News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Am I fucked? : OpSec | Torhoo darknet markets

forgot to disable javascript, is the whole system now compromised or am i good disabling it at restart?
/u/rethink098
2 points
2 weeks ago
Not enough information. Most of the javascript exploits are immediate to get deanonomize you (like get your IP address). What websites did you go on when you didn't have it disabled? What OS are you using? There's a lot of questions to answer. I will say, though, that with 99% certainty, if you're using an OS like Tails, just do a quick reboot for good measure, disable it, and be on your way. If someone got your IP through javascript, there isn't much else you can do, but also not much to worry about either.
/u/noisesoff 📢 🍼
1 points
2 weeks ago
Its tails yes, looks like im fine. Thanks for the answer!
/u/DarkMeech
2 points
2 weeks ago
your fucked bro. burn everything. dont let them take you alive!
/u/datarape
1 points
2 weeks ago*
forgot to disable javascript, is the whole system now compromised or am i good disabling it at restart?
threat model is the feds. I don’t know what websites I visited, don’t think they were compromised.


  • If you used Tails (no persistence): You’re probably safe. JS exposure won’t survive reboot.
  • If you used persistent OS (Whonix, Debian, Windows, etc): You should assume compromise. JS can be used for tracking, fingerprinting, or even delivering payloads.
  • Just disabling JS after exposure does nothing. Any fingerprinting or tracking was already done.
  • If you used persistent OS (Whonix, Debian, Windows, etc): You should assume compromise. JS can be used for tracking, fingerprinting, or even delivering payloads.
  • Just disabling JS after exposure does nothing. Any fingerprinting or tracking was already done.


Threat Breakdown























OS Used Risk Level Action to Take
Tails (No Persistence) Low Reboot and continue. JS risk wiped.
Whonix or Persistent Linux Moderate–High Reinstall or restore clean VM. Don’t trust the current setup.
Windows/macOS High Full wipe and reinstall from safe ISO. Never use these OSes for high-opsec browsing.


Notes:


  • JavaScript enables canvas fingerprinting, WebGL probes, hardware & timezone leaks, and memory profiling.
  • Even if Tor is used, JS makes correlation easier via TLS fingerprint + behavior modeling.
  • If your threat model is LE, be paranoid: assume the site you visited was a honeypot.
  • Always use Safest mode in Tor Browser or set javascript.enabled=false manually in about:config.
  • JS + unknown sites + persistent OS = you’re toast


What You Should Do Now:

  • Tails user? Reboot and continue with JS off.
  • Whonix or other persistent system? Rebuild.
  • Practice better compartmentalization: no browsing with JS, no logins, no identity crossover.
  • Consider moving to Qubes OS with disposable VMs
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo