Operational Security
Mandatory protocols for identity isolation and cryptographic verification. Failure to adhere to these standards compromises the integrity of the DarkMatter network and user anonymity.
01 PGP Encryption
PGP (Pretty Good Privacy) is not optional. It is the mathematical backbone of darknet security. Without it, you are broadcasting your data in plain text to every relay node and potential adversary.
Client-Side Only
Always encrypt messages on your own device using software like Kleopatra or GPG4Win. Never paste plain text into a webpage.
Avoid Auto-Encrypt
Never use the "Auto-Encrypt" checkbox on markets. If the server is compromised, your clear-text message is exposed before encryption happens.
# Example: Verifying a signed message
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
DarkMatter Mirror Verification Proof: 2024-02-04
-----BEGIN PGP SIGNATURE-----
...
02 Phishing Defense
Phishing via "Man-in-the-Middle" (MitM) attacks is the most common vector for account theft. Attackers create clones of the site to steal credentials.
-
Trust No Link Do not use links from Reddit, Wikipedia, or random forums. Only use links signed by the official DarkMatter PGP key found on the Mirrors page.
-
Verify the Signature Before logging in, verify the PGP signature of the onion domain. If the signature does not match the known public key, leave immediately.
03 Identity Isolation
Your digital footprint on the Tor network must be completely severed from your clear-web identity. Cross-contamination leads to de-anonymization.
Username Hygiene
Never reuse usernames from Steam, Reddit, Discord, or other forums. Create a unique identity for DarkMatter.
Password Uniqueness
Use a password manager (KeePassXC). Generate a random 32+ character password. Never reuse it.
No Personal Data
Never discuss your location, age, profession, or weather. Linguistic analysis can pinpoint your origin.
Separate Hardware
Ideally, use a dedicated laptop or a live OS like Tails. Do not use your work computer.
04 Financial Hygiene
The Exchange Trap
Never send funds directly from a KYC (Know Your Customer) exchange like Coinbase, Binance, or Kraken to a DarkMatter wallet. This creates a permanent, traceable link on the blockchain between your ID and the market.
The Correct Path
Always route funds through a personal wallet you control. Use Monero (XMR) whenever possible due to its ring signatures and stealth addresses, which obfuscate the sender, receiver, and amount.
05 Tor Browser Hardening
| Setting | Recommendation | Reason |
|---|---|---|
| Security Level | Safer / Safest | Disables dangerous web features. |
| JavaScript | DISABLED | Prevents script-based de-anonymization. |
| Window Size | Default (Do not resize) | Prevents screen resolution fingerprinting. |
| HTTPS-Only | ENABLED | Forces encryption on exit nodes. |