Operational Security (OpSec)

Security on the darknet is not a feature; it is a discipline. The following protocols are mandatory for anyone conducting research on DrugHub Market Access infrastructure. Failure to adhere to these standards compromises data integrity and user anonymity.

Critical Warning

Mistakes in OpSec are often irreversible. Read this guide entirely before proceeding.

Protocol Index

PGP Encryption (The Golden Rule)

Pretty Good Privacy (PGP) is the backbone of darknet security. Without it, you are exposed. "If you don't encrypt, you don't care."

Do This

Encrypt all sensitive data Client-Side (on your own PC) before copying it.
Verify the market's PGP signed messages.
Enable 2FA (Two-Factor Authentication) immediately.

Never Do This

Never use "Auto-Encrypt" checkboxes on websites.
Never store your Private Key on a server.
Never decrypt messages inside the browser.

                            -----BEGIN PGP MESSAGE-----

                            hQEMAwAAAAAAAAAAAQP/e... (ALWAYS ENCRYPT LOCALLY)

                            -----END PGP MESSAGE-----

Phishing Defense & Verification

The most common attack vector is "Man-in-the-Middle" (MitM) phishing. Fake sites look identical to the real DrugHub Market but steal your credentials and deposits.

How to Verify a Mirror:

Obtain the market's official public PGP key from a trusted source (like verified stats sites).
Navigate to the market's /verify or login page.
Copy the PGP signed message provided by the site.
Use your PGP software (Kleopatra/GPG) to verify the signature.
If the signature is invalid, LEAVE IMMEDIATELY.

Tip: Never trust links from Reddit, Wikipedia, or unverified darknet wikis. Only use links signed by the admin's key.

Identity Isolation

Your darknet identity must be completely walled off from your real life ("clearnet") identity. Data correlation is the primary method of de-anonymization.

Username Hygiene: Never reuse a username or password that you have used on Reddit, Steam, Discord, or any other website.
Metadata Scrubbing: Remove EXIF data from images before uploading. Do not discuss your time zone, weather, or local news.
Hardware Isolation: Ideally, use a dedicated OS like Tails or Whonix on a USB drive. Never use Windows for sensitive research.

Tor Browser Hardening

The Tor Browser is secure out of the box, but user behavior can compromise it.

Window Size

Never maximize the window. It creates a unique fingerprint.

JavaScript

Set Security Level to "Safer" or "Safest". Disable JS when possible.

Extensions

Do not install extra add-ons/plugins. They ruin your anonymity set.

Financial Hygiene

Blockchain analysis is sophisticated. Sending funds directly from an exchange (KYC) to a market is a guaranteed way to link your identity to the transaction.

Use Monero (XMR)

Bitcoin is a transparent ledger. Monero is private by default. DrugHub and most modern markets enforce XMR for this reason.

Intermediary Wallets

Exchange → Personal Wallet (GUI/Cake) → Market. Never send directly from an exchange to a vendor or market.