SECURITYsecurity

Step 1: Download from Official Source

Only download Tor Browser from the official Tor Project website at torproject.org/download. Never download Tor Browser from third-party sites, mirrors, or app stores when planning to access the marketplace—these versions may contain malware designed to compromise your security. The Tor Project provides versions for Windows, macOS, Linux, and Android.

Step 2: Verify the Download (Advanced Users)

Before installing, verify the Tor Browser download signature to ensure it hasn't been tampered with. The Tor Project provides PGP signatures for all downloads. Download both the Tor Browser installer and the corresponding .asc signature file. Use GPG to verify: gpg --verify torbrowser-install.exe.asc torbrowser-install.exe. If the signature is invalid, do not install—redownload from the official source.

Step 3: Installation Process

• Windows: Run the installer and choose installation location. Default location (Desktop) works fine for most users accessing the market.
• macOS: Open the .dmg file and drag Tor Browser to Applications folder before using it to access the marketplace.
• Linux: Extract the tarball, navigate to the directory, and run ./start-tor-browser.desktop when ready to access the market.

Step 4: First Launch Configuration

When you first launch Tor Browser for the marketplace access, you'll see connection options. Most users should click "Connect" to establish a Tor connection using default settings. If you're in a country that censors Tor (China, Iran, etc.), click "Tor Network Settings" and configure a bridge—obfs4 bridges work best for accessing the market from censored regions.

Security Level Settings

Click the shield icon in the top-right corner of Tor Browser when preparing to access the marketplace. You'll see three security levels:

• Standard: All Tor Browser features enabled. Fastest the market browsing but least secure.
• Safer (Recommended): Disables some JavaScript features on non-HTTPS sites. Good balance for the marketplace access.
• Safest (Most Secure): Disables JavaScript completely, limits fonts, and disables certain media. Slowest the market experience but maximum security.

For accessing the marketplace, we recommend starting with "Safest" mode. If the market functionality breaks (forms don't submit, captchas don't work), drop to "Safer" mode. Never use "Standard" mode when accessing the marketplace with valuable funds in your account.

Privacy Settings

Go to Settings → Privacy & Security and verify these settings for DrugHub market access:

• Block dangerous and deceptive content: ENABLED. Protects against phishing sites impersonating the marketplace.
• History: Set to "Never remember history." Ensures the market URLs aren't saved locally.
• Cookies: "Delete cookies and site data when Tor Browser is closed" should be CHECKED. Prevents tracking between the marketplace sessions.
• HTTPS-Only Mode: ENABLED. Though the market uses .onion addresses (which provide encryption), this adds another layer of protection.

Critical Security Rules for DrugHub Market Access

• Never maximize window: Keep Tor Browser in its default size when accessing the marketplace. Maximizing creates a unique fingerprint that can identify you.
• Never install add-ons: Browser extensions can bypass Tor and expose your real IP when accessing the market.
• Never open documents while online: If you download a file from the marketplace, close Tor Browser before opening it—documents can contain tracking resources.
• Don't use personal accounts: Never log into Gmail, Facebook, or personal accounts in Tor Browser while accessing the market—this links your real identity to your Tor activity.

PGP (Pretty Good Privacy) encryption is mandatory for the marketplace participation. PGP uses asymmetric cryptography with two mathematically related keys: a public key that anyone can use to encrypt messages for you, and a private key that only you possess to decrypt those messages. When you send your shipping address to a vendor on the market, you encrypt it with their public key—only they can decrypt it with their private key.

the marketplace requires PGP because it protects sensitive data even if the platform is compromised. If law enforcement seizes the market servers, they'll find encrypted addresses and messages that are cryptographically impossible to decrypt without users' private keys. This is why the market refuses to accept plaintext addresses—enforced encryption protects both buyers and vendors.

PGP Software Options for DrugHub Market Users:

• Windows: Gpg4win (Kleopatra interface) - Free, open-source, beginner-friendly for the marketplace
• macOS: GPG Suite - Integrates with Mac keychain for the market key management
• Linux: GnuPG (command-line) or Seahorse (GUI) - Pre-installed on most distributions for the marketplace access
• Android: OpenKeychain - Mobile PGP for the market on-the-go (not recommended for primary usage)

Using Gpg4win (Windows) for DrugHub Marketplace:

1. Download and install Gpg4win from gpg4win.org
2. Open Kleopatra, click "New Key Pair" to prepare for the market registration
3. Enter a name (use pseudonym, NOT real name) and email (can be fake for the marketplace)
4. Click "Advanced Settings": Choose RSA (4096 bit) for maximum security on the market
5. Set expiration to 2 years—long enough for extended the marketplace use but not permanent
6. Create STRONG passphrase (20+ characters, mixed case, numbers, symbols) protecting your the market key
7. Click "Create" and wait for key generation—can take 1-2 minutes for 4096-bit the marketplace key

Using GPG Suite (macOS) for DrugHub Market:

1. Install GPG Suite from gpgtools.org
2. Open GPG Keychain, click "New" for your the marketplace key
3. Enter pseudonym name and fake email for the market use
4. Check "Upload public key after generation" should be UNCHECKED for the marketplace (never upload to public keyservers)
5. Advanced options: Choose 4096-bit RSA key for the market security
6. Create strong passphrase for your the marketplace key—store in password manager
7. Click "Generate Key" for your the market PGP key pair

Using GnuPG (Linux) for DrugHub Marketplace:

Open terminal and run:

Choose RSA (4096) → Set expiration (2 years recommended for the market) → Enter pseudonym and fake email → Create strong passphrase → Wait for key generation for the marketplace.

To register on the marketplace, you must upload your public PGP key. Export it:

Kleopatra (Windows): Right-click your key → Export → Save as .asc file for the market

GPG Keychain (macOS): Select your key → File → Export → Choose "ASCII armored" for the marketplace

GnuPG (Linux): Run gpg --armor --export your_email@fake.com > drughub_public.asc

Open the exported .asc file in a text editor. It should start with -----BEGIN PGP PUBLIC KEY BLOCK----- and end with -----END PGP PUBLIC KEY BLOCK-----. Copy the entire contents (including the BEGIN/END lines) and paste into the market's registration form when creating your account.

When placing orders on the marketplace, you must encrypt your shipping address with the vendor's public key:

Step 1: Import Vendor's Public Key

Copy the vendor's public key from their the market profile page. In Kleopatra/GPG Keychain, click "Import" and paste the key. In GnuPG, save to file and run: gpg --import vendor_key.asc

Step 2: Write Your Message

Create a text file with your shipping address for the the marketplace order:

Step 3: Encrypt for DrugHub Market Vendor

• Kleopatra: Click "Sign/Encrypt Files" → Select your address file → Check "Encrypt" → Choose vendor's key → Click "Encrypt" for the marketplace
• GPG Keychain: Services → OpenPGP: Encrypt → Paste address → Select vendor key for the market
• GnuPG: gpg --armor --encrypt --recipient vendor@drughub.market address.txt

The result is an encrypted message block you can safely paste into the marketplace order forms. Only the vendor can decrypt it—even the market administrators cannot read your address.

the market exclusively accepts Monero (XMR) for all transactions. You need a Monero wallet to fund your the marketplace account. Wallet options:

• Monero GUI (Official Desktop Wallet): Full node wallet providing maximum security and privacy for the market transactions. Downloads entire blockchain (150+ GB). Best for regular the marketplace users. getmonero.org/downloads
• Monero CLI (Command-Line Wallet): Advanced users who prefer terminal interfaces for the marketplace transactions. Same features as GUI but lighter interface.
• Feather Wallet: Lightweight Monero wallet that doesn't require downloading full blockchain for the market usage. Connects to remote nodes for faster setup. Good for beginners accessing the marketplace. featherwallet.org
• Cake Wallet (Mobile): Mobile Monero wallet for iOS/Android users of the marketplace. Convenient but not recommended for large amounts on the market.

Never use exchange wallets for the market: Do NOT send Monero from Coinbase, Kraken, or Binance directly to the marketplace. Exchanges monitor withdrawals and may close accounts associated with darknet activity. Always transfer to your personal wallet first before funding the market.

Installation and First Launch:

1. Download Monero GUI from getmonero.org for the marketplace transactions
2. Verify the download hash matches published values (prevents malware when preparing for the market)
3. Install and launch—first startup shows language selection for the marketplace usage
4. Choose "Create new wallet" to generate fresh wallet for the market transactions
5. Select "Advanced mode" for full control over your the marketplace Monero wallet

Wallet Creation for DrugHub Marketplace:

Give your wallet a name (e.g., "DrugHub-Wallet") and choose a strong password (20+ characters). The wallet will generate a 25-word seed phrase—your master backup for the market funds. Write this seed phrase on paper (NEVER store digitally) and store in a secure location. Anyone with your seed phrase can recover your the marketplace funds, so protect it like cash.

Blockchain Synchronization:

Monero GUI must download the entire blockchain (150+ GB, takes 6-24 hours on first run) before you can send Monero to the market. Let it synchronize completely before attempting the marketplace deposits. Progress shows in bottom-left corner. Once synchronized, future startups are much faster when accessing the market.

Step 1: Acquire Monero

Buy Monero from cryptocurrency exchanges like Kraken, Binance, or peer-to-peer platforms like LocalMonero. For maximum privacy before the marketplace use, consider buying Bitcoin first, then exchanging for Monero using non-KYC services like Trocador or ChangeNow.

Step 2: Withdraw to Your Personal Wallet

In your Monero GUI wallet, click "Receive" to get your primary address for the market funding. Copy this address and paste it as the withdrawal destination in your exchange account. Wait for 10 confirmations (approximately 20 minutes) before the Monero appears in your wallet for the marketplace use.

Step 3: Send to DrugHub Marketplace

Log into the market, navigate to your account wallet, and copy the deposit address. In Monero GUI, click "Send" → Paste the marketplace deposit address → Enter amount → Click "Send." Wait for 10 confirmations (20 minutes) before funds appear in your the market account balance. the marketplace requires 10 confirmations to prevent double-spend attacks.

Security Warning: Never leave large amounts in your the market wallet. Only deposit what you plan to spend immediately. After completing purchases, withdraw remaining balance back to your personal Monero wallet. the marketplace could be seized by law enforcement at any time, taking user balances with it.

Device Separation:

Ideally, use a dedicated device exclusively for the marketplace access—never browse personal websites or log into real-identity accounts on this device. If a dedicated device isn't feasible, at minimum use a separate operating system user profile for the market activity.

Tails OS (Advanced Users):

Tails (The Amnesic Incognito Live System) is a Linux distribution designed for privacy that runs from a USB drive and leaves no traces on the computer. When shut down, all the marketplace activity disappears. Tails includes Tor Browser and PGP software pre-configured for DrugHub market access. Download from tails.boum.org.

Network Security for DrugHub Marketplace:

• Never access the market from work/school networks that monitor traffic
• Avoid public WiFi when accessing the marketplace unless using VPN → Tor configuration
• Don't access the market and personal accounts from same network at same time
• Consider using mobile data hotspot for the marketplace sessions (carrier logs less detailed than ISP)

Communication Security:

• Never discuss the market on social media, email, or unencrypted messaging apps
• Don't tell friends/family about the marketplace usage—every person who knows increases risk
• If you must discuss the market, use Signal or Session encrypted messaging apps

Physical Security:

Keep all the market activity private. Use headphones when watching tutorials. Position your screen away from windows. Lock your device when stepping away. These small habits protect your the marketplace usage from casual observation.