 How's it going guys? Today, we're going to be taking a look at the Darknet Opsic Bible 2023 edition or the Darknet Market Buyer's Bible 2023 edition, because I'm actually not too sure if this Bible is related to the one that I did a video about last year that was this post that was on Dread Darknet Opsic Bible 2022 edition. It doesn't look like this person has really made any new posts since then or they've just made a couple new posts since then and kind of went dark for about a year. So maybe this is a different thing in the about section. It doesn't mention that other user. So I'm guessing that these are two different guides, but this is pretty much the new guide that people who visit Dread and go to the Darknet markets, noobs, sub Dread are directed to. So we're going to go through it and I'm going to give you guys my thoughts on the different pieces. So let's start here with operating systems. So here they list Tails Hoonix and kind of Hoonix cubes as the highest tier operating system that you should use, which I agree. I mean Hoonix cubes is it might be a little bit more complicated for some people to use, especially if you're not familiar with virtual machines because that's really what cubes is. It's kind of a hypervisor OS where you're running a bunch of different virtual machines and you're separating your workflows and it makes it really, really easy to just contain all of your dark web activity into a single virtual machine. In fact, they literally have disposable Hoonix VMs that are perfect for that. And even if you were to get malware in one of those virtual machines, the only way you can really become a problem and compromise your Opset would be if it can escape the hypervisor, which in this case is going to be a Zen hypervisor, and then get to your host OS or your DOM zero and then make a DNS request or something like that to get your real IP address. So yeah, this is this is a really good setup, you know, using or even just using Tails. Just keep in mind with Tails. If you get malware installed to your system, it is possible for somebody to become the clearnet user and then make a DNS request over the clearnet like we saw with the case where the FBI caught Buster Hernandez. But even this can be potentially mitigated if you have something like a tour gateway. So it's possible to install custom firmware to certain routers like certain Netgear and I think ASUS there's a few different vendors. If you look up the specific model of your router on DD Wirt and I think Fresh Tomatoes is another open source firmware that you can install to your router. It's actually possible to turn it into a tour gateway. I'm pretty sure with both of those firmwares and just automatically route all the traffic for actually your entire network. I mean anything that connects to your router would have its traffic routed over tour, but that what is potentially a way that you could use Tails or really any type of Linux OS. And even if you were to get malware installed to the system as long as somebody doesn't take over your router, they're not going to be able to just make a DNS request or to ping something to get your true IP. So this is pretty good information here so far. And I don't think they mentioned the dead man switch option with Tails, but of course that's another benefit. Something else that I'll mention here because I don't think they really talk about hardware is you might also if you need to have a dead man switch setup. You might want to actually have that configured with the power cable or power button on a desktop. That way you can just power off the whole system. And then you basically have a distro agnostic dead man switch at that point as long as you know your distro is flushing your RAM and you've got your disk encrypted and everything like that. Alright, so let's move on to KeyPass XC. So this is obviously very important for storing secrets. And they mentioned here that you should use KeyPass XC to store your login details to market accounts and forums, cryptocurrency seeds and wallet passwords. You can put that in the notes section of KeyPass XC entries. That's actually the same thing that I do with my crypto wallets. And you can also put passwords for your PGP keys in there. Now KeyPass XC, I'm not sure, they probably do mention it in this but I'll just mention it here. It has three methods of authentication and it may be possible to add more with plugins. But by default, you know, playing KeyPass XC you can have a password, you can have a key file and you can have a hardware key like a UB key. And have all of that required to enter into KeyPass XC to actually be able to open up your database. Now one other thing that I'll mention, and I think this might be left out because I see them talking about persistence for Tails OS here. So if you were to use Cubes OS, which of course that's the highest level recommended system as long as you don't get filtered by it for dark web activity, you can actually create your KeyPass database inside of this virtual machine or inside of this cube called the Vault. And the Vault is a special virtual machine because it doesn't have network access and I'm also pretty sure that you can't have USB storage devices or other virtual machines connected to it by default. So it's isolated, like completely isolated from the internet. Of course you can copy over passwords, like I think it's like Ctrl Shift C and Ctrl Shift V to like copy, like basically have the clipboard get shared between virtual machines and then of course after you paste it clears off the clipboard. But that's another good way to use KeyPass XC is just in to keep your whole database offline because if you get malware on your system, then they might start to try like brute forcing it or they might just steal the encrypted database, most likely, and then they can start trying to brute force that on their machines and, you know, this is dark web market stuff we're talking about. So there might be some crazy Interpol quantum computer that's used to brute force your database. So yeah, it's just really good to make sure that that doesn't get obtained in the first place by essentially storing it in an offline virtual machine. Okay, so yeah, this is just going on about how to use KeyPass XC. So here we've got some instructions for PGP as well. So there's tons of guides for this on the internet and PGP is another one of those things that can be a bit of a hurdle for, well, people in general, but especially for people that want to start browsing around on the dark web and, you know, look at marketplaces and stuff because a lot of them require you to have PGP keys these days. So definitely read through this. I mean, it's it might be kind of complicated, but it's also pretty straightforward. So I'm sure that there's nothing I can really add on the PGP section. So let's look at cryptocurrencies now. And they have a really good recommendation here saying that when possible, you should stick with Monero always at the very least convert your Bitcoin to Monero. So when you're looking at markets and stuff like that, like, yeah, there's some that will say they accept Bitcoin or Ethereum, Litecoin, maybe even Dogecoin. But none of these are really private cryptocurrencies, or at least they don't have private blockchains. But Monero is private. So if you can convert, like if you have crypto already, if you've got, you know, Bitcoin or something like that, it would be a really good idea to first convert it into Monero than to try to use, like, Lightning Network, CoinJoin or all these different technologies that have kind of been added on top of Bitcoin to try to make it more private. Just use Monero when you've got privacy by default. Now, let's look at this converting section. So here, there's a few different places that they recommend for, like, sites where you can send them some Bitcoin or send them some Litecoin and then they'll send you some Monero in exchange and charge you usually a small fee like a couple percent or sometimes even less than 1% to swap it. Now, certain crypto swaps, like you can go into Bitcoin, you can go from Bitcoin into Monero through an atomic swap. So there's no reason to really go through an exchange or anything like that. You know, it's these cross-chain atomic swaps and, you know, again, more information is on this GitHub page if you want to learn more about that. But this is probably going to be the most private and I'm not sure if it's going to save you the most amount of money. I would think it would, but this is probably going to be the better way to swap between Bitcoin to Monero and also just when looking up atomic swaps, I actually saw that this GitHub page was listed first on DuckDuckGo and this lets you do Ethereum to Monero and it's currently in beta. So obviously use that at your own risk. Now, a couple other exchanges or exchange aggregators that I didn't see listed in the Bible that are worth mentioning are orange friend. That's what this is. So the idea behind orange friend is you can find different exchanges or different swap services to swap a whole bunch of different cryptocurrencies and you can find the one that's going to give you the best privacy, the best anonymity when doing the swap. So let's say that you have like .005 Bitcoin and you want to swap that all for Monero. We hit search and then here you can see the, well here you can see the amount. So this also give you an idea of fees and then you can also see their grade on KYC not.me. So we can see fixed float doesn't have a very good rating and there's a note here that they may freeze funds and require you to answer SOF questions for this transfer of Monero. So like let's try to find one that's a little bit better. AgoraDesk has a really good rating. They say that you need to create an account on AgoraDesk to complete the trade but an account creation might not be a very big deal if it's just an email, you know, if they're not asking for your phone number and they're not asking for ID, not too big a deal. Here Majestic Bank looks like a pretty good swap. I think that actually is mentioned here or actually no, it's not mentioned in converting. So you see this is a good reason to use these services first like Orange Friend because, you know, with Orange Friend I'm here on their hidden service. So, you know, that's one benefit of it. You don't have to use any JavaScript to do this. So you don't have to really leave any trail behind on Orange Friend to just get ideas for where you can do these swaps at. So yeah, there's a bunch of them like an infinity exchange or I think that's another one that's not listed. Yeah, I don't see it listed here. So tons and tons of good exchanges you can find here. And Trocador is another one except with Trocador you can actually do the entire swap through them. Well, they basically will do the swap for you like on your behalf. So again, let's say that I want to send 0.005 Bitcoin and I want to trade that for Monero. So I would do exchange here and it's going to find again all these different swap pairs and you're going to notice a lot of ones with Orange Friend as well. But the difference between Trocador and Orange Friend is Orange Friend just shows you the like they basically just give you a link to go to the exchange of site itself. Like if I go to infinity exchange or here, boom, now you're on a new site. But with Trocador, you're doing the whole thing on their side. So like if we wanted to, let's say we wanted to swap with, let's say we want to swap with fixed float. So for this, and then you would have to put a Monero address in here where you want to receive the Monero from since we're going from Bitcoin to Monero. And then they're going to give you an address to send your Bitcoin to and then once they get that, they'll do the swap for you. And then you're also going to go ahead and receive your funds and they've got insurances for certain swaps as well. So like you can see if you were to swap 0.005 Bitcoin, Trocador is going to ensure that swap 100%. So if the exchange decides that, hey, we want to take a picture of your driver's license and be a bunch of creeps and you don't want to do that. You can reject it and Trocador will reimburse you. And they actually go up pretty high. Like let's edit the transaction. Let's see if we can do like 0.05. So this is pretty sure over $1,000. Let's see, yeah, almost nine Monero, that's over $1,000 and still insured 100%. Let's see if we can break it. Let's do, well, let's just do 0.1 Bitcoin. That's like 2,700, I think. Okay, so now you see that the insurance drops to 60%. And then with others, you still are getting the 100% insurance with fixed flow. So you can make some pretty, I mean, you know, some people say this isn't big money, but I would consider this to be a pretty big swap, especially since there's no KYC with Trocador. So I mean, you could probably, like if you had a whole lot of Bitcoin that you wanted to swap, like let's say you had one whole Bitcoin, you want to swap into Monero, you could do this with 10 separate transactions through fixed flow, well through Trocador and then they go through fixed flow. If you're like super duper paranoid about something getting frozen, it would probably also be a good idea to do that because the larger of a swap that you do at one time, that's probably also going to increase the likelihood that you get hit with KYC. And local Monero, of course, is another option. I mean, that's probably the best option if you don't have cryptos already and you just want to buy some Monero with cash, find a vendor on local Monero, they even have ones that are willing to use PGP for all of your communications with them. So yeah, that would be a really good option for getting your Monero in the first place and then shopping wherever you want to or doing whatever you want with it. And now we get into shipping. So this is more specific to getting things from dark web markets and I don't know if I mentioned this already, but I don't encourage or condone doing anything illegal or any substance use. So here is just some information about how long do I have to wait and do I need to change my shipping address, stuff about your package being damaged, can you order to a university or dorm? So they make a good point here. Make sure you haven't signed away any of your rights, giving them permission to search your mail. So here in the United States, it's a felony for somebody else to open your mail. But if you have signed a waiver saying that somebody can do that, then all of a sudden they can snoop through your mail. And yeah, don't order to your workplace. I mean, that'd be dumb. Should I check tracking? So this is something that this is another mistake that some people make. I guess, I don't know, people that are fiending or whatever. And they're like, oh, where's my package? Where's my package? Which again, that's a good reason to seek help instead of trying to feed your addiction through TOR and other anonymous services. Because yeah, if you bought something and you're constantly checking your tracking, especially through a TOR IP address, that's probably going to be a red flag for UPS or whatever service you're entering tracking info into. So yeah, it would probably just be best with your marketplace to just chill as long as things have not gone outside of the warranty period. Don't go checking your tracking every single day. And then yeah, they talk about how to dispose of packaging. So when you've extracted the goods from your package, you'll have some left-over packaging material. It's best to throw it in your own trash to not incriminate yourself too much. It is recommended to either burn it or throw it away in a trash can. Oh, it's best. Yeah, best not to throw it in your own trash. Okay, I might have read that wrong. So yeah, this is actually something that's come out of, I'm not sure if it's DEA or FBI. One of those alphabet agencies talked about one of their main tactics for identifying people that buy and sell through hidden marketplaces is traces of packaging materials and stuff like that left behind. So yeah, once you get the package, destroy all packaging materials and it, yeah, they actually say it right here. Very common practice in drug investigation to collect and look through a suspect trash for evidence of drug law violations. So yeah, burn your trash or burn your packaging. And it may also be a good idea. I mean, this is more of a ultra paranoid thing, but if you think it is possible to put tracking devices in packages. So if you think something like that might be going on, what you can do is wrap a package in tinfoil or you could probably even use like one of those cooler bags that kind of have the foil lining on the inside of them. And that should disable the radios inside that are used for GPS or cellular or whatever to ping where the location of the package is. And then transport the package to like kind of a public slash private place. Like I've seen some people say that they like to take their packages to public bathrooms and like go in a stall, open it up in there and then that way if there is some tracking device and you know it's probably going to come with fake goods or like an empty box and it's just a tracking device, you can very quickly ditch the package and kind of get out of dodge. And especially if you've transported the package from like the post office or your home while it's wrapped in that tinfoil, it's kind of going to go offline hopefully and then sort of ping back up so hopefully you can get out of dodge before law enforcement show up to that public bathroom and you know trace back where the package is once it comes back online. Let's see stealth for shipping. Stealth is important to get your ordered product to your front door. It's mainly a vendor topic. The important difference between stealth and decoys is stealth is used to make the pack appear. Okay, so they don't really go into this because it's more of a vendor type deal. So now here they talk about some things that may happen if compromised. Oh well the job this is like talking about getting a place to mail it to. So this is like I guess getting stuff mailed to like vacant houses and stuff like that. Possibly a good idea if it's not if it's not illegal. Possibly not a good idea. So control delivery. So this is situations where law enforcement have compromised you and they're now like they know that you're getting something. And so they're making sure that you get it to your house and you know you sign for and everything like that. So yeah if you're getting control deliveries then there's probably been some mistakes already or potentially the person that you're buying things from might have just gotten compromised. And so they they know you know maybe he has a record of people who he sent mail to or you know if he has a return address on there. They can just figure it out that way. So here where they say how do you protect yourself? Unless you know what you're doing don't use a drop. So yeah this is the thing where like if you're using an address that's not yours or like if you're getting something that's delivered to your house where it's not your name on it that could actually be more suspicious. So it's one of those things where people might think that they're being clever by doing that stuff but you're potentially creating more problems for your house or create more problems for yourself. So yeah they say that one of the most important things to do if you suspect a control delivery is going to happen is to clean your house because they're going to raid your house. So you don't want to have other illegal things going on inside of the house that can you know actually get you in trouble. And you know now that I think about it you might actually have some plausible deniability if you're getting things delivered to your house and you're using your name. Because I don't know if this has ever actually happened but like you know how people used to swat people like if they lose a game on call of duty and they figure out what someone's address is and then they call the cops and like tell them that they just murdered their family. I'd imagine that something similar might also happen although it would take longer to get a reaction where somebody could if someone knows your address and they know your name they could go to a head marketplace use your address use your name. And for a very small fee get something illegal delivered to your house and then tip off law enforcement so that could be plausible deniability. If everything is set up you know with your name go into your address you could try to say that that happened you know. I don't know I'm not a lawyer but that's just something I kind of thought off the top of my head as a way to potentially have some plausible deniability with a control delivery. Alright so let's see harm reduction dark net markets I don't think really need to go over that this video is already in enough danger as it is. Let's look at the alternate communication methods so here we're talking about ways to have safe comms. So for email they say that it's a good idea to choose one that's been you know vetted by people on dread or something like that you know they don't really mention any specific providers but just some general guidelines. They should have an option for you to use tour so obviously they shouldn't filter tour exit nodes or they should even have their own hidden service that would be more ideal so you don't have to deal with exit nodes in the first place. They should not require to use JavaScript yeah there's no reason to have to use JavaScript in your email always use PGP to encrypt the mail that you send and make sure that your communication partner does the same. If you do this it almost doesn't really matter to a certain extent who your email provider is I mean don't go using Yahoo or Gmail just because you're for your dark web activity just because you're using PGP but. If you do this the contents of your messages can't be seen. Even by the mail provider and never give away information in the subject field don't say that you got you know 36 ounces fish scale on cut in your subject field because the subject field does not get encrypted. And then we've also got some guides for Jabber and XMPP this is actually the kind of newer and better settings. I guess I am app you know XMPP app and that's setting up Gajam with Oh memo I talked a little bit about it in one of my tales videos that I just did. Alright let's take a look at the miscellaneous information see what other stuff we have here. So JavaScript of course you want to keep that disabled. And they also I think they also go into the about config stuff if you wanted to do that. But I would say generally just setting your JavaScript here to safest is good enough. Offline version. Oh there's an offline version of the dark web market or dark net market Bible so you can just download that and then that way you can use it offline. Really good idea to for any like guides or stuff online related to the dark web that you might be reading on a regular basis is a good idea to download that. Both because it helps your opsec since you're not having to go and connect to an online service and rely on you know the internet and everything else not leaving a trail behind. But also on the dark web sites tend to go missing they tend to get DDoS to be down for long periods of time. This is a static site so I wouldn't worry too much about it but good idea just to download that Bible in case. And removing exit data from images yes very very important OK I mean don't be that guy that takes you know if you're trying to be a vendor don't be that guy. That takes a picture of your product with your spooky phone and you've got like geo tags and stuff on it I mean come on. That's that's like one of the most like face palm mistakes that you could possibly make as a dark web vendor or even as a person that's just shopping there on the dark web. So yeah I think that pretty much covers my coverage of this guide here this is actually a pretty good one not really too too much that I disagree with or that I really felt like I had to add to this so great job. Shaky beats and Thoughtbot and William Gibson on this dark net market Bible I hope you guys enjoyed this video if you did please like and share to hack the algorithm. Follow me on Odyssey have a great rest of your day.