Chapter III. Safety and OpSec
Phishing defence, wallet hygiene, comms rules
The technology under Tor markets has not failed once in ten years. The people using them have failed constantly. This chapter is a list of the mistakes that lose accounts and money, and the boring habits that prevent them.
§1. Phishing defence
Almost every lost TorZon account gets phished, not hacked. The pattern is always the same. Somebody clicks a link from a search-engine result or a forum banner. The page looks identical to the real login. They type the password. It goes to the attacker. Two habits stop this:
- Copy addresses only from a signed source or a trusted bookmark. Never from search results, chat messages or forum posts you did not verify.
- Read the captcha string every session. The onion baked into the captcha image must match your URL bar. If it does not, close the tab.
§2. Wallet hygiene
Coin that funded your market wallet must not be traceable to your identity. If you buy Bitcoin from a KYC exchange and send it straight to the market, the exchange withdrawal record ties your ID to your market account. Route through a fresh wallet, or better, buy Monero peer-to-peer.
- Use Monero as the default deposit coin.
- Keep the market wallet balance sized to the current order, not to a year of orders.
- Withdraw promptly after the escrow releases.
§3. Communication rules
Every serious Tor storefront has an on-platform PGP-encrypted message system. Use it. Do not move the conversation to Telegram, Signal, Wickr or clearnet email. Every off-market channel is a new attack surface with weaker guarantees.
Encrypt shipping details locally to the vendor PGP key before sending. That way the storefront sees only ciphertext for the sensitive fields even if the storefront database gets seized.
§4. Bookmarks and habits
- Bookmark this site inside Tor Browser only. Do not save the URL in a browser you use for logged-in clearnet accounts.
- Use New Identity between sessions and between accounts.
- Close Tor Browser between sessions. Do not leave it open for days.
- Never type your Nexus password into a page you got from a search-engine banner.
§5. Never do these
- Log into a clearnet account (Google, Facebook, your bank) in the same Tor Browser session.
- Stack a VPN underneath Tor. The combination adds latency without measurably adding privacy.
- Open downloaded documents in a normal application. PDFs and archives can phone home the moment they open outside Tor Browser. Open them inside Tails or a Whonix workstation instead.
- Finalise early (FE). Finalising before the order arrives drops escrow protection. The two most common Tor market scams are fake mirrors and FE-baiting.