- Joined
- May 11, 2025
- Messages
- 2,929
- Solutions
- 2
- Time Online
- 9d 13h
- Reputation
- 13,827
hardware: get a dedicated machine. a cheap, used laptop is perfect. never, ever use your daily driver for this shit. no personal computer, no phone.
os: install a privacy-focused OS. tails is the gold standard. it runs from a usb stick and routes all traffic through the tor network by default. it also wipes all memory on shutdown. learn how to use it. qubes os is another option for the more advanced user, but tails is r****d-proof enough for most.
network: never do this from your home network. never. use public wifi. a coffee shop, a library, a mcdonald's. a place you don't frequent. sit in your car away from the building if you have to. never use your home ip address for anything illegal.
tor: you need the tor browser. this is non-negotiable. it anonymizes your traffic by bouncing it through a network of relays. download it from the official tor project website only.
finding markets: don't google "darknet markets." that's how you get phishing sites and law enforcement honeypots. you need to find links from trusted sources. deepdotweb is dead. use forums like dread (the reddit of the darknet) or other clearnet security forums where users discuss and vet markets. copy the onion links directly.
pgp (pretty good privacy): this is your encryption. learn it. love it. live it. every single piece of sensitive information—your name, your address—must be encrypted with the vendor's public key before you send it. if a market or vendor asks you to send your address in plaintext, they are either incompetent or a cop. run. generate your own pgp keypair. keep your private key secure. there are guides for this everywhere.
accounts: create a new, unique username for each market. don't reuse anything. the username should have no connection to any of your other online identities.
crypto: monero (xmr) is the standard for a reason. it's private and untraceable. if you must use bitcoin (btc), you need to tumble it. use a reputable, non-custodial mixing service. send your btc from the exchange to your personal wallet, then to the mixer, then to a new wallet, then to the market. never send directly from an exchange to a market. it's a glowing trail right to your door.
the drop:your address is the weakest link.
best option: use a drop. a friend's house (with their permission, you fucking idiot), an abandoned house, a p.o. box (using a fake id, which is another level of risk), or a mail receiving service. a vacant for-rent house is a classic. check the mail daily.
if you must use your own house: use your real name. a package addressed to "batman" is a giant red flag. plausibility is key. it looks less suspicious if it's addressed to the person who actually lives there. but understand, this is the riskiest move.
patience: wait. don't check the tracking every five minutes. let the package sit in the mail system for a day or two after it's marked "delivered" before you even think about touching it. this is called "controlled delivery" insurance. if dea is gonna kick in your door, they'll do it within 24-48 hours.
receiving: bring the package inside. open it carefully. wipe everything down. the package, the contents, the vacuum-sealed bags, everything. wear gloves. dispose of all packaging materials in a public trash can miles from your home, preferably in a different town.
digital cleanup: when you're done, shut down your tails machine. physically remove the usb stick and destroy it if you're ultra-paranoid. wipe the laptop's drive. never log back into that market account. it's burned after one use.
os: install a privacy-focused OS. tails is the gold standard. it runs from a usb stick and routes all traffic through the tor network by default. it also wipes all memory on shutdown. learn how to use it. qubes os is another option for the more advanced user, but tails is r****d-proof enough for most.
network: never do this from your home network. never. use public wifi. a coffee shop, a library, a mcdonald's. a place you don't frequent. sit in your car away from the building if you have to. never use your home ip address for anything illegal.
tor: you need the tor browser. this is non-negotiable. it anonymizes your traffic by bouncing it through a network of relays. download it from the official tor project website only.
finding markets: don't google "darknet markets." that's how you get phishing sites and law enforcement honeypots. you need to find links from trusted sources. deepdotweb is dead. use forums like dread (the reddit of the darknet) or other clearnet security forums where users discuss and vet markets. copy the onion links directly.
pgp (pretty good privacy): this is your encryption. learn it. love it. live it. every single piece of sensitive information—your name, your address—must be encrypted with the vendor's public key before you send it. if a market or vendor asks you to send your address in plaintext, they are either incompetent or a cop. run. generate your own pgp keypair. keep your private key secure. there are guides for this everywhere.
accounts: create a new, unique username for each market. don't reuse anything. the username should have no connection to any of your other online identities.
crypto: monero (xmr) is the standard for a reason. it's private and untraceable. if you must use bitcoin (btc), you need to tumble it. use a reputable, non-custodial mixing service. send your btc from the exchange to your personal wallet, then to the mixer, then to a new wallet, then to the market. never send directly from an exchange to a market. it's a glowing trail right to your door.
the drop:your address is the weakest link.
best option: use a drop. a friend's house (with their permission, you fucking idiot), an abandoned house, a p.o. box (using a fake id, which is another level of risk), or a mail receiving service. a vacant for-rent house is a classic. check the mail daily.
if you must use your own house: use your real name. a package addressed to "batman" is a giant red flag. plausibility is key. it looks less suspicious if it's addressed to the person who actually lives there. but understand, this is the riskiest move.
patience: wait. don't check the tracking every five minutes. let the package sit in the mail system for a day or two after it's marked "delivered" before you even think about touching it. this is called "controlled delivery" insurance. if dea is gonna kick in your door, they'll do it within 24-48 hours.
receiving: bring the package inside. open it carefully. wipe everything down. the package, the contents, the vacuum-sealed bags, everything. wear gloves. dispose of all packaging materials in a public trash can miles from your home, preferably in a different town.
digital cleanup: when you're done, shut down your tails machine. physically remove the usb stick and destroy it if you're ultra-paranoid. wipe the laptop's drive. never log back into that market account. it's burned after one use.
