Operational Security (OpSec) Bible

Your safety depends entirely on your habits. Technology can only protect you if you use it correctly. Below are the absolute rules for surviving on the darknet.

DO: Best Practices

• Use Tails OS or Whonix. Never browse TorZon on Windows or macOS. These operating systems constantly phone home with telemetry data that can deanonymize you. Tails runs from a USB stick and leaves no trace on the hard drive.
• Disable JavaScript. In Tor Browser, set the Security Level to "Safest". JavaScript can be used to exploit browser vulnerabilities and reveal your real IP address.
• Sanitize Metadata. Before uploading images (for disputes or vendor listings), use a tool like MAT2 to strip EXIF data (GPS coordinates, camera model, timestamp). TorZon does this automatically, but don't rely on us.
• Encrypt Everything. Assume the server is compromised. Always PGP encrypt your address on your own computer before pasting it into the browser.

DON'T: Critical Mistakes

• Don't use Tor over VPN. A VPN provider sees that you are using Tor. If the VPN logs (and they all lie about logs), they can correlate your traffic. Tor alone is safer for most users.
• Don't reuse usernames. If your username is "DarkLink99" and you use that on Reddit or Discord, law enforcement will find you in seconds.
• Don't order to a fake name. If a package requires a signature or is held at the post office, you cannot claim it without ID. Always use a real name or a drop address.