Security & OpSec Protocols

MANDATORY RESEARCH SAFETY GUIDELINES

Current Threat Level

MODERATE (Phishing Active)

Identity Isolation

The cornerstone of research on the ToRzon Market network is the complete compartmentalization of your digital identity. Under no circumstances should clear-web identifiers be cross-referenced with your darknet research activities.

Never reuse usernames: Do not use handles from Reddit, Discord, Telegram, or Steam on darknet forums or markets.
Sanitize writing style: Avoid unique colloquialisms or writing habits that could fingerprint your linguistics.
Metadata scrub: Ensure any images uploaded for support tickets or disputes have all EXIF data strictly removed.

PRO TIP

Create a dedicated "Research Persona" that exists only within the Tor browser session and ceases to exist when the session closes.

Phishing Defense & Verification

"Man-in-the-Middle" (MitM) attacks are the primary threat vector in the ToRzon ecosystem. Malicious actors create identical copies of the market to harvest credentials.

The Only Valid Verification Method

Never trust a link found on Reddit, a Wiki that you cannot edit, or a Telegram group. The only way to verify a Torzon onion link is via PGP Signed Messages.

                            -----BEGIN PGP SIGNED MESSAGE-----

                            Hash: SHA512

                            ToRzon Market Mirror List - FEB 2025

                            Current primary: dv4ozfq4533foeo6ux2jq5jrimfpq7iyvhc23xjqhomidesnmjysyfqd.onion

                            -----BEGIN PGP SIGNATURE-----

                            ... (Cryptographic Proof) ...

You must import the market's public key into your PGP client (Kleopatra/GPG Keychain) and verify the signed message found on the landing page. If the signature is invalid, do not proceed.

Tor Browser Hardening

Security Slider

Set your Tor Browser security level to "Safer" or "Safest". This disables JavaScript on non-essential sites and prevents many browser-based exploits used to de-anonymize users.

Window Sizing

NEVER resize your Tor Browser window or maximize it. Keep it at the default launch size. Resizing creates a unique screen resolution fingerprint that can track you across sessions.

NETWORK CONFIGURATION

Do not use a VPN with Tor unless you are an advanced network engineer. For 99% of researchers, Tor over VPN or VPN over Tor introduces more risks (timing attacks, payment trails) than it solves.

Financial Hygiene

The "Direct Send" Mistake

Never send cryptocurrency directly from a KYC (Know Your Customer) exchange like Coinbase, Binance, or Kraken to a market wallet. This permanently links your real identity to the market.

The Correct Path

Purchase coins on Exchange.
Send to a personal, non-custodial wallet (e.g., Monero GUI, Electrum).
(Optional but recommended) Hop through a second wallet or swap service.
Send to the Market Deposit Address.

Monero (XMR) vs Bitcoin (BTC)

Bitcoin provides pseudonimity, not anonymity. The blockchain is public and traceable. Monero (XMR) is strongly recommended for all research activities involving transactions, as its blockchain is opaque by default.

PGP Encryption (The Golden Rule)

"If you don't encrypt, you don't care about your safety."

Client-Side Only

Always encrypt sensitive data (shipping addresses, communication) on your own device using tools like Kleopatra or GPG4Win. Copypaste the resulting ciphertext block into the market.

Avoid "Auto-Encrypt"

Never use the "Auto-Encrypt" checkbox provided by market websites. If the server is compromised or seized, the server has the keys to decrypt your message. You must control the keys.

View Full PGP Tutorial

Quick Navigation

Tools Checklist

Tor Browser
Kleopatra / GPG
KeePassXC
Monero GUI