Is my vendor friend safe?

He connects to tor via tails and connects to his home wifi. Could he be traced possibly?

He orders envelopes from usps supplies in his own name. Bought a ton of shit like mylar/ vac seal with his amazon (worst mistake I can tell) but I guess it could be argued that they are for other uses.

He said he uses stampnik to print labels and pays with bitcoin.

He wants to employ me. His IRL opsec is good, but I dont know much about tech stuff. Is this setup ok for a small vendor sending maybe 100 packs out a week? I need to know the operation is a safe one. Thanks


Comments


[9 Points] baconisnotameat:

Burn your mate move to belize


[7 Points] vendor_question:

coming from a small/mid sized vendor, his OPSEC sounds pretty terrible. it's probably safe enough for day to day operations but I guarantee if anybody actually tried to catch him, he'd get caught.

he couldn't be traced per se, but if a pack gets seized and an investigation arises, they could subpoena major ISPs, then cross reference the tor usage records from the time period from which the seized pack's lable was generated with those obtained from ISPs. seeing as your buddy likely does it every single day, maybe even multiple times, he'll stick out like a sore thumb.

again, buying mylar/vac seal off Amazon won't be the thing that gets you caught. but when theyre already investigating you and they subpoena your amazon account, repeated orders of mylar and vac seal will be a pretty good indication they have the right guy. if they placed an order, could even match the appearance, size, and chemical composition of the vac seal/mylar from the pack to those purchased from his amazon account. he's probably buying bubble mailers from here too, which is even worse.

using btc to pay labels is fine, provided the BTC are adequtely tumbled/mixed (which based on the rest, I doubt your buddy is doing properly if at all). when not done properly, BTC becomes a forever publicly available record of your misdoings. THIS IS VERY IMPORTANT. I assure that as time goes on, more and more vendors will be nabbed via blockchain analysis

ordering supplies from USPS is another terrible decision. do you understand who will be tasked with investigating him, assuming it happens? USPIS. they won't even have to subpoena anyone to obtain these records, it's literally IN HOUSE. if you absolutely positively must source packaging materials/stamps/label400 this way, do it to somebody with a diffrent last name, in a diffrent state. I've also always had a suspicion that USPS has the ability to match serial # or other unique info on packages to the person who bought it (assuming it was purchased online).

my suggestions:

buy an antenna (yagi or parabolic if you got the space/other wifi networks nearby you can crack or borrow). also buy a router with openwrt to plug into actual router, so that all traffic can be routed with VPN through here. then use some combination of layered VPNs + cracked wifis + public wifis to do your DNM stuff. cycle through what you use as to avoid leaving an easily picked out footprint.

alternatively run tails inside a virtual machine. route host OS through VPN so ISP cannot see you are using tor.

stop buying shit off amazon. same for ebay. plenty of places other than these 2 to get what you need.


[5 Points] None:

He wants to employ me. His IRL opsec is good, but I dont know much about tech stuff.

Aside from it being painfully obvious that you are talking about yourself, this seems like a pretty solid setup.

Bought a ton of shit like mylar/ vac seal with his amazon

Amazon gift card + drop?


[2 Points] DWconnoisseur:

Packaging stuff -> try to get it IRL with cash. Far from your neighbourhood.
Sending opsec -> if you're the guy that's going to do the drops to PO, be sure to read everything in this sub about the ideal logistics. This is the trickiest part mate, don't get fucked over....
You guys seem good to go regarding Tails -> be sure to backup every pgp/vendor account details in a safe place OUTSIDE Tails, so many fuck ups in this sub about lost pgp keys...
And above all : know how to cash out your BTC smartly.
Happy vending :>


[1 Points] My_s3cr3t:

Check out the Vendor Bible, some good info there: https://www.reddit.com/r/darknetmarketsnoobs/wiki/bible/vendor


[0 Points] Hairybristols:

I don't think many vendors have much better security and it sounds pretty safe to me.