Operational Security & OpSec

Your darknet identity must be completely separate from your real life. This is the first rule of OpSec on TorZon.

• Zero Overlap: Never use usernames, passwords, or handles that you have used on the clearweb (Reddit, email, forums).
• Clean Hardware: Use a dedicated OS like Tails or Whonix. Never access TorZon from a work computer or public library.
• No Social Leaks: Never discuss your vendor purchases or account details with friends IRL or on unencrypted chats.

Phishing sites are the #1 threat. They look exactly like TorZon but steal your credentials and deposits.

• PGP Verification: Always verify the onion URL against the PGP-signed message found on the landing page.
• Trusted Sources: Only get links from official rotators or trusted directories like this one. Avoid "Hidden Wiki" style link lists.
• Bookmark: Once you verify a working mirror, bookmark it in Tor Browser. Don't search for it on Google or DuckDuckGo.

Technical settings and financial hygiene prevent correlation attacks and IP leaks.

• Disable JavaScript: Set Tor Browser Security Level to "Safest". JavaScript can be used to deanonymize you.
• NO Direct Exchange Deposits: NEVER send crypto directly from Coinbase/Binance to TorZon. You will be banned and tracked.
• Use Intermediary Wallets: Exchange -> Personal Wallet (Monero GUI/Electrum) -> TorZon Market. Always use Monero (XMR) for best privacy.

PGP (Pretty Good Privacy) is mandatory. Without it, your shipping address is visible to anyone intercepting the server.

• Encrypt Everything: Always encrypt your shipping address with the Vendor's PGP Public Key before sending.
• Enable 2FA: Activate PGP 2-Factor Authentication in your TorZon settings. This stops anyone from logging in even if they steal your password.
• Software: Use Kleopatra (Windows/Linux) or GPG Suite (macOS) to manage your keys.