Security & OpSec Protocols

Mandatory protocols for safe navigation of the DrugHub infrastructure. Compliance with these standards is critical for identity isolation.

LEVEL: MANDATORY

Critical Warning

Failure to adhere to the following protocols may result in total loss of funds, identity compromise, or account termination. There is no undo button on the darknet.

01 PGP Encryption

The Golden Rule

"If you don't encrypt, you don't care." This is the fundamental axiom of darknet security. You must never rely on marketplace "Auto-Encrypt" checkboxes. Server-side encryption requires you to trust the server with your plaintext data.

Correct Procedure:

  1. Obtain the recipient's public PGP key.
  2. Import the key into your local keyring (Kleopatra / GPG Keychain).
  3. Write your message/address in a text editor on your local machine.
  4. Encrypt the message locally using your PGP software.
  5. Copy the -----BEGIN PGP MESSAGE----- block.
  6. Paste only the encrypted block into the website.

Never save your private key on a device connected to the internet without heavy encryption. Use Tails OS for maximum key isolation.

02 Phishing Defense & Verification

Phishing sites (MitM attacks) are the #1 cause of account loss. These sites look identical to the real DrugHub but capture your credentials.

NEVER:
  • Trust hidden wiki links.
  • Trust links from Reddit/forums.
  • Login without verifying the signature.
ALWAYS:
  • Verify the /signed_message.
  • Check the PGP signature against your stored public key.
  • Bookmark verified mirrors immediately.

A phishing site cannot fake a PGP signature because they do not have the administrator's private key. If the signature doesn't verify, you are on a fake site. Leave immediately.

03 Financial Hygiene

XMR Only

Bitcoin (BTC) is a transparent ledger. It is not private. DrugHub and modern security standards mandate the use of Monero (XMR).

THE FLOW OF FUNDS
Exchange (KYC)
Identity Linked
Personal Wallet
Cake / Monero GUI
Market Wallet
Destination
WARNING: Never send funds directly from an exchange (Coinbase, Binance, Kraken) to a darknet market. Exchanges use blockchain analysis to flag and freeze accounts interacting with darknet entities. Always use an intermediary personal wallet.

Tor Hardening

  • 01.
    Security Slider

    Set to "Safer" or "Safest". This disables JIT compilers and some font rendering.

  • 02.
    No JavaScript

    Disable JS completely via NoScript. JS can be used to decloak your IP address.

  • 03.
    Window Size

    Never resize the Tor Browser window. Keep it at default size to prevent fingerprinting.

Identity Isolation

Username Hygiene: Never reuse a username from Reddit, Discord, or Steam. Create a unique identity.

Password Hygiene: Use a password manager (KeepassXC). Generate random 32+ char passwords.

Visual Hygiene: Do not take screenshots of the market interface. Metadata can leak specs.

Need PGP Software?

We recommend open source tools only.

GPG4Win (Kleopatra) GPG Suite (macOS) OpenKeychain (Android)