The Ultimate OPSEC Guide To Stay Secure Online

Privacy Checking

Check that you’re currently displaying a Tor IP address and that all scripts are disabled. If they’re not then this is a privacy risk and you should continue to follow the advice below.whoer.net

Find and check IP address

What's my IP address, how to find and check my IP address. Two versions of anonymity check: light and extended

For results under “Location” it should be giving the Tor servers hostname, ISP and not you’re own. Under “Your Anonymity” it should list an ‘X’ against Tor meaning you are correctly using tor. Under the Browser results it should be listed like this.

• Javascript-disabled
• Flash-disabled
• Java-disabled
• ActiveX-disabled
• WebRTC-disabled

Blocking Scripts Globally
When you first install Tor Browser bundle, make sure scripts via NoScript are not globally allowed. This is very dangerous to your privacy and should be turned OFF. you can right click the no script icon (S icon next to address bar) and select options, in general tab, uncheck the scripts globally all owed tab.

Slider Options
The new slider options should also be changed. Click on the Onion icon at the top of tor browser for the
drop down menu, and click “Security settings” and on the slider it should be set to ‘High’ for security level (by default is set as low).

Note: Tails OS resets these slider options so make sure you have them set to ‘High’ whenever you access the Tor Browser.

Plugins
Addons/plugins should be blocked and/or not installed at all. NONE of the
plugins not supported by the Tor Project run the risk of bypassing the Tor Network and accessing the net directly, which runs the risk of leaking your real IP Address. It should be clear indication to anyone why this is an issue, but people sometimes disregard the risks and lose a large part of their OpSec over mistakes like these.

Tails OS
Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD
card. It aims at preserving your privacy and anonymity, and helps you to: use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leaving no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

It’s an extra layer of protection that a lot of people trust and use. To learn more, please visit t
the various links below. They provide thorough, and detailed documentation on the usage and installation of the Tails OS.

Whonix
An alternative to Tails and also an open source project. Whonix is an operating system focused on
anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.

Shredding History / Footprints

This section only applies to users who use the Tor Browser while not using Tails OS or Whonix

The recommended tool for cleaning footprints, history, cache, etc. from your drive is using a program known as CCleaner. It is recommended to go to Options > Settings and then select Complex Overwrite (7 passes) and ‘secure file deletion’. Make sure all the boxes are ticked when Cleaning,
including the Windows and Application tabs.

This is recommended normally before the connection to Tor and after you’ve left Tor, to wipe all cookies
etc. Remember that though this may clear a good deal of the tracks left behind of your activity on your PC, no cleaning software can ever remove all traces all of the time.

Cookies – How The NSA is using them to track TOR users?
Let’s suppose that there is a famous online shopping website, owned or controlled by NSA. When a normal user opens that website from his own real IP address, the website creates a cookie on the user ’ browser and stores real IP address and other personal information about the user. When the same user will again visit the same NSA owned website, enabling Tor this time on the same browser – the website will read last stored cookies from the browser, which includes the user’ real IP address and other personal Information. Further websites just need to maintain a database of Real IP addresses against the Tor Proxy enabled fake IP addresses to track anonymous users. More Popular the site is, More users can be tracked easily. Documents show that the NSA is using online advertisements i.e. Google Ads to make their tracking sites popular on the internet.

How can you avoid Cookie tracking?
One browser can’t read the cookies created by other browser (As far as we know at the moment but this
may change in the future, or become public). So Don’t use Tor on the same browser, that
you use for regular use with your real IP address. Only use the standard Tor Browser Bundle instead for Anonymous activities. You should always clear the cookies (with CCleaner or alike) after you’re done so any stored information, such as log on informati
on – will not be stored on that computer. If you’re doing something very interesting, you should use Tor on a virtual machine with the live OS so that cookies and cache and other OS data are dumped when the machine is closed.
OPSEC FOR BOXERS & OTHER SELLERS:

PRINT SHIPPING LABELS JUST BEFORE DROPPING OFF PACKAGES

This is one I’ve only seen once or twice here on dread but that doesnt mean its not important. See, when
LE has their eye on a vendor one method of identifying them is to stake out USPS drop boxes. First, they
might place an order er with you, then once you create the shipping label they will be able to see it. They’ll take the zip code used in your return address, stake out drop boxes in that area, and wait for you to pop up (like many vendors have done in their own car).

Now maybe you’re thinking, “LE doesnt have the manpower to watch all of those drop boxes and there are wayyy too many people using them”. First, the thing is they DO have the manpower and its been done
many times before. They also do things like stuffing/closing drop boxes so you’re forced to drop off
packages in a different location. Second, there really aren’t that many people using all of those boxes. I
know we’ve all been told that “people with those shitty etsy stores” dump tons of packages into those
boxes. Sure, it’s true in some places but not nearly as true as you think.

STOP DROPPING OFF PACKAGES IN YOUR OWN CAR
Or any form of transportation that can be linked to your identity for that matter. LE might not be staking
out that dropbox box you’re at but they can re
view security footage from nearby cameras. Instead you can
drive a good distance away from your home, park your car, and walk to the drop box.

WEAR A DISGUISE
when dropping off packages. Pretend your Jason Bourne or something. Wear a hat, glasses, baggy pants, long sleeve shirt, and a mask to hide your identity. And ONLY wear that disguise when youre dropping off packages.

STOP WALKING INTO THE POST OFFICE
Whether it’s to buy stamps, pick up boxes, or pick up/drop off packages you shouldn’t be doing it. Those
places are covered in cameras and you can do all of these things elsewhere. Not to mention they require ID to send a package. Way too many vendors get busted this way. Instead you can get yourself a
label printer and print your own labels payed for with crypto. You can also pick up boxes/envelopes at
your local office supply stores for FREE.

SOURCE SUPPLIES OFFLINE
Need baggies? Visit your local smoke shop. Need a vacuum sealer? Go to Wal-Mart. Don’t be that guy who gets busted because he ordered all of his vending supplies off Amazon.

GLOVE UP
When you’re packaging orders you should be wearing at least 2 layers of gloves to prevent prints from
being left on packages. In some cases, depending on what product you sell, residue on the glove might
leave a more visible finger print. Gloves also tear so you dont want to finish packaging your orders for
the day to then realize that your glove is torn and you’ve left fingerprints on all of your packages.

WEAR A HAIRNET WHEN PACKAGING ORDERS
Have you ever sat down to eat just to find a hair in your food? Disgusting, right? Well not to LE, they want all the hair they can get and they WILL use that hair against you. Wear a hairnet and long sleeve shirt or even better a coverall paint suit when packaging orders.

MIX UP YOUR ONLINE TIMES
Basically this means that you should not log into your vendor account at the same time every day. If
you’re being watched by LE and keep the same schedule it will be incriminating when they compare your
online times to what you’re doing in real life.

USE MONERO
It’s all fine and dandy if you’re being paid in bitcoin but you should be converting that coin to xmr before cashing out. If you don’t have a method for cashing out monero then you can convert your BTC to XMR and back to BTC again. Be sure to send different amounts of money through the exchange at different times to avoid time correlation.

DESTROY PACKAGING MATERIAL
If you have scraps from shipping boxes or labels you should never throw them in your own garbage can.
This has already burned a lot of vendors. Instead you should burn them or dump them in a garbage that
isn’t linked to you.

HONORABLE MENTIONS

LAWYER UP
If you’re involved in illegal activity you should find yourself a reputable defense. Let’s say shit hits the fan and you get busted and taken to jail, when you’re locked up you’re not going to have the resources to
find someone to defend you. Set aside some cash and make a few phone calls, you’ll be happy you did.

TAKE NOTES
You guys know those posts I make about darknet busts? Yeah? Well read them, and take notes! Many of
those posts inclu
de good information like how investigations were started and how LE surveilled its
suspects. You should be reading through these and taking notes on what TO do and more importantly,
what NOT to do. I mean, cmon, its FREE!

DON’T SHIT WHERE YOU EAT
Have you ever read about a vendor bust where LE didn’t find a ton of drugs in the vendors home? Yeah,
me neither. Your drugs and supplies should never be stored in your own home. Run your operation at a different location. And if you think your going to hide those drugs in a fake Mountain Dew bottle youre
wrong, LE will find them. And they have dogs that are trained to sniff out tech gadgets too so make sure
that thumb drive is in a safe place.

!WHAT NOT TO DO!:
Do not talk about Dark Web with anyone IRL
-This should be common sense, yet a lot of people break this “rule”. Loose lips, sink ships.
Not using 2FA or encryption
-ALWAYS use 2FA whenever available for any login. Whenever making orders, please encrypt your address using local software and not via a website.
Using outdated PGP Key strength.
-Use RSA4096 with a password that cannot be brute forced.
Saving packages of your orders as some type of trophy.
-We highly advise that once you receive a package, dispose or burn the package after emptying it.
Not cleaning your house/computer/phone
-Common sense. Clean your house/devices at least 2 times per week.
Using Windows or mobile phone for browsing and logging into markets
-We recommend always using either Whonix or TAILS to access anything darkweb related.
Not encrypting sensitive text/files
-A lot of people do not know that they can also encrypt entire files, not just text.
Not encrypting hard-drive
-Using programs like VeraCrypt with good encryption algo and password should keep LE outside of your
system.
Weak password
-Do not use 123456 as your password. Include a combination of high, low caps, numbers and symbols.
Strong password should be 16
-32 characters.
Contaminated packaging gear
-For vendors. Always use gloves and whenever you touch something iffy with them, make sure to
remove them before touching anything.
Snitching on yourself
-If you are doing anything illegal, do not post it on social media or take pictures of it.

Enjoy!

Leave a Reply

Your email address will not be published.