I'm thinking about becoming a vendor and I want Opsec input.
burner laptop > remove hdd > boot ubuntu usb (encrypted) > vmware > whonix
I've posted before about printing labels but I still don't know how it's possible with this setup. by setup I mean whonix and printing from inside the VM. Any suggestions?
Also, any recommendations for a cheap laptop that is more efficient? ty
so far so good.
that is where you make it more complicated than it has to be. you would practically run 3 computers on one laptop [ubuntu as host os, whonix workstation and whonix gateway]. if you really want to use this setup you will have to spend more money because a cheap burner laptop will not have enough power.
the label printing should not be a big issue because it is fairly easy to set up a printer for a vm [e.g. https://pubs.vmware.com/workstation-9/topic/com.vmware.ws.using.doc/GUID-16FBB720-2D65-40C9-989C-6809629BAABB.html]. just search for 'print from <your vm software here>' and you should get some guides on how to do it.
however you could just use tails which will have some benefits over your described setup: you can use a cheaper laptop, setting it up and booting it every time does not take as long and you can print directly from the os.
if you have little knowledge about it search online for some average priced office laptops [maybe around 300 bucks] to get some basic information what specs they have. then go in a hardware store and buy your laptop with cash.
this part is important because you should avoid ordering things you use for vending online whenever possible [every click and order you make will be stored forever]. you probably will pay a little more if you buy it in a store but every step you take to make law enforcements life harder will pay out in the long run. better spend a few bucks now and not having to worry about that part of your opsec in the future.
the extra money you spend now will be nothing compared to the amounts you get if you vend properly. you can not buy opsec retroactively, so better invest some bucks now than ruining your future later.
edit:
however vending is about much more than having a good computer setup. recently someone messaged me for some vendor tips and since the topic is kinda relevant I will post some parts of my reply here [it is just an unordered and incomplete list of things a vendor should take care of]:
can give some some advice but keep in mind that you need additional resources to be a successful vendor. that means lurk on the r/darknetmarkets sub and read all the posts about vendors [there are occasionally posts about how they operate and giving tips], research police tactics, look up arrests of other vendors [especially the ones in your country and/or selling the same products as you, a good resource example for this is https://www.gwern.net/Black-market%20arrests ], . . .
so now some advice [I will not explain everything in detail to save some time], packaging:
the location where you store the product, package it the first time and package it the second time has to be different. so you have three different locations, for example you store the majority of your product hidden in the woods so when law enforcement decides to visit you they do not find it laying around your house.
the location for packaging it the first time [like vac sealing weed] and the second one [putting it into a MBB] should be different because you do not want to get the outside of the packaging material to get in touch with the product [different rooms are also alright]. if the outside is contaminated [because you did all the packaging in the same room where the product lays around] dogs will far more likely hit on the package.
you should wipe the vac sealed bag and the MBB with alcohol [so the first wipe after you vac sealed the product and the second time after you put it into the MBB] to reduce the smell and remove traces.
wear clothing with long sleeves and gloves [not latex, they are too thin] to not leave fingerprints or dna.
for the package itself you should aim to keep it like every other package. that means that it should not give any reason for anyone to inspect it further [like excessive postage]. there was a nice [internal] info graphic from USPS posted in this sub a while ago which lined out all the red flags which you should avoid.
use a real return address which is located near the post office from where you sent it. bonus points if the owner of the return address is less likely to report the drugs he might receive to the police [because he lives in a socially difficult environment of the town and rather keeps quiet and sells the drugs himself]. never use a business as a return address [short RA], they will report every drugs they receive.
switch the RA you use frequently [the more often the better]. do not keep one address longer than about three weeks.
do not hand write the receiving address or return address [print it with a label printer or something], this is also a point in the USPS info graphic.
shipping:
do not use vehicles or items that can be tied to your identity for dropping of packages. that means do not drive with your car to the post office, do not take your smartphone, smartwatch or any other electronic devices with you, . . .
dress properly when you drop off packages. do not look like the shady neighbourhood dealer. it will come in handy when law enforcement watches the post offices.
find a strategic shipping route. that means do not draw a circle around your house and drop off packages in this circle. the farther you drop your packages off the better. bonus points if you pick another bigger city and drop packages off there so law enforcement think you are probably operating from there.
some general tips:
switch vendor accounts every 6 to 12 months. seriously. this is one of the most important points. many vendors fall because they just continue to use only one alias and therefore law enforcement has all the time to start a nice big investigation. it is a pain in the ass to start all over with zero feedback but it keeps your ass out of jail.
if you create a new vendor account change basically everything you currently do with your current account [stealth, return address, writing style, shipping route, time when you log in, . . .]. you do not want law enforcement to connect your different accounts.
do not create the new vendor account at the same time you retire with your old one. switch it up, for example one time you take a month break between closing your current account and opening the new account. the other time you run two different accounts for about two weeks and then retire with the old one while continue with the newer one.
also do not scam. you already have law enforcement hunting you so that last thing you need is angry customers who know details about your packaging, stealth, . . .
search for a competent lawyer, who has experience with drug cases, before you start vending and write down his number. carry it with you at all times.
keep in mind that there are many more things to consider to be a successful vendor.