Security & OpSec Guide

Mandatory protocols for safe navigation of WeTheNorth Market infrastructure.

[WARNING] DEVIATION FROM THESE PROTOCOLS MAY RESULT IN LOSS OF FUNDS OR IDENTITY EXPOSURE.
0x01

Identity Isolation

The foundation of operational security is strict compartmentalization. Never mix your real-life identity (clearnet) with your Tor identity.

  • No Username Reuse: Never use usernames, handles, or passwords that you have previously used on clearnet websites or other services.
  • Information Silos: Warning: Never disclose personal contact information, location data, or timezone references in communications.
  • Dedicated Hardware/OS: Advanced users should utilize specialized operating systems like Tails or Whonix to enforce absolute isolation at the hardware level.
0x02

Defense & Verification

Man-in-the-Middle (MitM) attacks occur when an adversary intercepts your connection, presenting you with an identical interface to steal credentials and intercept deposits.

MANDATORY: Verifying the PGP signature of the onion link against the market's known public key is the ONLY cryptographically sound way to ensure you are connecting to authentic infrastructure.

Do not trust links sourced from random wikis, anonymous forums, or Reddit. Rely solely on cryptographically verified directories.

Example of properly formatted infrastructure link for verification:

0x03

Tor Browser Hardening

The Tor Browser provides structural anonymity, but default settings leave attack vectors open. You must adjust internal configurations before accessing market infrastructure.

Security Level

Set the security slider to "Safer" or "Safest" immediately upon installation.

JavaScript Execution

Disable JavaScript entirely (via NoScript configuration) wherever possible to prevent execution-based de-anonymization.

Window Sizing

Never maximize or manually resize the Tor Browser window. Doing so alters your viewport dimensions, creating a highly unique data point used for browser fingerprinting.

0x04

Financial Hygiene

Blockchain analysis is highly sophisticated. Direct transfers from centralized exchanges (KYC platforms) to market infrastructure will permanently link your legal identity to darknet activities.

  • NEVER send Bitcoin directly from an exchange (e.g., Coinbase, Binance, Kraken) to WeTheNorth Market.
  • ALWAYS use an intermediary personal non-custodial wallet (such as Electrum for BTC or Monero GUI).

Cryptocurrency Standard

We strictly recommend utilizing Monero (XMR) over Bitcoin (BTC). Monero's protocol level privacy (Ring Signatures, Stealth Addresses) obscures sender, receiver, and transaction amounts by default.

0x05

PGP Encryption (The Golden Rule)

"If you don't encrypt, you don't care."

PGP (Pretty Good Privacy) is non-negotiable. It ensures that only the intended recipient can read your message, rendering database seizures or intercepted transmission useless to adversaries.

Client-Side Encryption Only: All sensitive data (especially shipping addresses) MUST be encrypted client-side. This means encrypting the text on your own localized hardware (using tools like Kleopatra or Gpg4win) before ever pasting it into the market interface.

Never Use Auto-Encrypt: Do not use the "Auto-Encrypt" checkbox provided on marketplace websites. Server-side encryption requires trusting the server with plain-text data. If the server is compromised, your plain-text data is captured before encryption occurs.