It's next-to-impossible to find usable opsec guides out there, given most of the discussion tends to happen in high end use cases and focus on mainly the most advanced setups.
I am concerned this creates unintended consequences whereby users cannot discern practical advice from theoretical best practices and thus disguard advice entirely. (sure, let's buy off the clearnet! x_x)
I've had a go at putting together a first draft for 'go-to' advice about levels of security based on typical buyer profiles and operation sizes. I've not provided detailed links and citations on every element at this stage, but a final version would be fully referenced.
Thoughts?
Personal market buyer | Small scale reseller | Medium scale vendor | Market operator or large vendor | |
---|---|---|---|---|
Browser | Tor browser bundle | Tor browser bundle | Any FOSS browser with a Tor proxy | Any FOSS browser with a Tor proxy |
Network | Optional VPN | Recommended VPN | Tor isolating proxy and VPN | Tor isolating proxy and VPN, administration-only servers |
Operating system | Any | Tails or Whonix/Qubes OS | Tails or Whonix/Qubes OS | Tails, separate machine |
Comms | Recommended PGP | Mandatory PGP | Mandatory PGP, secure email service | Mandatory PGP, secure email service |
Payments | Via online local bitcoins or tumbler | Via online local bitcoins or tumbler | Via in-person local bitcoins or through mules | Via in-person local bitcoins or through mules |
Once on pcp, I wrote a manual called building empires for dummies.
This is a much much better version of that.
=)