OPSEC Guide
Operational Security for Darknet Users
Critical Warning: Poor operational security has led to the arrests of thousands of darknet users. Technology alone cannot protect you - your behavior and habits matter more than any tool. Read this guide carefully.
What is OPSEC?
OPSEC (Operational Security) is the practice of protecting sensitive information by analyzing your own activities from an adversary's perspective. It's not just about using the right tools - it's about understanding how your actions, habits, and mistakes can expose you.
The OPSEC Mindset
- Assume you're being watched - Act as if every action is being logged
- Compartmentalize identities - Keep darknet activity completely separate from real life
- Minimize your footprint - The less you do, the less can go wrong
- Trust no one - Everyone online could be law enforcement or a scammer
- Plan for failure - What happens if one part of your security is compromised?
Golden Rule: The weakest link in your security chain determines your overall security level. One mistake can undo months of careful behavior.
Video Tutorials
Learn OPSEC from privacy and security experts:
Privacy & OPSEC Guide
Go Incognito - Essential security practices
Tails OS Complete Guide
The Hated One - Installing and using Tails
Threat Modeling Basics
Privacy Guide - Know your risks
How People Got Caught
DEF CON - Real OPSEC failures
Operating Systems
Your choice of operating system is the foundation of your security. Windows and macOS are not suitable for darknet use - they contain extensive telemetry and are not designed for anonymity.
Tails OS (Recommended for Beginners)
The Amnesic Incognito Live System
Tails is a portable operating system that boots from USB and leaves no trace on the computer. All traffic is automatically routed through Tor. When you shut down, everything is erased.
Advantages
- Leaves no trace on host computer
- Forces all traffic through Tor
- Amnesic - forgets everything on shutdown
- Can use on any computer
- Pre-configured security tools
- Persistent storage option available
Limitations
- Requires USB boot capability
- Limited software availability
- Not suitable for prolonged use
- Can be slow on older hardware
Whonix (Recommended for Advanced Users)
Security by Isolation
Whonix uses two virtual machines - a Gateway that handles all Tor traffic, and a Workstation where you do your work. Even if the Workstation is compromised, your IP cannot be leaked.
Advantages
- Strongest IP leak protection
- Can run alongside regular OS
- Persistent environment
- Full software availability
- Stream isolation built-in
- Can run multiple workstations
Limitations
- Requires more technical knowledge
- Host OS could be compromised
- Higher hardware requirements
- More complex setup
Qubes OS (Maximum Security)
A Reasonably Secure Operating System
Qubes uses hardware virtualization to isolate different activities into separate virtual machines. Combined with Whonix, it provides the highest level of security available.
Advantages
- Compartmentalization by design
- Hardware-level isolation
- Can run Whonix natively
- Excellent for separating identities
Limitations
- Steep learning curve
- Requires specific hardware
- Resource intensive
- Not beginner friendly
Recommendation: Start with Tails. It's the simplest to use and provides excellent security out of the box. Move to Whonix when you need persistent environment and more flexibility.
Identity Separation
One of the most critical OPSEC principles is keeping your darknet identity completely separate from your real identity.
Never Cross the Streams
- Separate hardware - Dedicated laptop for darknet use (ideally paid in cash)
- Separate network - Never use home WiFi directly; use public WiFi or purchased mobile data
- Separate accounts - Never log into personal accounts while on Tor
- Separate writing style - Your writing patterns can identify you (stylometry)
- Separate schedule - Don't be active at predictable times matching your timezone
Digital Fingerprinting
Many things can uniquely identify you:
- Browser fingerprint - Screen resolution, fonts, plugins, timezone
- Typing patterns - Speed, rhythm, common mistakes
- Writing style - Vocabulary, sentence structure, punctuation habits
- Activity patterns - When you're online, how long, how often
- Technical preferences - Choice of tools, file formats, naming conventions
Real Example: Ross Ulbricht (Silk Road) was identified partly because he used the same username "altoid" on both clearnet and darknet forums. One slip is all it takes.
Physical OPSEC
Digital security is useless if you're physically compromised.
Hardware Security
- Dedicated device - Use only for darknet, nothing else
- Remove/cover webcam - Malware can activate it
- Disable microphone - Same reason
- Remove hard drive - Boot only from USB (Tails)
- Secure storage - Hide hardware when not in use
Network Security
- Never use home WiFi - IP address leads directly to you
- Use public WiFi carefully - Far from home, no cameras, different locations
- Consider mobile data - Prepaid SIM bought with cash, used far from home
- MAC address spoofing - Tails does this automatically
Environmental Security
- No cameras - Be aware of surveillance cameras
- No witnesses - Don't use darknet where others can see your screen
- Full disk encryption - Protect data at rest
- Plausible deniability - Hidden volumes for sensitive data
Communication OPSEC
Message Security
- Always use PGP - Encrypt all sensitive communications
- Verify signatures - Confirm you're talking to who you think
- Minimize information - Share only what's absolutely necessary
- No personal details - Never mention real life information
- Use pre-written templates - Reduces writing style fingerprinting
Address Security
- Use drops - Never ship to your actual residence
- Rotate addresses - Don't use the same location repeatedly
- PO boxes require ID - May not be anonymous
- Consider timing - Receiving packages establishes presence
Address Tip: Always PGP encrypt your shipping address. Even if the market is compromised, encrypted addresses require the vendor's private key to read.
GitHub Security Resources
Tools and resources for operational security:
OPSEC Checklist
Before Every Session
- Boot from Tails USB or start Whonix VM
- Verify Tor connection is working
- Check you're not on home network (if using Tails)
- Ensure webcam and microphone are disabled
- Clear any identifying information from clipboard
During Session
- Never log into personal accounts
- Use PGP for all sensitive messages
- Don't download files unless necessary
- Don't click external links
- Be aware of typing patterns and writing style
- Don't share personal information
After Session
- Properly shut down Tails (automatic cleanup)
- Or close Whonix VMs completely
- Secure any physical hardware
- Don't discuss darknet activity in clearnet
Regular Maintenance
- Keep Tails/Whonix updated
- Rotate PGP keys periodically
- Review and prune old accounts
- Audit your OPSEC practices
- Stay informed about new threats
Common OPSEC Failures
Learn from others' mistakes:
- Using real identity details - Name, email, phone number in any darknet context
- Same usernames - Using the same name across clearnet and darknet
- Same passwords - Password reuse allows correlation
- Mixing devices - Using personal phone/computer for darknet
- Using home network - IP directly links to physical address
- Posting photos - EXIF data contains location and device info
- Bragging - Talking about darknet activity in real life or clearnet
- Pattern of life - Consistent timing reveals timezone and schedule
- Writing style - Unique patterns can be matched across platforms
- Trusting others - Anyone could be compromised or law enforcement
Remember: Law enforcement is patient. They collect evidence over years. A mistake you made two years ago could be what identifies you today. There is no "too careful."
Threat Modeling
Not everyone needs the same level of security. Consider:
Questions to Ask
- What am I protecting? (identity, communications, purchases)
- Who am I protecting it from? (ISP, employer, law enforcement, hackers)
- How bad are the consequences if I fail?
- How much effort am I willing to invest?
- What are my actual risks?
Security Levels
- Basic - Tor Browser on regular OS, different browser for darknet
- Moderate - Tails from USB, public WiFi, basic PGP
- High - Tails + dedicated hardware + strict operational procedures
- Maximum - Qubes + Whonix + air-gapped systems + extreme compartmentalization
For Dark Matter: We recommend at minimum Tails OS with proper PGP usage. Higher-risk activities warrant higher security levels.