Operations Security
Deep Dive

🎭 Create detailed Separation

• Use unique usernames never used anywhere else
• Different writing style (avoid recognizable phrases)
• Don't reference real-world events that could place you
• Different time zones for activity (if possible)
• Never mention personal details, even vague ones
• Separate wallets for each identity/market

💻 Digital Hygiene

• Use Tails OS for maximum isolation (leaves no trace)
• Never access darknet from your regular browser or OS
• Keep Tor Browser updated to the latest version
• Use full-disk encryption on any storage
• Securely wipe any temporary files
• Don't save passwords in browsers

🌐 Network Isolation

• Never use your home WiFi for sensitive activities
• Public WiFi adds a layer but isn't anonymous alone
• Consider the camera/CCTV situation at public locations
• Don't use the same network for real and darknet identities

📦 Delivery OpSec

• Use addresses that aren't directly linked to you
• Consider package forwarding or PO boxes
• Never sign for packages - plausible deniability
• Be aware of delivery patterns (timing, frequency)
• Dispose of packaging securely
• Have a plan if a package is intercepted

🏠 Home Security

• Keep devices secure and encrypted
• Use hidden volumes for sensitive data (VeraCrypt)
• Have a plausible explanation for encrypted drives
• Don't leave evidence lying around
• Know your rights regarding searches

🎯 Understanding Your Adversaries

Effective OpSec starts with understanding who you're protecting yourself from. Different adversaries have different capabilities:

• Criminal actors: Scammers, hackers, and malicious vendors looking to steal funds or credentials
• Market operators: Insiders who may have access to messages and transaction data
• Law enforcement: Agencies with significant resources for investigation and surveillance
• Network attackers: Those attempting to compromise Tor or exploit vulnerabilities
• Personal connections: Friends, family, or roommates who might discover your activities

📊 Risk Assessment

A proper threat model helps you allocate security resources effectively:

• Evaluate the likelihood of each threat based on your specific activities
• Consider the potential consequences and severity of each type of compromise
• Prioritize defenses based on the most probable and severe threats
• Regularly reassess as your activities and the threat landscape change over time

🚫 How People Get Caught

Most OpSec failures come from small mistakes that accumulate over time. Learn from others' errors:

• Bragging: Telling friends, posting hints online, or discussing activities anywhere
• Pattern recognition: Regular schedules, consistent behaviors that become predictable
• Cross-contamination: Using the same usernames, email addresses, or writing styles across identities
• Physical evidence: Keeping records, not disposing of packaging properly, leaving traces
• Technical mistakes: Disabling security features, using compromised networks, ignoring updates
• Complacency: Getting comfortable and lowering your guard over time

❓ Common Questions

• Is perfect OpSec possible? No security is perfect, but good OpSec makes you a harder target than most. Focus on making mistakes expensive for adversaries.
• Do I need Tails for casual browsing? For maximum security, yes. For lower-risk activities, Tor Browser on a dedicated machine may be sufficient.
• How do I know if I'm compromised? Often you don't until it's too late. This is why prevention is critical. Watch for unusual account activity.
• Should I use a VPN? The Tor Project recommends against VPN+Tor for most users. It can actually reduce anonymity and adds trust in the VPN provider.
• What about mobile access? Avoid mobile access entirely if possible. Mobile devices are harder to secure and have more identifying features.
• How often should I update my practices? Regularly review and update your OpSec as new threats emerge and technology evolves.