News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Future OpSec setup : OpSec | Torhoo darknet markets

I am new to OpSec and have just been scrolling around marketplaces and forums for a while on my main computer (may be a mistake). I haven't purchased anything from anywhere but *may* in the near future. I am a mega Super-Noob so I'll take any help that I can get, but what I'm thinking is this:

get a secondhand device.
install tails on a usb stick, as well as DBAN, wipe any info off this computer with dban then boot up tails.
connect to my home wifi, (this is where i have some issues, will my real ip be briefly exposed?)
different passwords and usernames for every market written on paper.
monero and pgp of course.

Let me know if this should be enough or if there is more I should do for my security.

Thanks brothas.
/u/DaVenom Made of Ⱡ₳₴ɆⱤ₴
1 points
3 weeks ago
As you already pointed out your home WiFi is a weak point. If possible, consider using a Ethernet cable and remove the WiFi chip. Or alternatively use free WiFi at cheap dinner / coffee shop when purchasing and then use a "purchase account", while home, use a second account only for surfing the DNM.

Otherwise your setup seems to be OK for personal purchases.
/u/[deleted]
1 points
3 weeks ago
Hello,

I think your setup is great but it could be better If you change these stuff:

Don't use your home wifi use public wifi
Only use your secondhand pc for darkweb surfing and purchases
Use keepassxc instead of writing to paper because someone could read your paper even if you get visited by LE
/u/BastaBackdoor
1 points
3 weeks ago
horrible. get a directional antenna, hack someones wifi thats a mile away. use 3 proxies before even connecting to that wifi, then go thru another 3 proxies before reaching whatever your trying to do. use tor and tails. route everything through tor. use torghost. use mullvad and always use monero with your OWN node.
/u/BastaBackdoor
1 points
3 weeks ago
if feds raid you then they will have all passwords on paper lol. thats no good
/u/AdderallZanny 📢
1 points
3 weeks ago
yeah that's true, forgot to mention i will be using a drop address that somebody can go pick up from.
Could I also get by using a public wifi? Or could this compromise me too.
Appreciate u boss
/u/BastaBackdoor
1 points
3 weeks ago
depends on your threat model
/u/datarape
1 points
2 weeks ago*
I am new to OpSec and have just been scrolling around marketplaces and forums for a while on my main computer (may be a mistake). I haven't purchased anything from anywhere but may in the near future.

Straight up: If your threat model is the feds, this setup isn't enough.

Here's what you're doing right:


  • TailsOS it’s designed for anonymity.
  • Monero + PGP are must haves props for that.
  • Unique creds + storing offline is good hygiene.


But here’s why it’s still bad OPSEC:


  • Used laptop = unknown history. Seller could’ve implanted hardware backdoors, or used BIOS level persistence. DBAN can’t wipe that
  • Home Wi-Fi = bad OPSEC leak Even if Tails hides your IP, your NIC’s MAC address gets logged by the router/ISP when you connect. LE can subpoena this later.
  • No network compartmentalization. If you're connecting to DNM forums and future buys with overlapping metadata (same IP, same timing, same behavior), you're building a pattern they can link.


What LE can do (and already has in real cases):


  • Correlation attacks: Match timestamps from Tor entry and market logins.
  • Metadata leakage: Timing, device fingerprinting, login behavior all unique to you.
  • Seize logs from forums and compare behavioral patterns. Even simple typos or writing style can match old posts to new identities.
  • MAC and RF fingerprinting: NIC cards have unique RF signatures, and MACs often leak before spoofing takes effect.


Safer setup tips:


  • New laptop paid in cash, bought far from home, used only for ops.
  • No home Wi-Fi. Use long-range antennas or public hotspots far away.
  • Use Whonix with Qubes/Tails in isolated setups.


different passwords and usernames for every market written on paper.


Good habit in theory but bad if you don’t compartmentalize properly. If you ever get raided and they seize that paper:

  • Seizure risk: If LE raids you and finds that paper, they get direct evidence linking you to multiple marketplaces.
  • Handwriting analysis: LE can use handwriting to prove the notes belong to you.
  • Pattern and behavioral analysis: They connect all your aliases, building a comprehensive profile.


LE can argue:
“This paper proves the defendant controlled these accounts and participated in illegal activity.”

Final note: If your threat model is the feds, you need to go far beyond just buying secondhand or writing notes. OPSEC means eliminating traceable links completely.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo