News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Rate my paranoia : OpSec | Torhoo darknet markets

My thread model is the government, the feds, glowniggers or however you may call them. I want to keep them away from me as long as possible. I am aware that when it comes to the feds, it's not a question about if you're gonna get caught, but rather when you're gonna get caught. Here's a simplified guide of what I'd do if I wanted to do some potentially unlawful acts:

1. Buy a used notebook from a second hand dealer in cash (preferably non-commercial => no receipt or proof of transaction)
2. Remove microphone, camera, speakers, Wi-Fi/Bluetooth card (potentially even cut the antenna cables)
3. Replace the normal screws with tamper-proof ones
4. Install a privacy screensaver
5. Flash coreboot and neuter Intel ME
6. Install Kicksecure/OpenBSD (still undecided) with FDE
7. Potentially harden it some more
8. Connect to (multiple, never to a single one for over a month) public Wi-Fi(s) over a Yagi (a subject I need to do some more research on)
9. SSH into a VPS which routes all of its traffic through proxies over tor – all of which is paid off with XMR
10. Do stuff

Anything else I could do? I'd rate my setup a 7/10. Good, but there are definitely things that need some fleshing out.
/u/twinhermits 🍼
1 points
6 days ago
How about using Whoix on top of Kicksecure? That helps to ensure that application data in its own vm has no way to communicate, except via the other vm that forwards everything to Tor. Otherwise, you'd set up proxies, but might open a file or program that accesses the clear net directly. I guess that an outbound firewall would help if you don't use Whonix, but the list of valid entry nodes would be changing over time.
/u/[deleted] 📢 🍼
1 points
6 days ago*
I've thought of that. But as you may tell from my previous post /post/3e617362105a3496a012, I'm kind of an OpenBSD evangelist. I've thought of just biting the bullet and going for Kicksecure, but I'm still very much undecided. If I was using Kicksecure, I'd definitely be doing what you said though.
/u/meatt 🍼
1 points
6 days ago
Looks great, but what exactly are you going to do?

>Anything else I could do?
Depends on what you want to do

IMO there are easier setups that would have the same security level
/u/[deleted] 📢 🍼
1 points
6 days ago
I was intentionally being vague when writing this, so that if government agencies who decided to lurk on this website came around my post, wouldn't think too much about what I was tryna do. But given I've joined the /d/hacking subdread and asked a question there already, it isn't that hard to decipher what I'm trying to do. OpSec fail #1.
/u/meatt 🍼
1 points
6 days ago
>I was intentionally being vague when writing this
>But given I've joined the /d/hacking
that would've been enough

Your OPSEC is great, I'd give it a 9.
/u/twinhermits 🍼
1 points
6 days ago
Also, Coreboot only installs on specific laptop models, and whether you can neuter the ME depends on how old you want your machine to be. If you're cool with using super old tech, an X200 laptop would fit that spec, but you might have to flash with a hardware flasher. Also, where are you going to buy an X200 (or a flash programmer) in cash? They're easy to find on eBay, but I guess you could browse through an old warehouse of technology, and your plan might work...

Another thing worth noting is that the AMD PSP is less of a concern as the Intel ME, because the former is more passive than the latter, and while it has access to main memory, it (supposedly) can't talk to the network interface card directly. So if it were to use kernel network stack memory to send a packet to a remote server, its code may need to be updated every time that a new kernel is installed, which is less feasible.

Anyhow, I'm sure that someone on here will point out that there are other weaknesses that might be more important than ME (I could be wrong though). There is already technology to read the radio signal that is produced by a laptop monitor, so attackers can point an antenna at your computer, and get a rough black and white view of it. That is regardless of firmware openness. So a narrow focus on buying a laptop in cash, or perhaps neutering the ME, might not be as helpful as other measures you could take?
/u/[deleted] 📢 🍼
1 points
6 days ago
About the "reading your monitor over an antenna", doesn't DisplayPort fix this because its stream is encrypted? DP is superior to HDMI anyhow.

I know the ME bit is a tad much, but I just can't trust a fully functioning computer within my notebook that can read my memory whenever. PSP definitely seems like the lesser evil of the two, but I'd still be uncomfortable doing what I'd do on a system with that built in. There are some fairly recent notebooks that are supported by coreboot (see System76, NovaCustoms, ...), so I'm not really worried about it being too old and or slow. Finding one of these notebooks on the used market however, now that's the tough part.
/u/Arkechoing 🍼
1 points
6 days ago
I'm a bit confused. How do you plan on connecting to public Wi-Fi if you remove the Wi-Fi card? Do you want to connect your Yagi to a USB Wi-Fi card? If so, how is it safer than using the internal one?
/u/Ghwbushsr
1 points
6 days ago
any old bridge will work. Ubiquiti makes (or used to anyway) called a bullet that will plug right into a wifi signal and receive it
/u/[deleted] 📢 🍼
1 points
6 days ago
I'd use a USB Wi-Fi adapter that specifically supports monitor mode. I feel like that's way better than an internal PCIe adapter anyway because I can disconnect the adapter when I don't need it, making my system a bit more secure.
/u/Arkechoing 🍼
1 points
6 days ago
I get that with your threat model, there is no such things as overkill. But I would still like to know how not having a Wi-Fi card when you don't need it is more secure if you still end up having one most of the time when using the computer.
/u/SecretAgent
1 points
6 days ago
Long distance satellite dish vs public spaces, just my opinion.
/u/Ghwbushsr
1 points
6 days ago
give em your exact coordinates why don't you
/u/SecretAgent
1 points
6 days ago
If only that was how it worked.
/u/Ghwbushsr
1 points
6 days ago
you're telling me there's anonymous satellites that transmit your gps coordinates? where can I get one?
/u/SecretAgent
1 points
6 days ago
I believe you've misunderstood me. OP mentioned a privacy screen saver, to me this implied OP would be in a public space ie library, fast food join, whatever. ah fuck it, i was talking about a long distance wifi antenna or a "Yagi" like he also mentioned.
/u/Ghwbushsr
1 points
6 days ago
ahh yes. I thought you meant that there was some sort of anonymous starlink device, which IMO would be cool, but i'm pretty sure they all get your geo location somehow...

what you meant to say then, i believe, is that you prefer a parabolic grid style?

I've tried both, but for getting access to a public wifi, the yagi will win. I'm not sure why but I do believe (although I haven't tried, but in theory) a parabolic grid antenna should win when you have two of them pointed at each other over much longer distances, indeed. but if the access point isn't broadcasting signal over a parabolic antenna, the yagi receiver will usually take the W on distance and reception signal strength.
/u/[deleted] 📢 🍼
1 points
6 days ago
I was trying to go for both. The privacy screen for when I was physically present at the spaces where public Wi-Fi is avaible and the Yagi for when I feel extra watched and need somewhere to retreat. A healthy medium.
/u/boobsfartspoo 🍼
1 points
6 days ago
Personally i feel the laptop/coreboot/openbsd isn't entirely necessary as I'm not sure what it accomplishes
an alternative would be tails on a flash drive (memorize your login creds) and with your laptop remove the harddrive
and change your MAC address and hostname every time you connect to wifi

but all of that is worthless if your cell phone is still able to generate a signal, so maybe dont bring cell phone or put in faraday bag
also are you driving your car where your license plate, make/model will be on camera? you will also be on camera at some point as well

not sure what the VPS accomplishes, seems unnecessary with tor, id also be especially careful not to use any vpn service, vps/proxies from work or home
public wifi with tor seems fine, perhaps you need a vpn to route tor traffic through if it's blocked on the public wifi, but as you said buying it with xmr (lets assume you purchase that anonymously as well) and any email require for the vpn is onionmail or something that you never log into from home/work
/u/bleak 🍼
1 points
6 days ago*
>Personally i feel the laptop/coreboot/openbsd isn't entirely necessary as I'm not sure what it accomplishes
Coreboot is open-source BIOS. It can be used instead of proprietary firmware found in almost every laptop.
OpenBSD is smaller and more secure than GNU/Linux.

>not sure what the VPS accomplishes, seems unnecessary with tor
OP probably wants to use a remote VPS to attack targets. I'm only assuming this since OP pointed out they posted in /d/hacking.

>perhaps you need a vpn to route tor traffic through if it's blocked on the public wifi
Tor over VPN is a disasterclass on multiple levels.
/u/trlandrace34
1 points
5 days ago
this setup is very similar to mine, and i think this is how it should be.
/u/MeltingWoodwork 🍼
1 points
1 day ago
you could put your pgp key in your new profile so if someone was equally as paranoid and had a peice of advice they could message you in pgp
/u/[deleted] 📢 🍼
1 points
1 day ago
done.
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGh0+TMBEADEMZ4z2DXAi6inegl4J2VYoJxkDCkgCmo/8TtnQEymuIMo8p+r 3PS98Xes4J6lLjdxZeLqKPMyWQmxEbFDMvv3Iq18aJQLpOzA4mr/4wMvxsb8Bct4 iRmjQGlmul7YUh7O/SY+visZAlk/rV2ApNIk0R5Wm8WWtlI8uuxAk/9HfkxZuGZB AenXR6feVhnGXBLzqZEDif/B3mvwRv7bukkkTf6mrAtP72bsBDa6rs/p2CKaEOFu rp9oMWkhOfeBTBJVNI/klCdeg3ZoJbTL1yvrOnEMUg/eaimRQnsgfyZVhPioCXVt cv4MuUUq8IQsB/D1OrRhOfe3swuRYoX578mzmbDepUqrRh07i7A456PPmTeJYaii ruNKa/O1zoGPpGsj3dZ2GybgLOUP2rXnAhrMwN4djzPUVaexDnaLjz0Fb38u5XOc yatK0WT7vBjCeds+pbuMsJOUVnl71b/nvvZMIT20vt6qhq1veFiE/Ds/Db33/lJu J75zpldVtkLtQ82dokbk+kMsMAUNk+TY0Bf2dz3qAseQp24WqgKV9B7eYrlgrkI4 vaUbRF9j3RUfNv0+yvG1sFY84X5MZjSRw2zDyhM5KE1s5FYQPVCIr4YJr1jdscBx yNidHpysr0YmOvfVFTxKpoFpjISg34ys194dFd2t2LCDrpltX7j1TereYwARAQAB
tDJkaWR5b3Vrbm93aXVzZWJzZCA8ZGlkeW91a25vd2l1c2Vic2RAZG9lc250LmV4
aXN0PokCUQQTAQgAOxYhBFit78xKE8eGuAGwPza0w3bhfw2ZBQJodPkzAhsDBQsJ
CAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEDa0w3bhfw2ZKD8QALnmgRJnAjq0
Qw1Dc6iaFcoTznOOnPOJ3UUPCljPNzwyQcC6WZ+8OFzgSrajRHe07T0i6R0PXzU0
yxAGNM9NG3p5yo6lxvdIHWQbVJbdnO7JyPiFDjK+y0VYZnxMxR85U+Yj3H6qOj9+ /nRG5gs+QrrHbcaxw6NoLLLo5nlVRdypIvWBQIc0+EbVZhsaz76KrIroUuICtBGY NJKX/LL/nvckjd6U93ASqaoSBuqhA2izXyYjlqR0xvPSBQ/kWWAYJtE31/F6s5Ie wl/MaHiJCXmcMuGlv07t6sZJgY1YGJEV/Azbjysb6UziOdYT2a9wMAAfquXAl2co 40cr1/qGK8zARz6LgeEOkupmeLwnm7krdTfup/EBEnu9qdFZuA0QmqBMp/RTrO9R YXc8SJXkgBKe3b+DbDzyFldkFSSSGgsiXrRcQzVlKQN6Q7nMTWZQGAmcKv5sS8oi lKd9/j99nkyFGw4MGF2PMfegC+LdV8ZxtadVIYr0SB+PEbb5bIGD3C+nezxq223W d/gq5rKl6jKQPTSbFpMWQvdbNKToVEuurcGo7KvpWbMuQ0Aq2WKH/2CqGyn9eN9K pZek0Nrgupkn3zK/TxJHu1n5Dsln/Z5iTcCzRYhrL54c5ccob+5XqsyOZRFVtF7R 1t9tnhuFW62qX/ZxTleSyk/XGdiGO2JXuQINBGh0+TMBEACxjksnQdxqKzG1O3go 9andhMqqQ/SaHtoYcGpmOuEZujvRe4gHV16ADWP1EOI32HN8DjGdz6cSnKG4g3Mh H5731CA3FU87pN5evay8cs+i3wtm6+TrRn1lkDp4QqTbMzOoPmWlKQvqNtg8Wyep c7XMB7pYVLva5ZJHUzdjKGvfg69XKURUkgfoxyp2WiFVjsVe/qTmgnGzb/8W7cjk FwX/upcD5gjNmM/nO7wyTRTTB/Fq0KZjVEBByVRbqeq88swdcHFwlERvTK7Yn5ir xKX5b2RsPEpntyFpyq3XKCJofCP5yhGsoAqG/18snMPgNyBvUyuos/9K7gaBUC3G UtqvlpkNad0ul7JqRPWamN10Fj6UF3ht1x/VTcaImz5a+Rm6dul8B7L1lsX8xLA5 AUJmOQ6cBWjfoznfY6gJv9w+D/XoO3txjlyQEqdAA0p84lVISmjQz3bHjC5dY4TD
C583Zz+q5aVAEIspbGNJdH4W4R7r1f+YUbtr48aTfXUyKo+l7ThEUsEc+kn0urrj
7eP9EWXPG6ZAkS/9HUc7tfPuS5QgCdXwuy49f/MotT6rDhLR5tuR8jp5xTsFdesM
mZTib3vA2w4aLlquGIiZqrUO9m4PintHMVJvITqooxKEAuiUrn1Fz6FMWWsnrC3N
o6pNwNp8TRvwHvbQILzfltznBQARAQABiQI2BBgBCAAgFiEEWK3vzEoTx4a4AbA/
NrTDduF/DZkFAmh0+TMCGwwACgkQNrTDduF/DZm6GA/+N38Di5oVDNIff89UgFTw
HVDj4Xyg0/45gawGGYmMQKGLGEaV4+oZTJXzLXldUeCPXHVXfPZis3HDxgITkP9t
088+1+ENgmjzHyAE8VU3pWhRCmjEJkbF/LF5zv/GfXo7rbbg9nmCETDokvVIwAcM
WxGcCrOj++bf5iKvLokLzZ9T2+YgPe+yoRrgjrfy4SV2X9YR14vA8+pAKfsNtriY
bgrfVak3dLKfUS4zpzXVmmAcJ/j0I7/+Rf7SljufnFpf1oz5X+uYUpXvO7V5vFg3
z47m7BIFMI0mViMZH3mnL4kgDgx1lS8RNLLYXwgo7Jpr52CDhuteaB24+qCcFtEv
6xxAa6/5TmNRu8Qq+2yX3YHrmZHckwHIZ9MocygBz8O92pF8v0o5dyLHGhQyMYAj
uLhlDKya0HaKw0rJQ0i7hTpjCoYM8d1uI5oDmQBoQb6hUUQbE/TbizhAT04lmxx+
iqp+ja02QPum+mT0JRYA9Z56axRTyajtTRFJIszXtzbbsTBDUqZKwYgEA0Q08xHn
lExXd7NxIgISXDS4vWCrar8aPpxv4cljtuxTW1OfrydtU4rcLHMjI0vysLEpQwPA
8RjW1W084IqbDCM2wj8Dyz72ZFCWyRrKiERbF24Ql36tQ3tulR+PQs93DArNEaTe
5iW9q+JcVzeU6MP3wUPwr5c=
=qNc+
-----END PGP PUBLIC KEY BLOCK-----
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo