leaks your IP, Whonix's architecture prevents the leak from reaching the network.
whonix.org ↗MONERO (XMR)
The only cryptocurrency with protocol-level mandatory privacy. No KYC coins, no mixer dependencies, no blockchain analysis risk. Use Feather Wallet connected via Tor.
XMR Guide →DEDICATED HARDWARE
Use a separate physical device (cheap laptop, Raspberry Pi) exclusively for privacy-sensitive activity. Never use your work or personal computer. This isolates all activity from your regular digital footprint.
VPNs: WHAT THEY DO AND DON'T DO
VPNs are widely misunderstood in the context of darknet OPSEC. A VPN shifts trust — instead of trusting your ISP with your traffic, you trust your VPN provider. If the VPN provider logs and cooperates with law enforcement, you lose any benefit.
VPNs are not anonymous by themselves. Most VPN providers require payment (often traceable), know your real IP when you connect, and are based in jurisdictions with legal process. Premium VPNs with no-log policies provide minimal protection against targeted investigation.
VPN over Tor (connecting to Tor first, then VPN) hides that you're using Tor from your ISP but doesn't improve anonymity inside Tor. Tor over VPN hides your Tor usage from your ISP — potentially useful in high-surveillance environments where Tor use itself is suspicious.
RED FLAGS: WHAT GETS PEOPLE CAUGHT
Ordering to your home address
Use a drop address or PO box. Home address delivery creates a direct physical link between you and the package.
Using personal email for registration
Create a new, anonymous email via ProtonMail or Tutanota over Tor. Never link to existing accounts.
Reusing usernames across platforms
Your forum username from a decade ago could be searched and linked to your current identity through correlation analysis.
KYC crypto from exchange to marketplace
The exchange knows your identity; the blockchain records the transaction. Even "cleaned" coins retain statistical risk.
Opening documents/PDFs from the market
PDFs can phone home via embedded links, revealing your real IP. Open offline or in an isolated VM (Tails includes a sandboxed document viewer).
Taking photos with your phone
Phone images contain EXIF data including GPS coordinates and device identifiers. Strip metadata using tools like ExifTool before any upload.
Using Tor from your regular browser
Never use Tor Browser extensions or plugins. Never use Tor from a browser that has your Google/Facebook account cookies.
Sharing screenshots with metadata
Screenshots may reveal screen resolution, timezone, installed fonts — all browser fingerprinting data. Use screenshot tools that strip metadata.
Leaving Tor running idle
Connection patterns can be analyzed over time. Disconnect when not actively using. Avoid predictable usage times.
Discussing purchases on social media
Even vague references to unusual packages or spending can create correlatable intelligence for investigators.
Same device for darknet & clearnet
Browser fingerprinting can correlate activity across Tor and regular browsing if the same hardware/OS is used without isolation.
Weak operational security with vendors
All vendor communications should be PGP-encrypted. No personally identifiable information should ever appear in unencrypted messages.
ADVANCED OPSEC PRACTICES
COMPARTMENTALISATION
Maintain strict separation between all aspects of your operational and personal identity. Different devices, different email providers, different usernames, different payment methods — never overlap.
BRIDGE RELAYS
If Tor is blocked or monitored in your jurisdiction, use Tor bridges (obfs4 or Snowflake) to disguise your Tor traffic as regular HTTPS. Request bridges via Tor Project's BridgeDB.
COLD STORAGE
Never store significant cryptocurrency in hot wallets. Use hardware wallets (Trezor, Coldcard) or paper wallets generated offline for long-term storage. Only move funds to hot wallets immediately before use.
DEAD DROPS
For physical deliveries, consider alternative pickup methods: PO boxes in a different city, hold-for-pickup services at postal locations, or trusted intermediary addresses with your name absent from the package.
DEVICE HYGIENE
Full disk encryption on any device used for privacy-sensitive activity. Set automatic screen lock. Understand that encrypted devices can still be imaged while powered on (cold boot attacks).
PGP KEY ROTATION
Rotate PGP keypairs every 6 months. When rotating, publish a signed notice of the new key, signed by the old key, so your counterparties can verify continuity without trusting a third party.