Operational Security

Security & OpSec Protocols

The integrity of the TorZon network relies on strict adherence to operational security standards. This guide details the mandatory protocols for PGP verification, identity isolation, and phishing defense.

Threat Level

Phishing: CRITICAL

MITM Attacks: HIGH

Zero Trust Architecture

Assume every link is a phishing attempt until proven otherwise. TorZon Market Access mirrors must be cryptographically verified using PGP. Never input credentials or private keys into a website without verifying the onion address signature first.

1 PGP Encryption (The Golden Rule)

Pretty Good Privacy (PGP) is not optional. It is the only barrier between your data and interception. "If you don't encrypt, you don't care."

Client-Side Only: Never use "Auto-Encrypt" checkboxes on market websites. The server can see the plaintext before encrypting it. Always encrypt messages on your own device using tools like Kleopatra (Windows/Linux) or GPG Suite (macOS).
2FA is Mandatory: Enable PGP 2-Factor Authentication immediately upon account creation. This prevents account takeover even if your password is phished.
Verify Signatures: Authenticate the market's signed messages to ensure you are not on a phishing mirror.

Example: Verification Command Terminal

gpg --verify torzon-message.asc torzon-key.asc

2 Phishing Defense & Verification

Phishing sites are exact visual replicas of the real TorZon market, designed to steal your login credentials. They often appear as "Sponsored" links on darknet search engines or are posted on unverified wikis.

❌ Dangerous Sources

• Hidden Wiki (Unverified versions)
• Reddit / Dread PMs
• Telegram Groups
• Clearweb "Darknet Link" lists

✅ Safe Verification

• Verify PGP Signed Message
• Cross-reference Daunt.link
• Check TorZon /about page PGP
• Use bookmark manager

Man-in-the-Middle (MITM): Sophisticated phishing sites will proxy your traffic to the real site, capturing your password in real-time. The only detection method is checking that the .onion URL matches the signed list exactly.

3 Financial Hygiene

Cryptocurrency Isolation

Never send cryptocurrency directly from a centralized exchange (Coinbase, Binance, Kraken) to a market wallet. Exchanges perform blockchain analysis and will ban accounts associated with darknet entities.

Exchange Personal Wallet Market Wallet

Monero (XMR) Superiority

Bitcoin (BTC) is a public ledger; every transaction is traceable. TorZon recommends using Monero (XMR) due to its inherent privacy features (Ring Signatures, Stealth Addresses) which make transaction tracing mathematically infeasible.

Tor Browser Hardening

Security Level

Standard Safer Safest

Set to "Safer" or "Safest" to disable non-essential scripts.

Window Size

DO NOT RESIZE the Tor Browser window. Maximizing the window creates a unique fingerprint based on your screen resolution.

JavaScript

Disable JavaScript globally via NoScript if the site functionality permits.

Identity Isolation

Never reuse passwords from the clearweb.
Do not use a username linked to other social profiles.
Never communicate outside of the market (e.g., via Email/Discord).

Navigation

View Verified Mirrors → Read FAQ & Stats → New User Tutorial →