Hello Everyone!
I wanted to put together some useful information for anybody who wishes to purchase goods anonymously via the DarkNet. My aim is not to promote my own products or services – I simply want to help everybody who comes here to have a safer, more positive experience.
★ Disclaimer: I am not endorsing any sites or services listed below; this post is purely to help inform and educate our community :-)
Contents
1) Places To Buy
2) Understanding Bitcoin
3) Choosing A Vendor
4) Digital Security
5) Physical Safety & Harm Reduction
6) Email
1. Places To Buy
The top 2 markets to buy from currently are Dream and Alphabay
http://lchudifyeqm4ldjj.onion/?ai=71553 ( <- Referral link required to join)
- Uptime 98.34%
http://pwoah7foa6au2pul.onion/affiliate.php?aff=45866 (<-Referral link required to join)
- Uptime 95.95%
However there are several other less used markets available
Agora - > http://agorahooawayyfoe.onion/register/Yp38jeoAcz (<-Referral link required to join) ---- *Offline till further notice
Bloomsfield - > http://spr3udtjiegxevzt.onion ---- Uptime 99.57%
Crypto Market - > http://cryptomktgxdn2zd.onion ---- Uptime 97%
East India Company -> http://g4c35ipwiutqccly.onion/ ---- Uptime 96.85%
French Dark Net -> http://s35ws7u7sj2g3uxm.onion ---- Uptime 99.4%
GotMilk Pharmacy -> http://334bkn7o7ffp6p7a.onion ---- Uptime 99.5%
Hansa -> http://hansamkt2rr6nfg3.onion/affiliate/894 (<-Referral link required to join) ---- Uptime 99.53%
HonestCocaine -> http://honestcqcmljqczq.onion ---- Uptime 84.92%
IDC -> http://2qrdpvonwwqnic7j.onion --- Uptime 99.27%
London underground -> http://lustorecibkvrjhj.onion ---- Uptime 97.38%
Middle Earth Marketplace -> http://mango7u3rivtwxy7.onion ---- Uptime 95.38%
Nucleus Market -> http://nucleuspf3izq7o6.onion ---- Uptime 97.94
Outlaw Market -> http://outfor6jwcztwbpd.onion ---- Uptime 93.29%
Ramp -> http://ramp2bombkadwvgz.onion ---- Uptime 95.31%
RuTor -> http://xuytcbrwbxbxwnbu.onion ---- Uptime 99.12
Silkkitien -> http://silkkitiehdg5mug.onion ---- Uptime 96.08
The Hub -> http://thehub7gqe43miyc.onion ---- Uptime 93.51
The majestic Garden -> http://bm26rwk32m7u7rec.onion ---- Uptime 98.83%
Tochka -> http://tochka3evlj3sxdv.onion ---- Uptime 69.32%
Torepublic Market -> http://nco5ranerted3nkt.onion ---- Uptime 91.61
Another great place to find hidden marketplaces is the list published by DeepDotWeb:
http://www.deepdotweb.com/2013/10/28/updated-llist-of-hidden-marketplaces-tor-i2p/
The list is updated fairly regularly as new markets are added or old markets are taken down.
2. Understanding Bitcoin
What Is Bitcoin?
The Wikipedia page is here: https://en.wikipedia.org/wiki/Bitcoin
Bitcoin (BTC) is a decentralized digital currency. It isn't anchored to gold, or any other asset, meaning its value (when exchanged for FIAT currencies) can fluctuate quite wildly.
Whenever you make a Bitcoin transaction, it is recorded on a public ledger called the Block Chain. This means anybody can see any transaction made (see http://www.blockchain.info). The tough part - the part that makes Bitcoin the currency of choice for anonymous purchases - is linking transactions to people.
To reduce the chances of transaction being traced back to yourself, you can 'tumble' your Bitcoins.
Tumbling Bitcoins
Tubmling your Bitcoins is a way of swapping your original BTC for other people's BTC, in order to sever your Block Chain trail. This makes it more difficult for people to link your purchases to you.
It is important to Tumble your coins through either a Tor hidden service, or using a wallet routed through Tor.
3. Choosing A Vendor
The following links list various vendors on the darknet:
• El Presidente's vendor directory http://directory4iisquf.onion
• Gram's Infodesk vendors directory http://grams7enufi7jmdl.onion/infodesk
Before you buy from a vendor, do your research and make sure you read reviews and discussions on DNM Forums - the Hub has a Vendor area you can look at to gather this kind of information.
You should also learn what it means to finalize early (FE) - markets offering only this type of payment will not get you your money back if the vendor does not send your product: Understand the risks, and only FE with a vendor you trust. If you are unsure, you should find a market offering an escrow service.
If you have a dispute with a vendor, it helps to be polite and try to work towards a resolution that is fair to the both of you before raising a complaint to the market staff. And stick to the facts at all times - lies get uncovered more often than not, and they aren't fair (we're a community!).
4. Digital Security
Deep Dive information https://cryptostorm.org/
There is a lot to do to ensure anonymity. Here I will outline some of the core practices you should be following.
Tails: https://tails.boum.org/download/
Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims to preserve your privacy and anonymity, and helps you to:
> use the Internet anonymously and circumvent censorship;
> force all connections to the Internet to go through the Tor network;
> leave no trace on the computer you are using (unless you ask it to explicitly);
> encrypt your files, emails and instant messages using state-of-the-art cryptographic tools
Linux on a thumb drive or CD running Tails is widely used
Virtual Private Networks (VPNs)
VPNs can offer an additional layer of protection; HOWEVER, not all VPNs are secure. This article on DeepDotWeb can help you separate the good from the bad and the downright ugly: http://www.deepdotweb.com/2014/07/08/is-your-vpn-legit-or-shit/
• NEW - https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/
Please use these sites to see if you are really anonymous (while your VPN is up & running)
IP leaks testing resources:
DNSLeak: http://dnsleak.com/
IPLeak: http://ipleak.net/
IPv6 Leak:http://ipv6leak.com/
E-Mail IP Leak: http://emailipleak.com/
PGP
This is one of THE most important things for you to learn, as it allows you to keep your communications between only yourself and the person you are talking to. Take the time to learn PGP even if you do nothing else.
Windows: http://www.deepdotweb.com/2013/11/11/pgp-tutorial-for-newbs-gpg4win/
Mac: https://gpgtools.org/
Remember to learn the difference between your Public Key and your Private Key - failing to do so could ruin your efforts to remain anonymous.
Tor Project
Always check up on any updates that are made available, as they are usually very important - people are trying to break TOR all the time, and many times these updates are designed to combat any faults found: https://www.torproject.org/
Current version of TBB is 4.5.2 this version has an option when you select the onion and the dropdown appears there's now a "Privacy and Security setting" you can now adjust to diferent levels of privacy and security
5. Physical Safety & Harm Reduction
You are free to choose what you put into your body. I believe that fully. However, you should make this choice only after fully informing yourself of the potential consequences! Here are some great links:
Know what you blow http://cocaineweogeta6y.onion
http://wedinos.org
http://www.dancesafe.org/ (KET, MXE, MDMA, ETC...)
https://www.erowid.org/ (A site for sharing knowledge and experience with chemicals that have an influence on how your brain works)
https://pillreports.org (PILLS)
http://www.grindfactor.com/Forum/forumdisplay.php?1-Drug-Harm-Reduction
Testing Products
This trend in fake drugs is serious - I have heard too many bad stories for my liking. You can buy test kits at:
http://bunkpolice.com/
http://www.eztestkits.com/en/
They are on Ebay as well. Do it and be safe!
(Remember that buying a test kit is NOT a crime - don't stop yourself buying a test kit because you're worried what it might say about you as a person; it's always smart to keep yourself safe physically)
6. Email
Always use encryption for personal safety. I'm not a fan of email however I realize it's a necessary tool at times. Use TOR at all times when accessing them and make sure all sensitive conversations are properly encrypted. Lastly, no one is 100% sure that these e-mail providers won`t comply with Law Enforcement or that they are really private so treat this as information not an endorsement.
http://sigaint.org/ http://sigaintevyh2rzvw.onion/
http://lelantos.org/ http://lelantoss7bcnwbv.onion/
http://www.innocence.se/
http://riseup.net/
http://inventati.org/
http://ruggedinbox.com/
http://mailtor.net/
http://mail2tor.com/
http://onionmail.in/
http://toremail.net/
http://cock.li/
http://www.unseen.is/
http://www.safe-mail.net/
https://tutanota.de/ "
Using Multisig to avoid exit scams
Customers/buyers
Get Electrum 2.0 www.electrum.org/#download
Run Electrum.
Select Create New Wallet and multi-signature wallet, then proceed. If you already have a default wallet, File>New/Restore.
Select 2 of 3 on next screen, then proceed.
You will find your seed generated. Copy it to your clipboard and a text file then #fuckingwriteitdown.
click next, then paste that same seed onto the next screen. Hit next.
Create a password. Don’t skip this step, the password is required to keep your end secure and release funds. Click next.
Copy your master public key, and share it with the market and vendor. Take care not to share your seed or password.
Gather the two master public keys, one from the market, one from the vendor. Paste them each, order doesn’t matter. Next.
“Select Server Manually”, then config to route through Tor. Tor Browser Bundle must be running for this to work.
SSL, SOCKS5, localhost, port 9050
Light in bottom right corner will turn from red to green when connected.
On the receive tab, note that all the addresses start with 3, instead of one. This signifies they are indeed multisig addresses.
You are responsible for funding the correct amount of bitcoins to an address on this wallet. Remember, any funds transfered there can’t be transfered back without without 2 of 3 consensus. Be careful to send the correct amount. After this is done, your work is done until it’s time to finalize the transaction (which you will do in a timely manner, as you are not a little bitch).
Vendors it’s your turn!
Generate your Master Public Key
Get Electrum 2.0 www.electrum.org/#download
Run Electrum.
Select Create New Wallet and multi-signature wallet, then proceed. If you already have a default wallet, File>New/Restore.
Select 2 of 3 on next screen, then proceed.
You will find your seed generated. Copy it to your clipboard and a text file then #fuckingwriteitdown.
click next, then paste that same seed onto the next screen. Hit next.
Create a password. Don’t skip this step, it is for your security. Click next.
Copy your master public key, and share it on your market profile. Take care not to share your seed or password.
end the creation, you will not be making a wallet at this time. This is done by deleting the wallet file.
To open your end of a wallet created by a customer/buyer (this is for each order).
File>New/Restore, name the file.
Select “Restore a wallet or import keys” and “multi-signature wallet”. next screen, 2 of 3. next.
Paste your previous generated master public key.
Gather the two master public keys, one from the market, one from the buyer. Paste them each, order doesn’t matter. Next.
Verify the correct funds are present.
You are responsible for creating two transactions. One is to pay the market their previously agreed upon share. The other is to pay yourself the rest to the correct bitcoin address. You won’t be able to complete these, but you will generate the text needed for the customer or market to sign off on these transactions. These will be exported as .txn text files, which you can then copy and share the contents to the market message system, for the buyer or market to fully sign the transaction.
Click the send tab
enter correct address, and amount, then click send.
Agree to the fee.
Provide your password.
save the file. repeat for each transaction, ideally the markets small share first.
Open the files in a text editor, and share on the markets message system.
Wait to get paid once the buyer receives their package.
Finalizing
Open the correct multisig wallet. Nothing will work unless you are in the right wallet.
Tools>Load Transaction>From Text
Copy paste each transaction (one at a time), starting with paying the market first.
It should load up a small window, giving signing as an option. Make sure all the details look correct before you sign!!!!!!!!
Repeat for vendors transaction.
Congratulations! The transaction is complete!
Disputing
Weather it’s the vendor or buyer disputing, they are responsible for providing a return address. The market is responsible for generating the transaction text. The winner of the dispute is responsible for signing/finalizing the transactions and making sure the the coins are going to the right address."
https://www.deepdotweb.com/2015/03/21/multi-signature-transactions-electrum-2-0/
Complete PGP Tutorial For Newbs (Gpg4Win)
Tutorial for Gpg4Win using Kleopatra can be found here.
We found a great tutorial posted on deepdotweb today about how to stay safe and use PGP.
The link to the original article is this: http://www.reddit.com/r/DarkNetMarkets/comments/1qdzl8/guide_pgp_4_n00bz/
All the credit for the tutorial goes out to this reddit user: BenZoThr0w – http://www.reddit.com/user/BenZoThr0w
=====
The goal here today is to try and educate n00bZ on what PGP is, how to install GPA, I’m making the guide because I educated myself on PGP and it took awhile for me to understand it. So here is a picture guide to installing and creating a PGP key to encrypt and de-crypt messages.
=== BACKGROUND of PGP ===
Basically, each individual has a unique PGP key. In the program GPA, you import peoples unique key to your list of keys. When you go to write a PGP message, you type it normally in the clipboard { you’l learn about the clipboard later, it’s your friend } and then press an encrypt button, which then lets you pick from your unique list of keys to encrypt to, where ONLY that person can read it. [ this is why people give their public keys out, so anyone can encrypt them a message ] === THE STEPS ===
– Step One –
Okay, so first things first, let’s get a PGP program. One of the most popular is GPA. Head over to this link to download gpg4win which includes GPA {you can see a list of the programs gpg4win contains to the left of the download page, GPA is one of them}
Download: http://gpg4win.org/download.html
IMPORTANT !!!!!!! ***********************
When installing gpg4win you get the option to install which programs you want from the package. By default, GPA is not checked. MAKE SURE YOU CHECK GPA! You need it in order to easily encrypt and decrypt messages. This is what it looks like during the installation:
Next, you want to make a PGP key. Remember, none of the details need to be valid. I’d use your online name or a different alias when making your key. Something that isn’t your gamertag for online games, or anything that may tie to you. A completely new alias. The e-mail doesn’t need to be valid at all. Here are some pictures to help you through the process. Also make a backup of your key!!!
First, click the keys in the menu at the top. Alternatively, you can click CTRL+N to begin the process of creating a key. Shown here:
You will go through a set up, where you make a name for your key, which I suggest you use an alias. Shown here:
After selecting your alias it asks for an e-mail adress. This e-mail should be non existent, and be linked to a website that also doesn’t exist. Shown here:
Then you’re asked to make a backup of your key. I highly suggest you do this! Although you can make a back up at any time, you should just do it now. This is where your public key will be that you give to others to contact you. Shown here:
– Step 2 – Find Your Key –
Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.
When sharing your key with others, you wan’t to copy and paste from the beginning dashes to the end dashes. Exactly how I have copied and pasted above.
— HOW TO IMPORT SOMEONE ELSES PGP KEY TO YOUR GPA PROGRAMS —
You see people giving their public keys away so others can contact them. Simply open a notepad file, copy and paste their key and import it using the GPA program. I will show you how to do this.
First make a blank text file and copy the users pubic key to it. Shown here:
Then, in the Keys menu where you made your key, select import keys. Shown here:
Select the Text file you saved with the public key in it. Shown here:
Then you should get this if the key was successfully imported:
Now, lets send an encrypted message.
First, open the clipboard. You can get there through the Windows menu or through the clipboard icon on the quickbar. Shown here:
Then after opening clipboard type the message you’d like to send and select encrypt at the top of the clipboard window. Shown here
When you press encrypt, you are given a menu shown below. In this menu you select what key you’re using to send the message, and what key is going to be receiving the message. I chose to send the fake account used to make this tutorial a message with my personal account. Here’s what that menu looks like:
After you select who’s sending and who’s receiving you should get an encrypted message that looks like this:
This encrypted message is what you send instead of cleartext. So when messaging on websites, simply paste the PGP message. If you receive a PGP message, you can also use the clipboard to decrypt the message you have received by opening the clipboard, pasting the PGP message you got, and then pressing the decrypt button, shown here:
That about sums it up. I hope that people with questions on PGP and how it’s used can be solved here, as I tried to make the tutorial as noob as possible. Please be safe when communicating confidential or sensitive information on websites. Always PGP. Never FE. Be safe people. If you have questions, comment, and I’ll try my best to answer them.
=====
Hope this helps.
No comments:
Post a Comment