Bạn đang xem: Darknet Markets Opsec Guide To Access DNM Safely

Darknet Markets OpSec Guide

The dark web reddit has a bunch of special mentions on the various darknet markets and still there are open threads. People also discuss on the darknet markets Opsec mistakes that the users tend to do. Both deep web along with the dark web and cybersecurity plays an important role in people’s lives as one provides new scope to explore the unknown while the other protects them from the various mishaps. In this article we will disclose everything about the dark web markets including the OpSec mistakes and the possible solutions.

What Is Darknet Market?

A darknet market can be termed as the commercial website that operates through darknet browsers like Tor or I2P. They basically function as the black markets, selling or brokering the transactions that involve unlicensed pharmaceuticals, drugs, steroids, and various other similar kinds of stuff. Thus, dark web access to these darknet markets is only possible via these dark web browsers. The newbies and the ones who are not careful about the various operation security (OpSec) mistakes, tend to make one. Thus, here we bring the darknet markets opsec guide that will help you when you operate on the darknet markets.

Various Payment Methods

Escrow

In the standard escrow system, the market holds the money during the purchase. If you have received your order, you ask the market to finalize your order and pay the vendor. Be Careful: The orders get finalized automatically after some time when the case is that you have forgotten to do it manually so that the vendor does not have to wait for ages to receive his money.

If the case is that you have not received your order or are facing issues with it (could be it is less than the amount you bought or the product is something different than what was advertised), you can raise a dispute. This prevents the order from getting auto-finalized and you get the chance to resolve it with the help of a market staff member keeping the vendor in a discussion. After the discussion, the market staff member then decides what exact actions need to be taken like who receives the money from the order or if you have violated the market rules. You need to keep in mind to message the vendor first if you face issues with your order, instead of raising a dispute right away.

The major risk in it is that the market can always run away with the money defrauding you. It has happened a lot of times previously and this particular process is well known as an exit scam. Some popular examples are Evolution, Sheep Market, Nucleus, Abraxas, Middle Earth Marketplace, and many more. Thus, using a standardized escrow system is much discouraged and you must use alternative payment methods.

Multisignature / Multisig

Multisignature, often known by multisig, is a type of technology that is used to add more security for the Bitcoin transactions. Multisig addresses need another user or users’ to sign a transaction before it can be broadcasted into the blockchain. The actual number of the signatures is agreed upon at the very beginning once people agree to create the address.

Multisignature permits users to create 2-of-3 escrow services. Take for example, when the buyer (You, the Buyer/Purchaser) is willing to pay Vendor (the vendor/seller), you clear a transaction to a multi-sig address that requires at the minimum two signatures from the group “Buyer, Vendor and the DNM” in order to redeem the money. If both the buyer and the vendor disagree on who should receive the money (say, the buyer wants a refund but the vendor believes that he has fulfilled his obligations and demands the payment), they can go forward and appeal the DNM. The DNM then grants his signature in the favor of either the buyer or the vendor, so that the one receiving the signature can redeem the funds. Thus, it is decided by the market staff who receives the Bitcoin in a raised dispute.

This is clear that no one can run away with your money. Always, two parties have to work together in order to release the money (the DNM and the buyer or the DNM and the vendor or the vendor and the buyer). In such a matter if you have the choice, kindly choose the payment method. In order to use multisig with specific DNM, please refer to their help segment or wiki where you would find how to proceed.

Finalizing Early (FE)

If you choose to finalize early, you mainly give all your money to the vendor you make your order with. Thus, as soon as you give up your order, the vendor gets the money for it. It is similar to giving your street dealer your cash and letting him run around the block in order to get the stuff.

You might by now understand that it is pretty risky as it is quite easy to get scammed. More specifically, if you own a buyer account with little orders or history. A little number of people would believe you and if anyway you get scammed utilizing FE, you would never get your money back. There are times when the vendors offer a lower price for the same item if you opt for FE for it. This is because it is more convenient if they get their money instantly, but it usually isn’t worth the risk. This is one of the major darknet markets opsec mistake that people tend to do and get scammed. It is also rigidly discouraged to FE for new vendors as the risk that they scam you is much higher.

When is the right time for FE?

• The answer to this is when you are absolutely okay with possibly never seeing your money back or never will receive your order again.

As for example, suppose you have $15 in your wallet and you see a vendor offering an eighth of a medical bud for the same amount you have in your wallet as an introductory offer. So, if you FE him on his requirements, whether the product comes or not, the worst that could happen is that you lose the wallet balance.

• When you are much confident or absolutely positive that the vendor will ship the product and not scam you. Make this statement bold in your head but although you may feel you are okay with FE at this point, it has been seen that the well-known vendors have made FE a requirement and fled with the money. An example of the most prominent kinds is the LucyDrop from SR, who was the most famous LSD vendor of his time. He required FE and there was no complaint for three consecutive months. Suddenly he stopped shipping and fled with over a million in Bitcoin (BTC) . Thus, even if a vendor seems to be “trusted”, there is still a chance of getting scammed. But 99% of the trusted vendors will be honest and send you your products.

When it is not the right time for FE?

• It is when you cannot afford to lose the money but there are so many people who still opt for FE and get scammed. They lose money that either was not theirs in the first place or the money that they could not lose. Take, for example, you are a dealer and you borrow the money from either the customers or someone who is higher in the chain in order to make the purchase on the QP, you should not go for FE. In case the vendor does not send you the product , you owe money to many people now. It doesn’t really matter how good the deal seems or how reputable the vendor is. Just do not FE.

• When the vendor seems shady or there are reports of him scamming people.

FAQ

What if I am purchasing licit items off a darknet market? Am I breaching laws?

Unfortunately enough, but you still are. Technically, you are helping a criminal organization by paying the market fee and as well as bypassing the country tax laws. Good thing is that it does not seem as though LE is much concerned at all about this and you most likely will never face any kind of legal trouble for ordering licit items off a market.

Is <Market Name> down anyway?

If you are unable to access a website, there is most likely an outage site-wide. You are not the only one to have difficulties. Head on to /r/DarkNetMarkets to check if anyone else has a problem. If you are consistently unable to connect to the market for several hours, try visiting the forums and see if there are any postings regarding that site. Post questions in the forum about it only when you do not find any information elsewhere or in the forums.

Can I simply browse the DNMs without purchasing anything without using Tails?

No. It is not at all recommended. In case you get caught or the law enforcement searches your house for whatever reasons, they would get a clue that you have browsed the DNMs. Then you have to explain to the judge that you are a perfectly law-abiding citizen and did not violate any laws. But as a matter of fact, your plausible deniability will no longer be effective. Thus, just take out 2 minutes of time to boot Tails and do not simply invite peril.

Can I retrieve lost access to my DNM account?

It all depends on the market and what information you can provide in support. The best idea is to create a new account on the market and message the support center. You need to provide as much information as possible in order to prove that you are the real owner of that account such as the order history, message/chat history, date of your account creation, and then wait for the best to happen.

Why is <drug name> so expensive?

The price of the drug depends on demand and supply. So basically the street prices of the drugs would be lesser than the DNM price. The market isn’t beating the street prices for Cocaine in Columbia, Cannabis in California, or MDMA in the Netherlands.

Why is shipping so expensive?

Read some of the posts on deep web shipping to find out some insights on the shipping cost.

Is it legit for a vendor to get paid in Cash/ Western Union/ PayPal?

Not at all! This is because this is the easiest way to get scammed. If any of the vendors ask you to circumvent the escrow system, you should immediately report the vendor to the website’s administration.

Blockchain.info is displaying my deposited Bitcoins to my wallet to have sent it to a different address!

Some of the websites do have a built-in “Bitcoin tumbler” in order to disguise the destination of deposited coins. Once this process gets completed, your account must reflect the deposit.

Note: The market system isn’t a tumbler as it only deals with the dirty Bitcoins. These Bitcoins are those that are gained or spent by the drug vendors and buyers and do not use clean Bitcoins as any original tumbler would.

In the BTC exchange rates, are the prices adjusted for the fluctuations?

Most of the websites peg their prices in USD. Thus, the prices are automatically readjusted as per the Bitcoin fluctuations and usually show the same USD value irrespective of the BTC exchange rate.

How much are the chances of me getting caught?

Honestly, there is no specific number. But it can be said that it is relatively low if you abide by the steps mentioned in the DNM Bible and follow the darknet markets opsec guide properly.

I discovered this link on the hidden wiki…

It is pretty likely that this link is a scam or say a trap. You must only use such links that are on the Superlist and then follow the instructions mentioned there in order to cross-check these links.

Does LE really create a fresh vendor account to get hold of the buyers?

It all depends on the legal situation of the country you are in. Generally, yes. Although, it is rather unlikely that this will happen. This is because the history showed that LE mostly prefers to bust a vendor and then takes over his account(s) if possible and tries to hunt for the customer addresses. Therefore, you need to be extra careful if the vendor behaves weird and in doubt just ask him to sign a message that is a confirmation that he is well accustomed to PGP Key. If a vendor out of nowhere changes his PGP Key without even signing it with his old one, keep away from him until he does that.

Which are the safest items to purchase or ship?

Some of the products are easier to conceal and ship like LSD than the other products like a weed. But this does not matter which is safer but what you wish to place an order for. If you abide by all the tips mentioned in the DNM Bible, focussing mainly on the “How to choose a good vendor” chapter, you would be absolutely fine and can minimize the risk of your order not coming in.

Did I mess up as I have visited a DNM without disabling the JavaScript or set the security slider to high?

You would probably be okay. But make sure that this does not happen in the future. So, you must set the security slider to high each and every time you start the Tor browser in the future.

Important Tips for Using Darknet Markets

Tips

Here are some of the most crucial tips that you have to abide by in order to play safe and dodge darknet markets opsec mistakes.

• Never ever

  let the darknet market encrypt any sensitive data like your address for you. Make sure to

  encrypt it yourself. The darknet market can always store the plaintext version of the message and send an encrypted one to the vendor. In this way, both of you think that it was encrypted while the market still possesses the original and the unencrypted message. Also, if LE takes over the darknet market, they will store the plaintext versions of the messages that the users have sent utilizing the ‘ PGP encrypt ‘ checkbox in order to harvest the addresses. But they will still send the encrypted messages to the vendor to not create suspicion.

• Always

  use the 2FA or 2 Factor Authentication. This means that you will have to decrypt a PGP message that has been encrypted with your public key every time you log in, additionally with your username and password. Utilizing the 2FA will be of great help and improve your chances of success when contacting the market support. For example, you have lost some funds since 2FA makes it much tougher for the unauthorized persons to break into your account, they will not just state that you got phished and close your ticket. In order to set up a 2FA, you need to head to your DNM account settings and search for an option to enable 2FA. All you have to do is upload your PGP key first in the settings if you have not done it already.

• Never ever

  leave extra Bitcoins on a DNM than what is necessary. Smartly, you must always transfer the necessary amount to the DNM if you are ready to make a purchase soon the transfer is done. Leaving behind funds in your DNM wallet is very risky since the market can steal them at any time.

• Never ever

  tell anyone about your activities on DNM. This cannot be sufficiently emphasized on.

• Never ever

  use the same login credentials like username, password, PGP keypair, or PIN in more than one market. If an attacker or nasty market staff gains access to your account on one DNM, he would be able to break into the other ones too and cause even more damage such as stealing your coins or even deleting your account.

• Also,

  do not

  use identifying usernames. By this, it is meant that your username should not give them any hint of who you really are. You should refrain from using your dob in your username.

• Never ever

  use Privnote or similar services that claim to provide you with self-destructive messages. Absolutely nothing prevents such services from storing your message even after it has been destroyed “officially”. Moreover, they also require JavaScript (a huge no-no). Just make your messages PGP encrypted similar to what every other user of a market sends them using the internal market messaging system. You must also avoid vendors that take help from Privnote or similar services.

• You must

  refrain

  from checking the tracking unless a huge amount of time has passed by without the delivery. Without following this, you would only be leaving behind traces but will not make it arrive faster. For more details, check out the Non-arriving packages chapter.

• Never ever

  just order from the biggest vendors on the DNM due to their size of the operation or because they invest in ads on a DNM or any other websites. In most cases, there are smaller vendors who offer a better product having a better customer service facility.

• If you are confused about the captcha shown to be a lowercase L or uppercase I, always go for lowercase L.

• If a vendor out of nowhere changes his PGP key, without signing it with his old PGP key, make sure to

  stay away

  from him until he signs with the old one.

• Whenever you are sending messages in a DNM or Reddit, try to include all information in a single message. It would be easier to answer for the person on the other side if you send in a single message.

• While placing an order, the status of it will be unaccepted initially. When the vendor confirms or accepts your order, it would be marked as processing or accepted. Also, note that the exact phrase varies from one DNM to the other. This will be followed by the order marked as shipped/in transit. The final step of the order is finalized or completed.

• It is absolutely unnecessary to encrypt every message that you send on the DNM. You would

  absolutely

  have to encrypt all the sensitive data such as the addresses and the tracking numbers. General questions about the products need not be encrypted.

• Never ever

  use SWIM or related services. Swim stands for “Somebody who is not me”. It is a useless service. LE learning that you use SWIM would not make any difference in their work. Instead, you must focus on building strong OpSec.

• You

  must

  remove the version string from your PGP public key. It is the line that begins with “Version:” and is located directly under the “—–BEGIN PGP PUBLIC KEY BLOCK—–” line. It is also not necessary but gives away information about the software that you are currently using.

• If you are stuck on a captcha and not being able to get past it although you have used it correctly, you need to restart your Tor browser and visit the DNM address again to register or complete your dark web sign up. You can choose to visit any of its mirror links instead. If you are facing same trouble still then, please visit your privacy preferences by entering “about: preferences#privacy” in your address bar or heading to the Visit -> Preferences and selecting “Privacy” located on the sidebar. Then click on ‘Exceptions…’ located next to the checkbox labelled as “Accept cookies from sites” and it must be unchecked. Next, you have to paste the website address (DNM’s .onion link) into the input field. Now click on the “Allow for Session” and then on the “Save Changes”. If you are not willing to do it every time, check the checkbox “Accept Cookies from Sites”. Anyway, it is a default setting.

• You should

  never ever

  use Tor gateways. By using them, you send your login details and all the other data in plaintext via the whole internet until it reaches the Tor gateway. This makes the ISP know that you are purchasing drugs online but also the gateway can steal your Bitcoins. Just follow all the steps in the DNM Bible.

• Seriously, get a scale.

• None of the market staff will send you a message on Reddit. If you receive a PM on Reddit where the sender claims to be a market staff, in no time report it to the mods of /r/DarkNetMarket.

• You

  must

  use KeePassX in order to generate and store your market, PGP passwords and Electrum

• Are you not sure when to use “Bitcoin” and “bitcoin”? Well, Bitcoin is used while describing the concept or the entire network. Without the uppercase, it is used to describe bitcoin as a unit of account. Bitcoin.org states it is also known as BTC or XBT.

Some of the Other Goods You Might Spot on DNMs

Here are some of the other things that you will find while browsing the darknet markets.

• Credit Cards: dark web credit cards, they are basically giving you the money as they could cash out the cards just as easily as you would be able to do.

  You must know that no one will be selling you a physical cloned CC (Credit Card) that you might use at any store or stick in an ATM and get the money out. In case they are selling them for less than the actual balance of the, they are basically giving you the money as they could cash out the cards just as easily as you would be able to do.

• PayPal Accounts or Transfers:

  People engaged in selling PayPal accounts or transfers do this because they cannot figure out how they can best the anti-fraud system of PayPal in order to cash out. If you think you have a bright future as DNM fraudsters, then go ahead. Even on the highest rated vendors who operated on Evolution, there were still myriads of negative reviews about the accounts being locked down in just a matter of minutes after receiving them.

• Electronics:

  Basically, all the electronic stores on the .onion links are scams. There is a market already where you can sell your electronics that you have carded or stolen from the stores. This market is known by the name eBay. The sole reason that the thieves target electronic goods is due to the fact that they can be flipped for as close to the face value. There is absolutely no reason to set up a hidden service to sell the stuff as the stolen items for half price when they could get 75% of its value on eBay with a much lesser hassle.

• Darknet Non-escrow Stores:

  Unless and until it is being run by a vendor that started a darknet market, there must be a matching PGP key and will not show you other proofs. You should not trust the other proof as mostly they are all scams. They are generally advertised on the various “hidden wiki” websites where there isn’t any place to leave feedback. Also, without the feedback opportunities or escrow, they have

  zero

  incentive to deliver a product to you.

• Counterfeit Currency:

  It is never wise to order and use counterfeit money. Not only does the law enforcement really go after such people, like in the US, the secret service is investigating counterfeit currency cases, but it is also pretty tough to actually use the fake currency. As for example, the quality has to be really very good, it consumes a lot of time to get rid of the fake money and get the real ones back as you cannot use them all at the same time but have to visit many different places and can only carry a single fake note at a time. Thus, counterfeit currency is not something worth risking yourself.

In order to receive the actual working links, you must cross-check your wanted link with the following three resources:

• The Reddit Superlist

• Dnstats.net

• The sidebar of the deepdotweb. Just click on the list entry of the market you are willing to search for and there! You get the link.

All of these are well-established sites or resources and would bear much credibility to lose if they have started to serve phishing links. In order to reduce the risk of getting phished more often, you must check that the link you have got is the same as it is on all of the three resources. When you have received the correct link, BOOKMARK THEM and just use the bookmark in the future. A General Rule is that any market that usually jacks the market names of the others must be avoided at all costs, otherwise you might make a darknet markets opsec mistake.

Important: Always check the warnings and notes of the markets on the Superlist that you use frequently. Some of the darknet markets do not even reveal to their users if any sort of security issues occur. Therefore, it is mandatory to stay updated about the possible dangers of using a DNM.

Appropriate vendor selection in order to purchase your desired product from is a very important step and you must take your time for that in order to avoid future trouble. It can mean the difference between you not receiving the product and losing your money and a flawless and successful purchase.

Tips

When you are a newbie buyer, it is best to be glued to the already established ones as this usually refers to the fact that you are pretty less likely to invite issues causing darknet markets opsec mistakes and the vendor is aware of what he is doing. Below are some of the characteristics that you should look out for when you are searching for a new vendor.

• Are the product description he put on the market and his vendor profile informative with over a few sentences with worse grammar?

• How is the comprehensive feedback of the vendor? It is ideal to choose one that at least has about 50 positive reviews and not more than 3 negative reviews.

• How is the feedback of the specific product that you are willing to buy? If it does have a lot of negative reviews than the rest of the products that he has to offer, you must avoid purchasing it.

• Does the vendor encourage substandard OpSec measures, say for example he does not want you to encrypt your messages or address with PGP? If yes, then you must

  avoid

  him.

• Did you go through his profile, listing descriptions, and agree with the stated terms and conditions like no refunds for the new buyers?

• Did the vendor just copy and paste texts regarding his products from the other websites?

• Is the vendor capable of answering questions about the products that he is offering and the way he is shipping?

• Are all the photos that the vendor has used meaningfully? Do they display the actual product with his name tag or are they merely the stock photos? If they contain the potential OpSec compromising the details such as a hand that holds products or other things in the background, you must at all cost

  avoid

  that vendor.

• How old were his last reviews written? Are they much old or did you see a sudden influx of negative reviews recently? If the answer is yes, then you need to avoid that vendor as he could perform an exit scam.

• Is he on any other market? How does the feedback there look? If he possesses a bunch of orders or ~5-star rating and you cannot find anything about him anywhere else, then he is most likely to scam anytime.

• Go and search /r/DarkNetMarkets for the reviews of this particular vendor utilizing the search function located on the top right of the right sidebar.

• Point out the manipulated feedback. If he possesses a bunch of feedback from the same day and for the same Bitcoin address every time, then he is probably padding or forcing his feedback. Additionally, check if the Bitcoin amount is lower than any of their actual orders. Most of the time the scammers are jerks and do put up like over 40 feedback scores the same day along with it like $10 orders.

• Check if he is over-advertising his products. If he claims that he possesses “the absolute best coke in the entire galaxy”. Most of the time it is not true and thus shows that the vendor is not at all honest.

• What variety of products does the vendor sell? This could prove to be a red flag as the vendors who sell a large selection of varied products can be greedy and less careful about their darknet markets OpSec. This means that they rather have a couple of thousands of dollars extra in the exchange for a higher risk and even harsher penalty.

• Has the vendor stated that you cannot leave behind neutral or negative feedback or any sort of dispute? In certain cases, the buyers need to contact the vendor before leaving behind any negative feedback or raising a dispute in order to give the vendor a chance to resolve the issue. If they fail to do this, then the customer can leave an honest review that will reflect his experience with the vendor and/or the product. If the vendor does not “permit” you to leave negative feedback or to raise a dispute, it is definitely a red flag as if you run into trouble with him, you will have a hard time even if you are correct. Just

  stay away

  from such vendors.

• How many views and sales do the product listings he put up to have and for how long? Like, if the product listings are said fresh about a week or less and they have a dozen couple of views but just a bunch of sales, then it is highly suspicious most importantly if the listing is rather an expensive one. It could point out that the vendor is manipulating the feedback and be careful and

  stay away

  if you are doubtful.

• Just check his products and prices because most scammers post bulk products for a pretty cheap deal, which is cheaper than usual.

• Does the vendor participate in weekly posts “DarkNet Deals” thread on /r/DarknetMarkets? If so, then check if he uses appropriate image hosters. A no-go would rather be imgur.com as they do not permit Tor users to upload images and need you to enable JavaScript. Thus, if the vendor has an interior OpSec then you must avoid him. In order to check if the image hoster is appropriate, visit the website and try to upload an image that you must have grabbed from /r/pics. If it is possible while you are using the Tor browser and without enabling the JavaScript, then the image hoster is appropriate.

What if a vendor does not choose you?

Many a time the vendor declines an order without a supporting reason and the possible causes could include:

• Products being out of stock

  . If the vendor didn’t edit the “items left in the stock” option or the market does not even have one, then they could cancel the order.

• Fluctuations in Bitcoin

  . If the Bitcoin price drops immensely and you have already sent funds to the escrow, then it would mean that the vendor gets little money in BTC than he has initially charged for the product after the transaction is completed. In case a vendor does this, you would definitely not purchase products from him again as they will always accept your orders when the BTC price hikes so that they receive more money than they have initially charged for the product.

• Lack of feedback on your account.

  Some of the vendors prefer to deal with the buyers that already have some feedback and history on their DNM accounts just because the chance that the transaction will go flawlessly is pretty much higher and that you are an undercover LEO is much lower. This is due to the fact that they would require to make several purchases in the bid to be able to order from that vendor.

Here is an example of how a vendor scams and how to fix it.

Scammer
Scam Type
Scam Description
Ways To Spot It
Prevention / Fixation

Vendor

Feedback

The vendor pays the users to buy items, never attempts to deliver the items but the users leave behind positive feedback to make it seem like the sales were legitimate (in order to prevent the feedback manipulation being counter tracked to the vendor).

Multiple feedback having similar qualities and spelling.

Check all the forums, Reddit, and the vendor review threads of the particular vendor.

Vendor

Feedback

The vendor utilizes a puppet account or alternate account and votes on their own product.

Multiple feedback having similar qualities and spelling on the vendor profile.

Check all the forums, Reddit, and the vendor review threads of the particular vendor.

Vendor

Feedback

The vendors literally blackmail the clients to leave behind positive feedback.

Multiple feedback having hostile, short, or even confusing reviews that are reported on forums.

Check all the forums, Reddit, and the vendor review threads of the particular vendor.

Vendor

Escrow

The vendors send empty boxes to the customers and the tracking too indicates its arrival. They do not support photo evidence as the buyer might remove the item and take a snapshot.

Feedback that indicates the package has never arrived along with the vendor reviews.

Verify if the vendor is legit and feedback that supports its claims. Always ask for tracking.

Vendor

Escrow

Doesn’t send any item but has received 50% to 100% of which the total is a profit.

Feedback that indicates nothing was sent and false/unresponsive tracking numbers were issued.

Verify if the vendor is legit and feedback that supports its claims. Always ask for tracking.

Vendor

Finalize Early

Doesn’t send any item but has received 100% of which the total is a profit

Feedback that indicates nothing was sent and false/unresponsive tracking numbers were issued.

Verify if the vendor is legit and feedback that supports its claims. Always ask for tracking.

Vendor

Feedback

The vendor sends a fake Love Letter instead of the product.

You receive a Love Letter that does not indicate that it came from the original source.

Just check if it is known what exactly a real love letter looks like and show the support and the alleged love letter.

Buyer

Feedback

Extort the vendor for more items or refund in terms of feedback manipulation.

The buyers are hostile while demanding products.

Make sure that you know the buyers before selling them your products and limit the first time sale to a smaller quantity/small items.

Buyer

Feedback

Leaves negative feedback even when the order was a successful one.

Buyer messages that are unclear or the buyers that seem to be unaware of how to completely use the DNM.

Make sure that the buyer you are dealing with is intelligent enough and understands the native language of the market. Start off with smaller batches.

Buyer

Finalize Early

Finalizes Early

The buyer makes certain assertions that they would FE or that the FE will be done as a compliment.

Just inform the buyers that the FE is not required and also state it on your profile multiple times.

Buyer

Escrow

Finalizes Early

The buyer makes certain assertions that they would FE or that the FE will be done as a compliment.

Just inform the buyers that the FE is not required and also state it on your profile multiple times.

Buyer

Escrow

The buyer claims that the item did not arrive at them when the tracking indicates that it did arrive at them.

Resolution or PM that indicates the order did not arrive.

Just send the tracking number. If that proves to be valid, it can be utilized to obtain a 100% resolution.

Buyer

Escrow

The buyer claims that the item did not arrive at them when the tracking indicates that it did arrive at them.

Resolution or PM that indicates the order did not arrive.

Bring that to resolution and utilize tracking in the future.

Buyer

Direct Message

The buyer makes threats over the order and does not send it to resolution.

Hostile or self-centered buyer messages.

Do not respond unprofessionally. Also, do not antagonize them or over-explain things while reporting them immediately to the admins.

Being a good buyer is equally important as choosing a good vendor. Below are some of the essential tips that will help in a smooth transaction:

• You must always order sober. You will definitely make mistakes while being high and logging into a market.

• Before ordering any stuff, always read the vendor’s page completely. They might have special requirements that need to be fulfilled. Most of the questions for them can be answered in this manner.

• Be polite to both the vendor

  and

  the market staff as this will help you go further than expected.

• Do not wait for the last moment to raise a dispute. Sometimes the market clock may count differently than what you expect. You need to make sure to raise a concern at least half a day before the Auto Finalize timer runs out. Also, make sure to contact the vendor at the very first if you face issues with your order and do not straight jump into raising it. Often the vendors are ready to resolve without even a dispute.

• If you are in a dispute, be respectful and calm. You need to explain your situation by utilizing just the facts that are available to you without any assumptions or accusations. You should also provide the desired outcome to your issue and express willingness to compromise where appropriate.

• Use correct grammar and frame well-structured sentences while conversing. Make sure to properly encrypt all your messages and address.

• After you have made a purchase, within a day or two afterward login to your account so that the vendor does not have a question or issue regarding your order. Continue to check until it says the product has been shipped.

• When you get your package, just finalize the order so that the vendor receives their money. But at the same time,

  wait to give your valuable feedback until you have thoroughly tested your product

  . You often cannot update the feedback once it has been placed.

• Keep your messages short, sweet, and simple which is valuable to most of the vendors.

• Always be patient and remember this isn’t Amazon. Most of the DNM vendors possess a special way of getting out their packs. An ideal rule of domestic orders is 7 days DNM to Door, which is a reasonable amount of time.

• Never ever

  ask for tracking unless and until a substantial amount of time has gone past. Before asking the vendors about your tracking, ask them if he could give a heads up on the package at first.

• You must not double encrypt. This indicates that you must encrypt your address using the Tails and then paste that address in the message field on the market. Uncheck the box that displays PGP encryption else the message will be double encrypted that absolutely does not add the necessary security boost but annoys the vendor.

• You do not require to include your public PGP key in the messages that you send to the vendor as you already have it entered in your market settings. If you have not done it, you are advised to do it

  immediately

  . In case you still want to, you can go ahead and include it in the bottom of the first message to that vendor (such as “Here is my public key:<public key here>” ) so he does not have to go to your profile to get the public key.

• Leave honest feedback and also finalize the minute you receive your pack and have accessed all of its content.

• Keep your PGP keys current on the DNM. That means that if your key gets expired post a year, you should replace it immediately with the newly generated one in your settings on the DNM.

• You must not message a vendor before placing an order and claim certain things in high hopes of getting some sort of a deal or any preferential treatment. Vendors often do get these claims most of the time. Vendors often do receive tons of messages each day and they notice the buyers that are easy to work with. In the end, after a few successful orders, you can send them a PM informing them how you like their service and ask if they can get bulk orders which are bigger than what they list and what the prices would be. Then they may start to offer you the best deals.

• The vendor does not require to know that you might be placing an order in the upcoming few days.

• In case you agreed upon a special request, different stealth, specific artwork or even modified shipping and more with the vendor, make sure to put the same information in with your address. This way when the vendor is working on your order, it will be right in front of them.

• Did you receive too much of a product or other product that you have not ordered? You need to contact the vendor and explain the situation. You would not be pressurized to send back the product or send the vendor some money but eventually, the vendor would know that he had made a mistake while packaging. Then he would not wonder why the other customer has not received the order.

If You Face Legal Issues

Note: This is specifically applied to the Americans. In other countries, like the UK, it can be a little different and remaining silent could be used legally against you. Thus, make sure to research the legal situation in your country for yourself as well.

If you happen to encounter law enforcement due to certain serious issues like a controlled delivery, just say nothing. You could hire the best lawyer on speed dial and still receive a decade in jail as you have talked to the cops and already incriminated yourself, be it willingly or otherwise. You can check /u/kenpopehat for reference.

Do not also deny anything. If you have not been arrested but detained, the only thing that you must say is: “Am I free to go?” And some other version of “Me. Lawyer. Now.” Plus invoke your right to keep silent.

Additionally, you must also refrain from making any statement as anything that ends up not being true can add you being a criminal for other offenses. They will imply all sorts of scare tactics and/or some promises/deals. Let them handle that with your lawyer.

Receiving or Researching A Lawyer

This is a crucial step. All you have to do is follow the steps in this chapter before placing your very first order because if you get into trouble later, you would not have much time to research a lawyer properly.

As soon as you get into legal trouble, the LE would try to get talking to you and admit as many crimes as possible. They have often utilized various tactics that an uber countermeasure is looking for a lawyer beforehand. You will just have to tell them that you would speak to only your lawyer and will be able to avoid any criminal discussions with the LE officers.

It is always ideal to look for two different law firms who are experienced with drug cases and are also successful at their responsibilities. After finding them, just write their details like numbers and locations on multiple pieces of paper as your electronic devices might get seized during a search. Store them in your wallet, desk, and phone cases.

When encountering such legal situations, you can just call a number from the note. Also, keep away some money at your side to pay the lawyer in case you have to hire one. Additionally, remember to look up the laws that you are breaching. You can easily get past harsher sentences by avoiding the pitfalls if you are already aware of them. You must not be utilizing or bearing guns when violating drug laws also as this will increase your penalty drastically in most of the countries.

If the LE is questioning you, tell them that you only speak to your lawyer. Do not get scared of their tactics.

Do you own PGP, Electrum, and also your market account set up? Well then, just back up the data in order to not lose your access to accounts and money.

Tips

Making a purchase is one of the most intriguing parts. But before you do that, there are certain things that you should consider:

• If you are a first-timer and a noob, you must stick with the domestic orders only to get a feel of how this works.

• Make sure to perform proper market and vendor research.

• Stay safe and be sure to have researched the product that you intend to purchase. Erowid has in-depth information and first-hand experience reports, substance laws about many products that are available on the DNMs.

• Another best practice is to know exactly how much to send to the market (example: the price of the products, commission fees, and shipping) and having that cryptocurrency ready.

• Sometimes it takes a little longer to transfer the BTC into a market wallet. Always know that BTC is volatile and the price can spike or nose dip abruptly. Thus, it is a good idea to transfer a little extra than expected. You can withdraw the extra BTC anytime and move it to a personal wallet once the order has been successfully placed which you should always do.

• Cross-check double and triple times that you wrote your address accurately. This could be either according to the vendor preference as mentioned in his profile description or to the recommended standard of your country. If you goof up, you can get into legal trouble and your vendor would be unhappy. After you have made your first order, store the written address in a .txt file (a text file) in your persistence directory (which is the home/Persistence) and just copy it from there in all the future orders. Also, confirm with your vendor if he wants in any other format from the one you have copied in the .txt file.

• You must include your

  PGP Encrypted

  address in the order. Most of the markets have some kind of buyer/order notes in which you have to put in.

• By any chance you make a mistake while providing your address in the order information, inform the vendor as soon as possible.

• To keep away your vendor from the exit scams, it is better to stay in escrow or use a multisig.

• If you have already entered your public PGP key in your profile settings, then it is absolutely not necessary to include it again in your messages.

• If it seems too good to be true, then it might be.

• Overnight shipping is mostly unlikely from any vendor . It is quite misleading because it is not possible in the majority of the cases as the order arrives almost always later.

Tips

It is regarded as very important to give feedback and rating to a vendor such as using a multisig or escrow. It serves as your voice to the vendor and any future patrons of that particular vendor business. It must be taken seriously. Honestly, it is the sole means of regulating how business is actually conducted and it is what maintains the clarity of the products that you will find on the markets. The combination of feedback and ratings left behind by the customers is paramount while choosing a vendor.

• Communication:

  Although this must be kept to a minimum while sometimes it is not needed at all. Just the speed of responses and professional interactions are what need to be focused on.

• Efficiency:

  The rate of speed at which the order is accepted and marked as shipped. The vendor cannot control the arrival speed and it generally falls on the delivery service. The fair margin is 7 days Tor-to-Door domestic. Plus there are holidays and poor weather issues.

• Packaging:

  The absolute necessity is Vac-seal. Also, adequate stealth needs to be brought under consideration but not all vendors go overkill. Your parcel needs to be scent and weatherproof having some visible barrier in case the parcel gets damaged while in transit.

• Weight:

  You must receive what you have paid for. Heavy packages are common and should also be praised. But the light packages are just as common.

• Purity:

  In this case also, you must get what you have paid for. The purchase must come as advertised and must be known to the user before they leave any rating or feedback.

Ratings are important to grow a vendor’s business while the feedback is most important for the rest of the community. Your feedback will stay as long as the vendor shop is open (other users will not know who wrote which feedback). Here are some tips in this regard:

1. Feedback must only be left behind after you have received the package and have assessed all of his contents. This is when you must finalize your order.

2. Feedback must be honest so that other people will know what to expect.

3. Keep in mind that this is a Darknet market and not your regular Amazon e-commerce website. Thus, anything less than a perfect rating can really destroy a vendor business. So you need to be considered while rating them.

4. Before you leave bad feedback or anything of that sort, you need to contact the vendor first to check if they can help. Always be courteous and you never know, you might end up leaving behind perfect feedback.

If you are eager to post a review on /r/DarkNetMarkets in order to make sure that you follow the steps in using Reddit on Tor chapter and utilize one of the vendor review templates. In order to include images in your review, you must make sure to read the following chapter named uploading images securely. 

Are you being threatened or blackmailed by a vendor?

Sometimes the vendors lose it and start threatening you. Sometimes they might just want to dox you (this means they wanted to release your personal information such as your address) or report you to the LE.

If something like this happens to you, then you must at first need to stay calm. You must follow the steps that are mentioned here and you will have pretty little to worry about. Moreover, you must also report him in no time to the market staff and explain the situation in a sober tone without insulting or demeaning. That way you will be having the best chances to win over the argument and get the vendor banned.

If you have followed all the tips mentioned in the chapter on how to be a good buyer, then you already have an added advantage as all your messages have been written in a polite, calm, and respectful manner. So the market staff will see clearly that you have stayed down to Earth and probably the vendor is nuts.

Threats such as sending the LE to your address are much rarely followed via those who write them as they would have to compromise their personal darknet markets OpSec such as calling the cops and it would be a lot of hassle for them just to bust a single buyer. Therefore, these threats are often made just to scare you that would force you to hand over your money to the vendor.

Also, make sure to clean your residence so that there isn’t anything illicit or suspicious like a bong. That way you can prove yourself to be innocent even if LE pays a visit. It is also highly unlikely that the vendor will personally visit you or send someone as he is just telling stuff to win the dispute by threatening you and is hiding behind the computer screen. It is also probably ideal to not place any new orders for some time, at least until the matter gets resolved.

You can also go ahead and make a post on /r/DarknetMarkets naming the vendor and shaming him as long as you publish the proof in favor of it.

Images can speak a lot of words and can also reveal your true identity, even if you have followed all the steps mentioned in the DNM Bible. Thus, it is very important to read and abide by this chapter too as it can help you not get jailed. With the latest advancement, the basic forensic photo/video software is capable of doing much more. Thus, now it can be imagined what the forensic software on steroids LE can purchase with all their money.

Creating A Photo

Take a note that even if you follow all the tips mentioned in this chapter, it is still possible to identify the camera that you have used due to the other camera-specific data that proves to be much harder to be obfuscated. So it is strongly recommended that you either make use of a throwaway camera or the one that you have never used to take pictures and upload online anywhere.

In order to receive the image for your camera or the mobile phone onto Tails, simply stick the SD card on to your computer or connect your mobile with a USB cord to your desktop when you boot Tails.

Removing The Traces

In order to remove the basic traces of the images that you want to upload, you need to do the following steps. Also, keep in mind that this isn’t 100% protection against forensic methods. All you have to do is right-click on the image and hover over “Open With” and then select “GNU Image Manipulation Program” from the context menu.

Note: You can also enable the Single-Window Mode by simply clicking on ” Window” located at the top of the middle window that shows your image. This might make the GIMP a tad bit easier to work with.

Now you need to crop the image in order to remove any background details that could identify you using the “Crop Tool” in the toolbox located on the left side. Then click on the knife icon saying “Crop Tool: Remove edge areas from image or layers”. After you have selected the area that you are willing to keep in the image, just press Enter. Next, apply some noise to the image via filters. Head to “Filters” (located at the top of the middle row) -> ” Noise” -> “HSV Noise”. The default values must be enough to remove any sort of unique differences in the sensor in the camera that might have been used to identify you. Nevertheless, if you are paranoid, just play around with the settings in order to find out that something is still relatively clear but it applies more noise.

Save the image by heading to “File” -> “Export As…” And store them in your Persistence folder. Uncheck all the other options that you will find (the list contains entries such as “Save Resolution”). Now repeat the above steps for each image that you want to upload.

Note: This process too removes the EXIF data. It is the abbreviation for Exchangeable Image File, which is a format standard for storing interchange information in the digital photography image files utilizing the JPEG compression. Almost all of the new digital cameras use the EXIF annotations, storing information on the image. This information can be utilized to de-anonymize you, for example, due to the fact that your smartphone puts the GPS coordinates where the photo was automatically made in the EXIF data. But you do not need to worry about it any longer as the data has already been removed.

Optional: In order to verify this, you can right-click in the file browser and choose “Open in Terminal”. After this, enter the command (say your image name is image.jpg):

ExifTool image.jpg

This will return a short table of information that does not contain any unnecessary information that could de-anonymize you. In order to see the difference, you can execute that command before you can clean up the metadata.

Now copy the clean images to Home -> Persistence -> Tor Browser. This is crucial because the Tor browser can only access that particular part of your file system.

Note: The file names even may be used in order to identify you. So you need to change them in the bid to remove any information that might help out the LE (also includes date/time).

If you are not willing to keep the images, delete them securely from your Persistence volume by right-clicking on it -> “Wipe”. You must also wipe the images from your camera or phone utilizing a secure deletion tool if possible. If it is not possible, kindly remember that deleting the images simply will leave the data on your camera until it has been written over with the other images.

Uploading The Images

In order to select an image hoster to upload your image, make sure to use the Superlist. You need to make sure that you choose one that permits the Tor users to upload the images (which again is the case with all the listed hoster on the Superlist). The ideal thing is it should also not require JavaScript for uploading nor viewing the images and, in case it is the clearnet website, you need to provide a secure connection like https instead of Http.

Disclaimer: Read the complete disclaimer here.

Xem thêm bài viết thuộc chuyên mục: Tips – IT and Computing