Operational Security Protocols

The foundation of all operational security is the absolute separation of your clearnet (real-life) identity from your Tor identity. Cross-contamination is the leading cause of deanonymization.

• Zero Reuse: Never reuse usernames, passwords, or PINs from clearnet websites on MarsMarket. Your credentials must be randomly generated and unique to the darknet.
• Alias Integrity: Do not use monikers that reference personal hobbies, birth years, or geographical locations.
• Information Blackout: Never give out personal contact info, email addresses, or clearnet messaging handles (e.g., Telegram, Discord) over Tor.

Man-in-the-Middle (MitM) attacks are prevalent. Malicious actors setup proxy networks that look identical to the real market, functioning merely to intercept your credentials and alter financial addresses during transit.

Mandatory Rule: Verifying the PGP signature of the onion link is the ONLY objective way to ensure you are communicating with legitimate architecture.

• Obtain the official public PGP key from a trusted, historically archived source.
• Use offline software (like Kleopatra or GPG) to verify the signed market message containing the mirror links.
• Never trust links from random wikis, unstructured forums, or clearnet social networks like Reddit.

The standard Tor Browser bundle provides strong anonymity, but default settings leave vectors open for exploitation via malicious scripts or browser fingerprinting.

• Security Level: Always set the Tor Browser security slider to "Safer" or "Safest". This disables dangerous web features and prevents unauthorized code execution.
• NoScript: Ensure JavaScript is globally disabled using the integrated NoScript extension wherever structurally possible.
• Window Size: Never resize the Tor Browser window. Maximizing the window exposes your exact monitor resolution, creating a unique data point used for window fingerprinting protection mechanisms.

Blockchain forensics are sophisticated. Directly linking regulated exchange accounts to darknet infrastructure will result in immediate account termination and regulatory flagging.

• No Direct Transfers: Never send cryptocurrency directly from a centralized exchange (e.g., Coinbase, Binance, Kraken) to MarsMarket.
• Intermediary Wallets: Funds must first pass through a non-custodial, local personal wallet (such as Electrum for BTC, or the official Monero GUI wallet).
• Currency Choice: It is highly recommended to utilize Monero (XMR) over Bitcoin (BTC). XMR provides protocol-level privacy via ring signatures and stealth addresses, completely obfuscating the sender, receiver, and amount.

"If you don't encrypt, you don't care."

Relying on server-side infrastructure to protect your most sensitive data is a critical failure. If a market server is seized or compromised, unencrypted data becomes instantly accessible to hostile entities.

• Client-Side Only: All sensitive text (such as shipping addresses or personal instructions) must be encrypted client-side on your own machine using the vendor's public PGP key.
• No Auto-Encrypt: Never use the 'Auto-Encrypt' checkbox offered on marketplace interfaces. This relies on the server to perform the encryption, transmitting your plaintext data over the Tor network.
• 2FA Enforcement: Always enable 2FA (Two-Factor Authentication) using your own PGP key. This ensures that even if your password is intercepted, the account cannot be accessed without the ability to decrypt your locally hosted private key.