Critical Documentation

Operational Security Protocols

Mistakes in darknet environments lead to irrevocable loss of funds and identity compromise. The following guidelines are mandatory for survival and safe navigation within the TorZon Access infrastructure.

01. Identity Isolation

Absolute separation between your real-life identity and your Tor persona is the foundation of operational security. Any crossover compromises your entire setup.

  • X Never mix real-life identity markers with your Tor identity. Do not mention your location, exact timezone, or personal anecdotes.
  • X Never reuse usernames, handles, or passwords from clearnet websites. Generate distinct credentials strictly for the darknet.
  • X Never provide personal contact information (email, phone, messaging apps) over an unencrypted channel.

02. Link Verification & MitM Defense

The threat of Man-in-the-Middle (MitM) attacks is pervasive. Attackers create identical replicas of marketplaces to intercept credentials and cryptocurrency deposits.

CRITICAL DIRECTIVE: Verifying the PGP signature of the onion link is the ONLY definitive way to confirm you are communicating with legitimate infrastructure.
  • > You must cross-reference any .onion URL with a signed message from the market's verified public PGP key.
  • > Do not trust links originating from public wikis, hidden service directories, forums, or Reddit. Rely solely on PGP verification.

03. Tor Browser Hardening

Default settings are insufficient. Hardening your Tor Browser limits the attack surface against malicious scripts and fingerprinting telemetry.

Security Level

Navigate to Tor settings and adjust the Security Slider to "Safer" or "Safest". This disables dangerous web features.

JavaScript Execution

Ensure NoScript is active. Disable JavaScript entirely where possible. Do not enable scripts unless strictly required to bypass a legitimate captcha.

Window Sizing

Never maximize or resize the browser window. Doing so actively transmits your screen resolution, facilitating browser fingerprinting.

04. Financial Hygiene

Cryptocurrency ledgers are public and immutable. Poor financial hygiene allows blockchain analysis firms to trace darknet transactions directly to your real-world identity.

  • X Never send funds directly from a centralized exchange (Coinbase, Binance, Kraken) to a marketplace wallet. This is an immediate flag.
  • > Always route funds through an intermediary personal wallet (e.g., Electrum for BTC, Monero GUI/Cake Wallet for XMR) running over Tor.
  • > Strongly Recommended: Utilize Monero (XMR) exclusively. Monero's native ring signatures and stealth addresses provide privacy that Bitcoin cannot match.

05. PGP Cryptography (The Golden Rule)

"If you don't encrypt, you don't care."

Pretty Good Privacy (PGP) is non-negotiable. It ensures that only the intended recipient can read your sensitive data. Law enforcement regularly seizes servers; unencrypted data in a server database is a guaranteed compromise.

  • > Client-Side Encryption Only: All shipping addresses or sensitive communications must be encrypted on your own machine (using Kleopatra, Gpg4win, or Tails OS) before being pasted into the browser.
  • X Never use the "Auto-Encrypt" checkbox provided by any marketplace website. Server-side encryption requires you to trust the server with plain-text data, defeating the purpose of PGP.