BartowskiRF
Premium member
Premium
- Thread Author
- #2
[HIDE] Privacy Checking
Check that youre currently displaying a Tor IP address and that all scripts are disabled. If theyre not then this is a privacy risk and you should continue to follow the advice below.
Code:[/HIDE]
For results under Location it should be giving the Tor servers hostname, ISP and not youre own. Under Your Anonymity it should list an X against Tor meaning you are correctly using tor. Under the Browser results it should be listed like this.
Javascript-disabled
Flash-disabled
Java-disabled
ActiveX-disabled
WebRTC-disabled
Blocking Scripts Globally
When you first install Tor Browser bundle, make sure scripts via NoScript are not globally allowed. This is very dangerous to your privacy and should be turned OFF. you can right click the no script icon (S icon next to address bar) and select options, in general tab, uncheck the scripts globally all owed tab.
Slider Options
The new slider options should also be changed. Click on the Onion icon at the top of tor browser for the
drop down menu, and click Security settings and on the slider it should be set to High for security level (by default is set as low).
Note: Tails OS resets these slider options so make sure you have them set to High whenever you access the Tor Browser.
Plugins
Addons/plugins should be holisticz and/or not installed at all. NONE of the
plugins not supported by the Tor Project run the risk of bypassing the Tor Network and accessing the net directly, which runs the risk of leaking your real IP Address. It should be clear indication to anyone why this is an issue, but people sometimes disregard the risks and lose a large part of their OpSec over mistakes like these.
Tails OS
Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD
card. It aims at preserving your privacy and anonymity, and helps you to: use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leaving no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.
Its an extra layer of protection that a lot of people trust and use. To learn more, please visit t
the various links below. They provide thorough, and detailed documentation on the usage and installation of the Tails OS.
Whonix
An alternative to Tails and also an open source project. Whonix is an operating system focused on
anonymity, privacy and security. Its based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the users real IP.
Shredding History / Footprints
This section only applies to users who use the Tor Browser while not using Tails OS or Whonix
The recommended tool for cleaning footprints, history, cache, etc. from your drive is using a program known as CCleaner. It is recommended to go to Options > Settings and then select Complex Overwrite (7 passes) and secure file deletion. Make sure all the boxes are ticked when Cleaning,
including the Windows and Application tabs.
This is recommended normally before the connection to Tor and after youve left Tor, to wipe all cookies
etc. Remember that though this may clear a good deal of the tracks left behind of your activity on your PC, no cleaning software can ever remove all traces all of the time.
Cookies - How The NSA is using them to track TOR users?
Lets suppose that there is a famous online shopping website, owned or controlled by NSA. When a normal user opens that website from his own real IP address, the website creates a cookie on the user browser and stores real IP address and other personal information about the user. When the same user will again visit the same NSA owned website, enabling Tor this time on the same browser - the website will read last stored cookies from the browser, which includes the user real IP address and other personal Information. Further websites just need to maintain a database of Real IP addresses against the Tor Proxy enabled fake IP addresses to track anonymous users. More Popular the site is, More users can be tracked easily. Documents show that the NSA is using online advertisements i.e. Google Ads to make their tracking sites popular on the internet.
How can you avoid Cookie tracking?
One browser cant read the cookies created by other browser (As far as we know at the moment but this
may change in the future, or become public). So Dont use Tor on the same browser, that
you use for regular use with your real IP address. Only use the standard Tor Browser Bundle instead for Anonymous activities. You should always clear the cookies (with CCleaner or alike) after youre done so any stored information, such as log on informati
on will not be stored on that computer. If youre doing something very interesting, you should use Tor on a virtual machine with the live OS so that cookies and cache and other OS data are dumped when the machine is closed.
OPSEC FOR BOXERS & OTHER SELLERS:
PRINT SHIPPING LABELS JUST BEFORE DROPPING OFF PACKAGES
This is one Ive only seen once or twice here on dread but that doesnt mean its not important. See, when
LE has their eye on a vendor one method of identifying them is to stake out USPS drop boxes. First, they
might place an order er with you, then once you create the shipping label they will be able to see it. Theyll take the zip code used in your return address, stake out drop boxes in that area, and wait for you to pop up (like many vendors have done in their own car).
Now maybe youre thinking, LE doesnt have the manpower to watch all of those drop boxes and there are wayyy too many people using them. First, the thing is they DO have the manpower and its been done
many times before. They also do things like stuffing/closing drop boxes so youre forced to drop off
packages in a different location. Second, there really arent that many people using all of those boxes. I
know weve all been told that people with those shitty etsy stores dump tons of packages into those
boxes. Sure, its true in some places but not nearly as true as you think.
STOP DROPPING OFF PACKAGES IN YOUR OWN CAR
Or any form of transportation that can be linked to your identity for that matter. LE might not be staking
out that dropbox box youre at but they can re
view security footage from nearby cameras. Instead you can
drive a good distance away from your home, park your car, and walk to the drop box.
WEAR A DISGUISE
when dropping off packages. Pretend your Jason Bourne or something. Wear a hat, glasses, baggy pants, long sleeve shirt, and a mask to hide your identity. And ONLY wear that disguise when youre dropping off packages.
STOP WALKING INTO THE POST OFFICE
Whether its to buy stamps, pick up boxes, or pick up/drop off packages you shouldnt be doing it. Those
places are covered in cameras and you can do all of these things elsewhere. Not to mention they require ID to send a package. Way too many vendors get busted this way. Instead you can get yourself a
label printer and print your own labels payed for with crypto. You can also pick up boxes/envelopes at
your local office supply stores for FREE.
SOURCE SUPPLIES OFFLINE
Need baggies? Visit your local smoke shop. Need a vacuum sealer? Go to Wal-Mart. Dont be that guy who gets busted because he ordered all of his vending supplies off Amazon.
GLOVE UP
When youre packaging orders you should be wearing at least 2 layers of gloves to prevent prints from
being left on packages. In some cases, depending on what product you sell, residue on the glove might
leave a more visible finger print. Gloves also tear so you dont want to finish packaging your orders for
the day to then realize that your glove is torn and youve left fingerprints on all of your packages.
WEAR A HAIRNET WHEN PACKAGING ORDERS
Have you ever sat down to eat just to find a hair in your food? Disgusting, right? Well not to LE, they want all the hair they can get and they WILL use that hair against you. Wear a hairnet and long sleeve shirt or even better a coverall paint suit when packaging orders.
MIX UP YOUR ONLINE TIMES
Basically this means that you should not log into your vendor account at the same time every day. If
youre being watched by LE and keep the same schedule it will be incriminating when they compare your
online times to what youre doing in real life.
USE MONERO
Its all fine and dandy if youre being paid in bitcoin but you should be converting that coin to xmr before cashing out. If you dont have a method for cashing out monero then you can convert your BTC to XMR and back to BTC again. Be sure to send different amounts of money through the exchange at different times to avoid time correlation.
DESTROY PACKAGING MATERIAL
If you have scraps from shipping boxes or labels you should never throw them in your own garbage can.
This has already burned a lot of vendors. Instead you should burn them or dump them in a garbage that
isnt linked to you.
HONORABLE MENTIONS
LAWYER UP
If youre involved in illegal activity you should find yourself a reputable defense. Lets say shit hits the fan and you get busted and taken to jail, when youre locked up youre not going to have the resources to
find someone to defend you. Set aside some cash and make a few phone calls, youll be happy you did.
TAKE NOTES
You guys know those posts I make about darknet busts? Yeah? Well read them, and take notes! Many of
those posts inclu
de good information like how investigations were started and how LE surveilled its
suspects. You should be reading through these and taking notes on what TO do and more importantly,
what NOT to do. I mean, cmon, its FREE!
DONT SHIT WHERE YOU EAT
Have you ever read about a vendor bust where LE didnt find a ton of drugs in the vendors home? Yeah,
me neither. Your drugs and supplies should never be stored in your own home. Run your operation at a different location. And if you think your going to hide those drugs in a fake Mountain Dew bottle youre
wrong, LE will find them. And they have dogs that are trained to sniff out tech gadgets too so make sure
that thumb drive is in a safe place.
!WHAT NOT TO DO!:
Do not talk about Dark Web with anyone IRL
-This should be common sense, yet a lot of people break this rule. Loose lips, sink ships.
Not using 2FA or encryption
-ALWAYS use 2FA whenever available for any login. Whenever making orders, please encrypt your address using local software and not via a website.
Using outdated PGP Key strength.
-Use RSA4096 with a password that cannot be brute forced.
Saving packages of your orders as some type of trophy.
-We highly advise that once you receive a package, dispose or burn the package after emptying it.
Not cleaning your house/computer/phone
-Common sense. Clean your house/devices at least 2 times per week.
Using Windows or mobile phone for browsing and logging into markets
-We recommend always using either Whonix or TAILS to access anything darkweb related.
Not encrypting sensitive text/files
-A lot of people do not know that they can also encrypt entire files, not just text.
Not encrypting hard-drive
-Using programs like VeraCrypt with good encryption algo and password should keep LE outside of your
system.
Weak password
-Do not use 123456 as your password. Include a combination of high, low caps, numbers and symbols.
Strong password should be 16
-32 characters.
Contaminated packaging gear
-For vendors. Always use gloves and whenever you touch something iffy with them, make sure to
remove them before touching anything.
Snitching on yourself
-If you are doing anything illegal, do not post it on social media or take pictures of it.
Enjoy!
![[Image: Foi1EN5.gif]](https://i.imgur.com/Foi1EN5.gif "[Image: Foi1EN5.gif]")
Check that youre currently displaying a Tor IP address and that all scripts are disabled. If theyre not then this is a privacy risk and you should continue to follow the advice below.
Code:[/HIDE]
Whoer.netFor results under Location it should be giving the Tor servers hostname, ISP and not youre own. Under Your Anonymity it should list an X against Tor meaning you are correctly using tor. Under the Browser results it should be listed like this.
Javascript-disabled
Flash-disabled
Java-disabled
ActiveX-disabled
WebRTC-disabled
Blocking Scripts Globally
When you first install Tor Browser bundle, make sure scripts via NoScript are not globally allowed. This is very dangerous to your privacy and should be turned OFF. you can right click the no script icon (S icon next to address bar) and select options, in general tab, uncheck the scripts globally all owed tab.
Slider Options
The new slider options should also be changed. Click on the Onion icon at the top of tor browser for the
drop down menu, and click Security settings and on the slider it should be set to High for security level (by default is set as low).
Note: Tails OS resets these slider options so make sure you have them set to High whenever you access the Tor Browser.
Plugins
Addons/plugins should be holisticz and/or not installed at all. NONE of the
plugins not supported by the Tor Project run the risk of bypassing the Tor Network and accessing the net directly, which runs the risk of leaking your real IP Address. It should be clear indication to anyone why this is an issue, but people sometimes disregard the risks and lose a large part of their OpSec over mistakes like these.
Tails OS
Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD
card. It aims at preserving your privacy and anonymity, and helps you to: use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leaving no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.
Its an extra layer of protection that a lot of people trust and use. To learn more, please visit t
the various links below. They provide thorough, and detailed documentation on the usage and installation of the Tails OS.
Whonix
An alternative to Tails and also an open source project. Whonix is an operating system focused on
anonymity, privacy and security. Its based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the users real IP.
Shredding History / Footprints
This section only applies to users who use the Tor Browser while not using Tails OS or Whonix
The recommended tool for cleaning footprints, history, cache, etc. from your drive is using a program known as CCleaner. It is recommended to go to Options > Settings and then select Complex Overwrite (7 passes) and secure file deletion. Make sure all the boxes are ticked when Cleaning,
including the Windows and Application tabs.
This is recommended normally before the connection to Tor and after youve left Tor, to wipe all cookies
etc. Remember that though this may clear a good deal of the tracks left behind of your activity on your PC, no cleaning software can ever remove all traces all of the time.
Cookies - How The NSA is using them to track TOR users?
Lets suppose that there is a famous online shopping website, owned or controlled by NSA. When a normal user opens that website from his own real IP address, the website creates a cookie on the user browser and stores real IP address and other personal information about the user. When the same user will again visit the same NSA owned website, enabling Tor this time on the same browser - the website will read last stored cookies from the browser, which includes the user real IP address and other personal Information. Further websites just need to maintain a database of Real IP addresses against the Tor Proxy enabled fake IP addresses to track anonymous users. More Popular the site is, More users can be tracked easily. Documents show that the NSA is using online advertisements i.e. Google Ads to make their tracking sites popular on the internet.
How can you avoid Cookie tracking?
One browser cant read the cookies created by other browser (As far as we know at the moment but this
may change in the future, or become public). So Dont use Tor on the same browser, that
you use for regular use with your real IP address. Only use the standard Tor Browser Bundle instead for Anonymous activities. You should always clear the cookies (with CCleaner or alike) after youre done so any stored information, such as log on informati
on will not be stored on that computer. If youre doing something very interesting, you should use Tor on a virtual machine with the live OS so that cookies and cache and other OS data are dumped when the machine is closed.
OPSEC FOR BOXERS & OTHER SELLERS:
PRINT SHIPPING LABELS JUST BEFORE DROPPING OFF PACKAGES
This is one Ive only seen once or twice here on dread but that doesnt mean its not important. See, when
LE has their eye on a vendor one method of identifying them is to stake out USPS drop boxes. First, they
might place an order er with you, then once you create the shipping label they will be able to see it. Theyll take the zip code used in your return address, stake out drop boxes in that area, and wait for you to pop up (like many vendors have done in their own car).
Now maybe youre thinking, LE doesnt have the manpower to watch all of those drop boxes and there are wayyy too many people using them. First, the thing is they DO have the manpower and its been done
many times before. They also do things like stuffing/closing drop boxes so youre forced to drop off
packages in a different location. Second, there really arent that many people using all of those boxes. I
know weve all been told that people with those shitty etsy stores dump tons of packages into those
boxes. Sure, its true in some places but not nearly as true as you think.
STOP DROPPING OFF PACKAGES IN YOUR OWN CAR
Or any form of transportation that can be linked to your identity for that matter. LE might not be staking
out that dropbox box youre at but they can re
view security footage from nearby cameras. Instead you can
drive a good distance away from your home, park your car, and walk to the drop box.
WEAR A DISGUISE
when dropping off packages. Pretend your Jason Bourne or something. Wear a hat, glasses, baggy pants, long sleeve shirt, and a mask to hide your identity. And ONLY wear that disguise when youre dropping off packages.
STOP WALKING INTO THE POST OFFICE
Whether its to buy stamps, pick up boxes, or pick up/drop off packages you shouldnt be doing it. Those
places are covered in cameras and you can do all of these things elsewhere. Not to mention they require ID to send a package. Way too many vendors get busted this way. Instead you can get yourself a
label printer and print your own labels payed for with crypto. You can also pick up boxes/envelopes at
your local office supply stores for FREE.
SOURCE SUPPLIES OFFLINE
Need baggies? Visit your local smoke shop. Need a vacuum sealer? Go to Wal-Mart. Dont be that guy who gets busted because he ordered all of his vending supplies off Amazon.
GLOVE UP
When youre packaging orders you should be wearing at least 2 layers of gloves to prevent prints from
being left on packages. In some cases, depending on what product you sell, residue on the glove might
leave a more visible finger print. Gloves also tear so you dont want to finish packaging your orders for
the day to then realize that your glove is torn and youve left fingerprints on all of your packages.
WEAR A HAIRNET WHEN PACKAGING ORDERS
Have you ever sat down to eat just to find a hair in your food? Disgusting, right? Well not to LE, they want all the hair they can get and they WILL use that hair against you. Wear a hairnet and long sleeve shirt or even better a coverall paint suit when packaging orders.
MIX UP YOUR ONLINE TIMES
Basically this means that you should not log into your vendor account at the same time every day. If
youre being watched by LE and keep the same schedule it will be incriminating when they compare your
online times to what youre doing in real life.
USE MONERO
Its all fine and dandy if youre being paid in bitcoin but you should be converting that coin to xmr before cashing out. If you dont have a method for cashing out monero then you can convert your BTC to XMR and back to BTC again. Be sure to send different amounts of money through the exchange at different times to avoid time correlation.
DESTROY PACKAGING MATERIAL
If you have scraps from shipping boxes or labels you should never throw them in your own garbage can.
This has already burned a lot of vendors. Instead you should burn them or dump them in a garbage that
isnt linked to you.
HONORABLE MENTIONS
LAWYER UP
If youre involved in illegal activity you should find yourself a reputable defense. Lets say shit hits the fan and you get busted and taken to jail, when youre locked up youre not going to have the resources to
find someone to defend you. Set aside some cash and make a few phone calls, youll be happy you did.
TAKE NOTES
You guys know those posts I make about darknet busts? Yeah? Well read them, and take notes! Many of
those posts inclu
de good information like how investigations were started and how LE surveilled its
suspects. You should be reading through these and taking notes on what TO do and more importantly,
what NOT to do. I mean, cmon, its FREE!
DONT SHIT WHERE YOU EAT
Have you ever read about a vendor bust where LE didnt find a ton of drugs in the vendors home? Yeah,
me neither. Your drugs and supplies should never be stored in your own home. Run your operation at a different location. And if you think your going to hide those drugs in a fake Mountain Dew bottle youre
wrong, LE will find them. And they have dogs that are trained to sniff out tech gadgets too so make sure
that thumb drive is in a safe place.
!WHAT NOT TO DO!:
Do not talk about Dark Web with anyone IRL
-This should be common sense, yet a lot of people break this rule. Loose lips, sink ships.
Not using 2FA or encryption
-ALWAYS use 2FA whenever available for any login. Whenever making orders, please encrypt your address using local software and not via a website.
Using outdated PGP Key strength.
-Use RSA4096 with a password that cannot be brute forced.
Saving packages of your orders as some type of trophy.
-We highly advise that once you receive a package, dispose or burn the package after emptying it.
Not cleaning your house/computer/phone
-Common sense. Clean your house/devices at least 2 times per week.
Using Windows or mobile phone for browsing and logging into markets
-We recommend always using either Whonix or TAILS to access anything darkweb related.
Not encrypting sensitive text/files
-A lot of people do not know that they can also encrypt entire files, not just text.
Not encrypting hard-drive
-Using programs like VeraCrypt with good encryption algo and password should keep LE outside of your
system.
Weak password
-Do not use 123456 as your password. Include a combination of high, low caps, numbers and symbols.
Strong password should be 16
-32 characters.
Contaminated packaging gear
-For vendors. Always use gloves and whenever you touch something iffy with them, make sure to
remove them before touching anything.
Snitching on yourself
-If you are doing anything illegal, do not post it on social media or take pictures of it.
Enjoy!
