SECURITYGUIDES

DrugHub step-by-step tutorials for DrugHub privacy and security tools

Tor Browser Setup Guide for DrugHub

What is Tor Browser?

Tor Browser routes your internet traffic through three encrypted relays before reaching the destination. This prevents any single point from knowing both who you are and what you're accessing. The browser also standardizes your fingerprint so all Tor users look identical to websites.

Step 1: Download Tor Browser

  1. Visit the official Tor Project website at torproject.org/download
  2. Select your operating system (Windows, macOS, or Linux)
  3. Verify the download signature using the provided .asc file
  4. Never download Tor Browser from third-party websites

Step 2: Verify the Download

DrugHub verification ensures you received the authentic software without tampering. Import the Tor Browser Developers signing key and verify the .asc signature matches your downloaded file. The Tor Project website provides detailed verification instructions for each operating system when preparing for DrugHub.

Step 3: Install and Configure

  1. Run the installer or extract the archive to a folder you control
  2. Launch Tor Browser and wait for connection to the Tor network
  3. If direct connection fails, configure bridges using the Connect screen
  4. Open the DrugHub Security Settings (shield icon) and set to "Safest"

Step 4: DrugHub Security Settings Explained

Standard: JavaScript enabled, all features work. Lowest security.

Safer: JavaScript disabled on non-HTTPS sites. Some features restricted.

Safest: JavaScript disabled everywhere. Maximum protection for DrugHub. Recommended for DrugHub access.

Important DrugHub Usage Rules

  • Never install browser extensions or plugins
  • Do not resize the browser window (fingerprinting risk)
  • Avoid downloading files while connected to DrugHub or similar sites
  • Use New Identity feature between different activities
  • Never log into personal accounts while using Tor for DrugHub activities

PGP Encryption for DrugHub

Understanding PGP

PGP (Pretty Good Privacy) uses asymmetric cryptography for DrugHub communication. You generate a keypair: a public key that others use to encrypt messages to you, and a private key that only you possess to decrypt them. Anyone can send you encrypted messages, but only you can read them. This technology has protected sensitive communications for over thirty years and remains unbroken when used correctly.

Step 1: Install GnuPG

Windows: Download Gpg4win from gpg4win.org

macOS: Install GPG Suite from gpgtools.org or use Homebrew

Linux: Usually pre-installed. If not: apt install gnupg

Tails: GnuPG is pre-installed and integrated

Step 2: Generate Your Keypair

Open a terminal and run: gpg --full-generate-key

  1. Select RSA and RSA (option 1)
  2. Choose 4096 bits for key size
  3. Set expiration to 2 years maximum
  4. Enter a pseudonym (never your real name)
  5. Use a dedicated email address or leave blank
  6. Create a strong passphrase and store it securely

Step 3: Export Your Public Key

Share your public key so others can send you encrypted messages:

gpg --armor --export "Your Key Name" > my_public_key.asc

This creates a text file containing your public key block. Share this key in your DrugHub profile or send it directly to contacts.

Step 4: Import Someone's Public Key

Before sending encrypted messages on DrugHub or similar platforms, messages, import the recipient's public key:

gpg --import their_public_key.asc

Step 5: Encrypt a Message

Create a text file with your message, then encrypt it:

gpg --armor --encrypt --recipient "Their Key Name" message.txt

This creates message.txt.asc containing the encrypted message. Send the entire text block including the BEGIN and END lines.

Step 6: Decrypt a Message

Save the encrypted message block to a file and decrypt:

gpg --decrypt encrypted_message.asc

Enter your passphrase when prompted. The decrypted message appears in the terminal.

DrugHub Key Security Rules

  • Never share your DrugHub private key with anyone
  • Use a strong, unique passphrase
  • Back up your DrugHub private key in a secure location
  • Verify key fingerprints through multiple channels
  • Set key expiration and renew when needed

Monero Wallet Guide for DrugHub

Why Monero?

Monero (XMR) provides transaction privacy by default. Ring signatures hide the sender, stealth addresses hide the receiver, and RingCT hides the amount. Unlike Bitcoin where all transactions are publicly visible, Monero transactions cannot be traced or linked.

Option 1: Official Monero GUI Wallet

  1. Download from getmonero.org/downloads
  2. Verify the download using provided hashes
  3. Choose "Simple mode" for remote node or "Advanced mode" for local node
  4. Write down your 25-word seed phrase on paper
  5. Store the seed phrase in a secure physical location

Option 2: Feather Wallet

Feather offers a lightweight alternative with built-in Tor support. Download from featherwallet.org. The interface is more streamlined and works well with Tails and Whonix.

Option 3: Cake Wallet (Mobile)

For mobile use, Cake Wallet provides a convenient option. Available on iOS and Android. Includes built-in exchange functionality for converting between cryptocurrencies.

Receiving Monero

Generate a new subaddress for each transaction. This prevents linking between payments. In the GUI wallet, go to Receive and click "Create new address" for each sender.

Sending Monero

  1. Go to the Send tab and enter the recipient's address
  2. Enter the amount (check current XMR price)
  3. Use default fee unless speed is urgent
  4. Confirm transaction details before sending
  5. Wait for at least 10 confirmations before considering complete

Acquiring Monero Privately

LocalMonero: Peer-to-peer trades with various payment methods. No KYC required.

Atomic Swaps: Exchange BTC for XMR without intermediaries using tools like UnstoppableSwap.

Mining: Generate XMR directly using your computer. Slow but maximally private.

Security Practices

  • Never store large amounts in hot wallets
  • Consider hardware wallet for significant holdings
  • Keep seed phrase offline, never digital
  • Use subaddresses to prevent payment linking
  • Wait for sufficient confirmations before trusting receipt

DrugHub OPSEC Guide

What is OPSEC?

Operational security means protecting sensitive information through careful practices. Technical tools provide protection, but human mistakes remain the primary vulnerability. Good OPSEC requires consistent discipline across all activities. Even perfect technical security fails if careless behavior exposes your identity.

Identity Separation

Create complete separation between your real identity and any sensitive online activity:

  • Never use real names, addresses, or personal details
  • Create unique usernames unrelated to your other accounts
  • Develop a consistent but different writing style
  • Avoid time-zone reveals through activity patterns
  • Never discuss identifiable hobbies or experiences

Device Security

Use dedicated hardware for DrugHub activities:

  • Ideal: Separate computer used only for Tails/Whonix
  • Minimum: Virtual machine on a personal computer
  • Never mix sensitive and personal use on the same device
  • Encrypt all drives with strong passwords
  • Disable cameras and microphones when not in use

Network Security

Home Network: Acceptable for Tor use but links your ISP account to Tor usage (not content).

Public WiFi: Adds a layer of separation but cameras may identify you.

Mobile Data: Burner phone with cash-purchased SIM provides good separation.

VPN + Tor: Generally unnecessary. Adds complexity without clear security benefit.

Communication Rules

  • Always encrypt sensitive messages with PGP
  • Verify recipient keys through multiple sources
  • Never discuss sensitive topics outside encrypted channels
  • Assume all platforms log messages indefinitely
  • Delete messages when no longer needed

Physical Security

Technical security means nothing if physical evidence exists:

  • Receive packages at addresses not linked to you
  • Never discuss activities with anyone
  • Store seed phrases and passwords securely offline
  • Be aware of cameras and tracking in your environment
  • Clean or destroy evidence when appropriate

Common Mistakes to Avoid

  • Reusing usernames: Makes linking identities trivial
  • Consistent timing: Reveals your timezone and schedule
  • Writing style: Stylometry can identify you across accounts
  • Sharing screenshots: May contain metadata or identifying details
  • Discussing personal life: Creates a profile that can identify you
  • Trusting VPNs for anonymity: VPNs do not provide anonymity
  • Ignoring updates: Outdated software has known vulnerabilities

Tails OS Quick Start

What is Tails?

Tails is a portable operating system that boots from a USB drive and leaves no trace on the host computer. All network traffic is automatically routed through Tor. When you shut down, all data is wiped from RAM. For DrugHub activities, Tails provides the strongest protection available to regular users.

Requirements

  • USB stick with at least 8GB capacity (16GB recommended)
  • Computer with 64-bit processor (most from 2010+)
  • At least 2GB RAM (4GB for comfortable use)
  • Ability to boot from USB (check BIOS settings)

Creating Tails USB

  1. Download Tails from tails.net
  2. Verify the download using the verification extension
  3. Use Etcher or the Tails Installer to write the image
  4. Restart your computer and boot from the USB
  5. Access the boot menu using F12, F2, or Esc (varies by manufacturer)

First Boot Configuration

When Tails starts, you'll see the Welcome Screen. Configure these settings:

  • Set an administration password if you need to install software
  • Configure MAC address spoofing (recommended: leave enabled)
  • Connect to network after the Welcome Screen
  • Wait for Tor connection before starting sensitive work

Persistent Storage

Tails can save encrypted data between sessions using Persistent Storage:

  1. Go to Applications → Tails → Persistent Storage
  2. Create a strong passphrase (this protects your saved data)
  3. Select which types of data to persist (PGP keys, wallets, etc.)
  4. Persistent data survives reboots but stays encrypted

Pre-installed Applications

Tor Browser: For all web browsing (pre-configured)

Thunderbird: Email client with PGP integration

KeePassXC: Password manager

Electrum: Bitcoin wallet (for Bitcoin transactions)

OnionShare: Anonymous file sharing

GIMP/LibreOffice: Document editing with metadata removal

Using Monero on Tails

Tails doesn't include Monero by default. Install Feather Wallet:

  1. Download Feather AppImage from official website
  2. Save to Persistent Storage
  3. Make executable: Right-click → Properties → Allow executing
  4. Run the AppImage each session
  5. Wallet data should be stored in Persistent Storage

Link Verification Protocol

Why Verification Matters

Phishing attacks account for more losses than any other attack vector. Attackers create perfect replicas of marketplace interfaces that capture login credentials. Once compromised, your account funds and identity are at risk. Always verify links before use.

Verification Methods

  1. PGP Signed Messages: Check Dread forum for admin-signed link announcements
  2. Multiple Sources: Verify the same link appears on multiple trusted directories
  3. Bookmark Method: After verification, bookmark the link and only use the bookmark
  4. Mirror Rotation: When mirrors change, re-verify through trusted channels

Red Flags

  • Links shared in public chat rooms or forums without verification
  • Slightly different onion addresses (one character difference)
  • Requests to enter credentials on unfamiliar pages
  • Sites claiming special access or deals not announced officially

After Phishing Exposure

If you suspect you entered credentials on a phishing site:

  • Immediately change your password on the real site
  • Generate a new PGP keypair if your old one was compromised
  • Move any funds to a new wallet
  • Report the phishing site to the marketplace and community

Quick Navigation

Tor Setup PGP Tutorial Tails OS Link Verification Monero Guide OPSEC Basics

Troubleshooting Common Issues

Tor Browser won't connect

Try these solutions: Check your internet connection works normally. Your ISP might block Tor - configure bridges in the connection settings. Some networks block specific ports - try using obfs4 bridges. Restart the browser and try again.

PGP decryption fails

Common causes include wrong passphrase entry, corrupted message text (missing characters), or attempting to decrypt with wrong key. Ensure the entire message block including headers is copied correctly. Check that you have the correct private key for the encrypted message.

Monero wallet won't sync

Remote nodes can be slow or unavailable. Try connecting to a different node from the node list. If using a local node, ensure the daemon is running and fully synced. Check firewall settings aren't blocking the connection.

Tails boot problems

Access BIOS/UEFI settings and disable Secure Boot if enabled. Ensure USB boot is enabled and set as primary boot device. Try a different USB port. Verify the Tails image was written correctly using verification tools.

Persistent Storage not appearing

You must unlock Persistent Storage on the Welcome Screen before starting. Enter your passphrase correctly. If you forgot the passphrase, the data is unrecoverable by design. Create new Persistent Storage if needed.

Additional Learning Resources

Ready to Get Started?

Once you've completed the security setup, access the marketplace through verified links.

Take your time with each step. Security mistakes cannot always be undone. Practice with test messages and small transactions before handling anything sensitive. Bookmark verified links and develop consistent habits.

Access Links Recommended Tools