SYSTEM.SEC.PROTOCOLS

Operational Security Guide

Mandatory protocols for safe navigation of DarkMatter Onion. Failure to strictly adhere to these guidelines results in catastrophic compromise of identity, funds, and persistent operational security failures.

1. Identity Isolation

CRITICAL VECTOR

The absolute foundation of operational security is strict compartmentalization. You must never mix your real-life identity (clearnet presence) with your Tor identity. A single cross-contamination event compromises your entire infrastructure permanently.

  • Do NOT reuse usernames from clearnet websites, forums, or gaming accounts.
  • Do NOT reuse passwords. Every market and forum requires a completely unique, highly entropic password generated locally.
  • Do NOT give out personal contact info, social media handles, or secondary communication profiles.

2. Link Verification & MITM Defense

HIGH RISK

"Man-in-the-Middle" (MITM) attacks are deployed continuously across decentralized networks. Threat actors deploy malicious infrastructure designed to perfectly mirror legitimate interfaces, silently intercepting your encryption keys, passwords, and transaction coordinates.

Verifying the PGP signature of the `.onion` link against the official public key is the ONLY cryptographically sound method to ensure you are communicating with authorized servers.

Example Verification Target (Auto-Selecting):

Never blindly trust links sourced from random wikis, social media, Reddit, or unvetted forums.

3. Tor Browser Hardening

ENVIRONMENTAL CONTROL

The default Tor Browser configuration is optimized for accessibility, not maximum security. To safely operate within darknet architecture, localized hardening is strictly required.

Security Slider

Must always be set to "Safer" or "Safest". This disables remote fonts, mathematical rendering engines, and high-risk media formats that act as exploitation vectors.

NoScript Protocol

JavaScript must be forcefully disabled globally. Threat actors utilize JS execution for advanced browser fingerprinting and zero-day payload delivery.

Window Geometry

Never resize the browser window or maximize it. Doing so reveals your monitor's native resolution, providing a unique data point for device fingerprinting.

4. Financial Hygiene

TRACEABILITY RISK

Blockchain analytics firms actively monitor central exchanges and open ledgers. Direct transfers from KYC-compliant environments to darknet architecture trigger immediate automated flagging.

  • Never send cryptocurrency directly from an exchange (Coinbase, Binance, Kraken) to DarkMatter or any associated node.
  • Always utilize an intermediary, offline personal wallet (e.g., Electrum for BTC, official Monero GUI for XMR) to break direct exchange linkages.
  • Architecture Recommendation: The utilization of Monero (XMR) is strongly advised over Bitcoin (BTC). XMR implements mandatory ring signatures and stealth addresses at the protocol level, severing heuristic traceability.

5. PGP Encryption (The Golden Rule)

MANDATORY PROTOCOL

"If you don't encrypt, you don't care."

Pretty Good Privacy (PGP) is non-negotiable. All sensitive communications, routing definitions, or shipping addresses must be encrypted strictly client-side (on your local machine) using standalone software like Kleopatra or Gpg4win before any text is pasted into a browser instance.

Fatal Error Warning

Never use "Auto-Encrypt"

Relying on a marketplace's "Auto-Encrypt" checkbox is a critical failure of operational security. Server-side encryption requires you to transmit plaintext data across the network, temporarily logging your unencrypted details on the server before the encryption executes. If the server is compromised, seized, or actively monitored, your plain text is exposed permanently.