Important tips for using markets NEVER let the market encrypt sensitive data (such as your address) for you. Always encrypt it yourself. The market can always store the plaintext version of your message, and send an encrypted one to the vendor. That way you both think it was encrypted while the market still has the original and unencrypted message. Also if the market gets taken over by law enforcement, they will store the plaintext versions of the messages that the users sent using the ‘PGP encrypt’ checkbox to harvest addresses. But they will still send the encrypted ones to the vendor to not make anyone suspicious. Use 2 Factor Authentication (2FA). It means you will have to decrypt a PGP message that was encrypted with your public key every time you log in, in addition to your username and password. Using 2 FA will greatly improve your chances of success when contacting the support of the market because you lost some funds for example (since 2FA makes it much harder for unauthorized persons to break into your account they will not just say that you got phished and close your ticket). To set up 2FA, go to your DNM account settings and look for an option to enable 2FA. Upload your public PGP key first in the settings first if you have not done it already. Here is how to create a secure PGP key. Found a link on the hidden wiki or similar sites? It is very likely that they are a scam. Never use a market that requires javascript. Read about why here Never leave more bitcoins on a market than necessary. Ideally you should only transfer the necessary amount to the market if you also ready to make the purchase right after they have arrived in your market wallet. Leaving funds in your market wallet is too risky since the market can steal them at any given time. Make sure to never tell anybody about your DNM activities. This can not be emphasized enough. Never use the same username, password, PIN or PGP key-pair on more than one market. If an attacker or even rogue market staff gains access to your account on one market, he could easily break into the other ones as well and do even more damage (like stealing your coins or deleting your account). Do not use identifying usernames or passwords. That means your username should give no clue about who you really are, e.g. do not include your birth year in your username. Never use privnote or similar services that claim to offer self-destructing messages. Absolutely nothing prevents such services from storing your message even after it was ‘officially’ destroyed. On top of that they also require JavaScript, which is a huge no-go. Just encrypt your messages with PGP like every other market user and send them using the internal market messaging system. Also avoid vendors that use privnote or similar services. Do not check tracking at all, unless a substantial or abnormal amount of time has passed without delivery. You will only leave traces when doing so but will not make it arrive faster. For more details visit the non arriving packages chapter. If you absolutely have to check it (which should never be the case), do not use Tor to do it. It will be a huge red flag and law enforcement already knows about DNM users checking their packages over Tor. Instead use a third party website if possible, so not the one of your mail carrier but a website which checks the tracking for you.Examples are TrackingEx and PackageMapping. Also do not use your own WiFi for checking the tracking number. Use one that is not tied to your identity (e.g. a cafe) or use a VPN and choose a server that is in the same country as you (to not raise any red flags). Do not just order from the biggest vendor(s) on the market simply because of the size of their operation or because they pay for ads on a DNM or other site. Often there are smaller vendors with who offer a better product with a better customer service. Do you not know if it is a lower case L or upper case i in a captcha? It is almost always a lower case L. If a vendor suddenly changes his PGP key without signing it with his old one, stay away from him until he does so! When sending messages (no matter if on Reddit or a DNM) try to write all you have to say in one message. Nobody likes getting hit with a high notification counter when logging in just to realize that you wrote half of the new messages. It is also easier to answer for your chat partner if you sent only one message. When you make an order, the status of it will be unaccepted (or similarly called) at first. When the vendor confirms/accepts your order it will be market as accepted or processing. Again the exact words vary from each DNM. The next step would be market as shipped or in transit. The last step of the order is finalized or completed. It is not necessary to encrypt every message you send on a DNM. You absolutely have to encrypt all sensitive data such as addresses or tracking numbers. However mundane questions about the product for example do not need to be encrypted, since the vendor would need much more time to decrypt all messages. Do not use SWIM or a variation of it. It stands for “Somebody who is not me” and is absolutely useless. No law enforcement agent will stop his work when he sees that you used SWIM. It only makes you look like a complete noob. Instead step up your OpSec which is far more helpful. Remove the version string from your PGP public key (which is the line that begins with “Version:” and is directly under the “—–BEGIN PGP PUBLIC KEY BLOCK—–” line). It is not necessary and just gives away information about the software that you are using. Are you not getting past the captcha although you always entered it correctly? Restart your Tor browser and visit the market address again to register (try another onion address if the market provides more than one). If that still does not work please go to your privacy preferences by entering about:preferences#privacy in your address bar or by going to Edit -> Preferences and selecting “Privacy” on the sidebar. Then click on the button ‘Exceptions…’ next to the checkbox labeled “Accept cookies from sites’ (which should be unchecked). Then paste the site address (the onion link of the market that you are using) into the input field. Click on “Allow for Session” and then on “Save Changes”. If you do not want to do it every time, check the checkbox “Accept cookies from sites” (it is the default setting anyway). NEVER use Tor gateways. By using them you send your login credentials and all other data in plaintext through the whole internet till it reaches the Tor gateway. So not only your ISP knows that you are buying drugs online but also the gateway can simply steal your bitcoins. Just follow the steps in the DNM bible as every other sane user. Get a scale. Seriously. NO market staff will message you on Reddit. If you get a PM from someone claiming to be market staff, please report it to the mods of /d/DarkNetMarkets or /d/Dread immediately. Use KeePassXC to generate and store your market, Electrum and PGP passwords. Unsure when to use “Bitcoin” and “bitcoin”? Bitcoin - with capitalization, is used when describing the concept of Bitcoin, or the entire network itself. e.g. “I was learning about the Bitcoin protocol today.” bitcoin - without capitalization, is used to describe bitcoins as a unit of account. e.g. “I sent ten bitcoins today."; it is also often abbreviated BTC or XBT. (From bitcoin.org) Types of markets Escrow In standard escrow the market holds the money during the purchase. They are typically the most common types of market you will find. You send your coins to the market controlled wallet. If you received your order you tell the market to finalize your order and give the vendor your money. Be careful: the orders finalize after some time automatically, in case you forgot to do it manually and so that the vendor has not to wait ages for his money. If you have not received your order or have issues with it (it was less than the amount you bought or the product was not as advertised), you can dispute it. That prevents the order from auto-finalizing and you can resolve that matter along with a market staff member and the vendor in a discussion. The market staff member then decides after the discussion what actions to take (e.g. who gets the money from the order or if one of your violated the market rules). Remember to message the vendor first if you have problems with your order, instead of disputing it right away. The big risk is that the market can always run away with that money. It happened a lot in the past, some examples are sheep market, Empire, evolution, abraxas, nucleus, middle earth marketplace. Direct Deal/Finalize Early (FE) Vendors that have been around a very long time sometimes will join Direct deal markets, or have FE status granted to them on an escrow market. Typically these vendors are considered more “trust worthy” Most markets now have rules in place that forbid vendors from requesting you FE them if they have not been granted that status. If you get a message asking you to FE from a vendor this should be a big red flag for you. Do not do it. If you finalize early you basically give all your money to the vendor you make your order with. So as soon as you give up your order the vendor receives the money for it. It is like giving your street dealer your money and letting him run around the block to get the stuff. As you can see this is extremely risky because it is easy to scammed. Especially if you have a buyer account with little history (few orders). Few people would believe you, and if you do get scammed using FE, you never get your money back. Sometimes vendors offer a lower price for the same item if you FE for it (because it is more convenient if they get their money instantly), but it is usually not worth the risk. It is also strongly discouraged to FE for new vendors since the risk that they scam you is even higher. Multisignature (Multisig) Markets For the sake of keeping this simple we are going to be talking mostly about 2/3 Multisig. The number simply refers to the number of keys that are required. So what is multisig? Multisig stands for multi-signature. This means that multiple approvals (signatures) are needed before a transaction is confirmed. Although already present in other industries, the concept was first applied to Bitcoin addresses in 2012, which led to the creation of multisig wallets and even pure multisig markets like for example Hansa, CGMC, Cannahome or Versus. These wallets and payment systems function by adding one or more private keys to the wallet. This way, a transactions can only be confirmed by providing the 2 or more private keys. How do they keep my coins safe? The graphic below should help explain how multisig works. Lets run through a few examples of why multisig is useful. Increase Security – Hackers need all the participating keys to confirm a transaction and steal any coins. Company Transactions – for cryptocurrency businesses that work with multiple stakeholders, multisig wallets are optimal. It paves the way for decentralized organizations. Escrow Transactions – in this case, a multisig wallet can be used to lock the funds of a transaction between 2 parties until a 3rd trusted party (a Market) signs it with their private key. Example: Lets say the buyer makes a purchase from a vendor. The market decides to exit scam or is seized. The coins are actually still safe! Even though the market will not sign, you and the vendor can sign releasing the funds to the vendor. (After you get your pack of course.) As you can see, nobody can simply run off with your money. There always have to work two parties together to release the money (the buyer and the vendor, the DNM and the buyer or the DNM and the vendor). Choosing a Darknet Market Choosing a market can be very overwhelming. More and more markets come out everyday. It is important to do your own homework about different markets, and vendors. Making constant posts on /d/DarknetMarkets asking “Which market is the best right now?” will just leave you getting results from market shills or others trying to phish you. Instead you can check out the Superlist It has a lot of different markets that have been around for some time, and have shown to be more reliable. Start there and just read up about different markets, and other user experiences. Check frequently on market subdreads before you make an order. This will keep you up to date on any policy changes, or just keep you safer from exit scams. Each market processes orders slightly different, make sure you check out market user guides that are usually right on their subdread. Where do I find links? Make sure you NEVER accept links from people on forums, or sending you messages. Chances are they are just trying to phish you so they can steal your coins. The best place to get onions is directly from market staff. They will usually put their main onion address on heir subdread. No websites should ever be trusted in the next chapter we will talk about things that can happen to even the most trusted websites. DarkFail or DarkNetLive are considered more reliable sources, but should always be verified! Choosing a vendor Choosing a vendor to buy your desired product from is an important step and you should take your time for that to avoid trouble later. It can mean the difference between you not getting the product and loosing your money and a successful and flawless purchase. Tips When you are a new buyer it is best to stick to already established ones because this usually means that you are less likely to run into issues and the vendor knows what he is doing. In the following a few characteristics that you should look out for when searching for a new vendor: Is the product description and his vendor profile informative and more than just a few sentences with bad grammar? How is the overall feedback of the vendor? Try choosing one that has at least about 50 positive reviews and not more than 3 negative ones. How is the feedback of the specific product that you want to buy? If it has significantly more negative reviews than the other products that the vendor offers you should avoid buying it. Does the vendor encourage bad OpSec measures (e.g. wants you to not encrypt your address with PGP)? If yes avoid him. Did you read his profile, listing description and agree with the stated terms (e.g. no refunds for new buyers)? Did the vendor just copy and paste texts about his product from other websites? Can the vendor answer questions to the products he is offering, how he is shipping, . . .? Are the photos that the vendor uses meaningful? Do they show the actual product with his name tag or are they just stock photos? If they contain potential OpSec compromising details, like a hand that hold the product or other things in the background, avoid that vendor. When were the latest reviews written? Are they all pretty old or a big influx of negative ones recently? If yes, avoid that vendor because he could be in the middle of an exit scam. Is he on other markets and how does his feedback look over there? If he has a bunch of orders, ~5 star feedback and you can not find literally anything about them anywhere else, he is most likely a scam. Check for manipulated feedback. If he has a bunch of feedback from the same days and the same bitcoin amount each time the he is probably padding his feedback. Also, if the bitcoin amount is lower than any of their actual orders. Often the scammers are stupid and do like 40+ feedback score the same day along with it being like $10 orders. Is he “over-advertising” his products? If he claims that he has the “absolute best coke in the entire galaxy” it is often not true and shows that the vendor is not honest. How many different products does the vendor sell? This can be a red flag because vendors who sell a large selection of very different products can be greedy and care less about their OpSec. That means they rather have a couple of thousands dollars more in exchange for a higher risk and harsher penalty. Is the vendor saying that you can not leave neutral or negative feedback or dispute? Buyers should contact the vendor before leaving negative feedback or disputing, to give the vendor a chance to resolve the issue. If they do not manage to do it, then the customer can leave a honest review which reflects his experience with the vendor and the product. If a vendor does not want to “allow” you to leave negative feedback or to dispute, it is a red flag since if you run into trouble with him you will have a hard time even if you are right. Stay away from such vendors. How many views and sales does his product listings have and for low long are they up? If they are for example up since 4 days, have a couple of dozen views but a bunch of sales, it is suspicious. Especially if the listing is a rather expensive one. It could indicate that the vendor is manipulating the feedback, be careful and stay away when in doubt. Check his products and his prices. Many scammers post bulk products for pretty cheap. Cheaper than normal. If a vendor does not choose you Sometimes vendors decline orders without giving you a reason. Possible causes could include: Out of stock. If the vendor did not edit the “items left in stock” option or the market does not even have one, they could cancel the order. Bitcoin fluctuations. If the Bitcoin price drops drastically and you already sent the money into escrow it would mean that the vendor gets less money in Bitcoin than he initially charged for the product after the transactions is done. If a vendor does this you might consider not buying from him again because they will always accept your orders when the Bitcoin price rises so that they get more money than they initially charged for the product. Lack of feedback on your account. Some vendor prefer to only deal with buyers that already have some feedback and history on their accounts, because the chance that the transaction will go flawlessly is higher and the risk that you are an undercover LEO is lower (because they would need to make several purchases before being able to order from that vendor). Types of Scams FeedbackVendor pays users to purchase items, never delivers them but users leave positive feedback to make it look like they were legit sales (to prevent the feedback manipulation being tracked back to the vendor). Multiple feedback that have similar qualities & spelling.Check the forums, reddit, and any vendor review threads for the vendor. EscrowSend empty box to the customer as tracking also indicates it arrives. Photo evidence is not supported as buyer could remove item and take photo.Feedback indicating package never arrived, vendor reviewsVerify the vendor is legitimate and feedback supports all claims. Ask for tracking.Finalize EarlyNot send any item and receive 100%, of which all is profit.Feedback indicating nothing was sent. False/Non-responsive tracking numbers issued.Verify the vendor is legitimate and feedback supports all claims. Ask for tracking. How to be a good buyer Being a good customer is just as important as selecting a good vendor. So here are some tips that will help along a smooth transaction. Always order sober. You will make mistakes if logging into a market while being high. Always read a vendors page completely before ordering. They may have special requirements to be met. Most questions for them can usually be answered this way. Be polite (to the vendor and market staff). This usually will take you further than expected. Do not wait for the last second or hour to dispute. Sometimes the market clock counts differently that you expect, so make sure to dispute at least half a day before the Auto-Finalize timer runs down. Also do not forget to contact the vendor first if you have issues with your order instead of disputing right away. Often they are interested in solving the problem without a dispute. If you are in a dispute: be calm and respectful. Explain your situation using just the facts available to you, no assumptions or accusations. Provide a desired outcome to your problem. Express willingness to compromise in situations where it is appropriate. When sending messages, use proper grammar and well structured sentences. Always encrypt your address properly yourself. After you make a purchase, log in within a day or two afterwards to make sure the vendor doesn’t have a question or issue with your order. Keep checking until it says shipped. When you receive your package, finalize the order so the vendor gets their money. But wait to give feedback until you have tested the product. There is much feedback like “I’ll update once tried” or something along the lines of that. You often can not update feedback once it is placed. Keep any chatter to a minimum and keep it short and sweet. Most vendors time are valuable to them. Be patient. Remember that this is not Amazon. Most vendors have a special way of getting packs out. A good rule for domestic orders is 7 days Tor-to-door. This is a very reasonable amount of time. Never ask for tracking unless a substantial amount of time has passed. And before asking for those tracking numbers, ask the vendor if they could give a heads up on the pack first. Don’t double encrypt. That means encrypt your address using Tails and then paste that address into the message field on the market. Leave any checkbox that offers PGP encryption unchecked, otherwise the message would get encrypted twice which adds no necessary security boost and only annoys the vendor. To read why you should never let the market encrypt sensitive data for you please go to the important tips for using markets chapter. You do not need to include your public PGP key in the messages you send to the vendor since you already have it entered in your market account settings (if you have not done it yet, please do so immediately). If you still want to, you can include it at the bottom of your first message to that vendor (like “Here is my public key: ”) so he does not have to go to your profile to get your public key. Leave honest feedback and finalize the minute you get your pack and have assessed it’s contents. Keep your PGP keys current on the market. That means if you key expired after a year, you should immediately replace it with the newly generated one in your settings on the market. Do not message a vendor before making an order and claim that you “usually move 10k pills a week but you are only ordering 150 from him to test them out to make sure they are legit” in hopes of getting some sort of deal or preferential treatment. Vendors get these messages all the time. They know that you are not some big player moving massive bulk, you are just someone hoping to get a discount by making a vendor want to land a “big fish” like you. Vendors get tons of messages every day and they notice buyers who are simple to work with. Eventually after a few seamless and easy orders, you can send them a PM telling them you like their service and ask them if they can get bulk orders bigger than what they list and what the prices they would be. Then they may start offering you better deals. The vendor does not need to know that you will be placing an order in a few days. If you agreed upon a special request, specific artwork, different stealth, modified shipping, etc with a vendor, put that same info in with your address. That way when the vendor is working on your order, it is right there in front of him again. Did you get too much or another product? Contact the vendor and tell him the situation. You will not be forced to send the product back or send the vendor some money, but the vendor knows that he made a mistake while packaging. Then he also does not have to wonder why the other customer is not receiving his order. Getting a lawyer If you ever encounter law enforcement due to serious issues (e.g. a controlled delivery) say nothing. Shut the fuck up. You could have the best lawyer on speed dial but still get a decade in jail because you talked to the police and incriminated yourself (willingly or unwillingly). Here a good video about how to talk to law enforcement. Here another resource from a lawyer who sometimes posts to reddit too Do not even deny anything. If you haven’t been arrested yet (even if they ‘detain’ you), the only two things which should come out of your mouth are: “Am I free to go?” and some version of “Me. Lawyer. Now.” plus that you invoke your right to remain silent. To add to this, you should avoid making any statements because anything that ends up not being true can add another crime to your list. They’ll likely come at you with all kinds of scare tactics and/or promises/deals. Let them work that out with the lawyer you demanded. Getting / Researching a lawyerThis is a crucial and important step. You have to do the steps in this chapter before making your first order, because if you later get in trouble you will not have time to research a lawyer properly. As soon as you get in legal trouble law enforcement will try to get you to talk and admit as much crimes as possible. They often use different tactics to achieve that and a good counter measure is searching for a lawyer beforehand. If you later get in legal trouble you just have to tell them that you only speak with your lawyer and can avoid any incriminating discussions with law enforcement officers. It is best to search for two different law firms who have much experience with drug cases and are also successful at their job. If you found two good results write their numbers and locations down on several pieces of paper (because your electronic devices might get seized during a search). Store them for example in your wallet, desk and phone case. If you ever get in legal trouble you now can just call a number from the note and if the first one is unavailable you can try the second one. Also remember to keep a bit money on the side to pay your lawyer if you have to hire one. Moreover do not forget to look up the laws that you are breaking. You can easily avoid harsher sentences by avoiding pitfalls if you know about them. An example would be not using/having guns when also violating drug laws, because that will increase your penalty drastically in many countries. IF LAW ENFORCEMENT IS QUESTIONING YOU, TELL THEM YOU ONLY SPEAK TO YOUR LAWYER. Do not get intimidated by their scare tactics. No person ever said “Fortunately I talked to the police first and told them everything before contacting my lawyer” Making a purchase Do you have PGP, Coins and your market account set up? Good, now go back up that data so you do not loose access to your accounts and money. TipsMaking a purchase is one of the better parts of all of this. Before you do there are some things that should be considered. First timers and noobs should stick with domestic orders to get a feel for how his works. Make sure you have performed proper market and vendor research. Be safe and be sure you have researched the product you intend to buy. (This is very important. Respect these substances and your body. Erowid has reliable dose charts, first hand experience reports, substance laws and many other treasure troves of knowledge about many products found on the DNMs). Knowing exactly how much to send to the market (cost of product, shipping and commission fees) and having that coin ready is another good practice. Sometimes it takes a while to transfer BTC into a market wallet. BTC is volatile and the price can rise or drop very suddenly, so it is also a good idea to send a little more than expected. You can always withdraw any left over coin to a personal wallet once the order is placed (and you should always do so). Double and triple check that you wrote your address correctly: either according to the vendors preference which is detailed in his profile description or to the recommended standard for your country. If you fuck it up you could get in legal trouble and the vendor will not be happy either. Once you have made your first order, store your written address in a .txt file in your persistence directory (home/Persistence) and copy it form there for every future order. Also do not forget to check if the vendor wants another format as the one you copy from your .txt file. Include your PGP encrypted address in the order. Most markets have some kind of order/buyer notes in which you have to put it. If you, by any chance, make a mistake when providing your address in the order information, let the vendor know as soon as possible. Remaining in escrow or using Multi-Sig is a good way to keep from vendor exit scams. If you have already entered your public PGP key in your profile settings (which you should absolutely do), it is not necessary to include it in your messages to the vendor. If it looks too good to be true, it probably is. Overnight shipping: overnight is highly unlikely from any vendor. It is misleading because it is not true overnight shipping in the vast majority of cases since the order arrives almost always later. Giving Feedback TipsGiving feedback and rating a vendor is just as important as escrow or multi-sig. It is your voice to the vendor and any future patrons of that vendors business. Rating a vendor and leaving feedback should be taken seriously. It’s truly the only means of regulating how business is conducted and it’s what maintains the purity of products you find on the markets. The combined feedback and ratings left by customers is paramount when choosing a vendor. Here are the main factors to consider when rating a vendor. Communication: Although this should be kept to a minimum and sometimes not needed at all, speed of responses and professional interactions are important. Efficiency: The speed at which the order is accepted and marked shipped. (The arrival speed is out of the vendors hands and falls on the delivery service. 7 days Tor-to-door domestic is a fair margin, also consider holidays and poor weather.) Packaging: Vac-seal is an absolute necessity. Adequate stealth should be considered also, but not every vendor goes overkill. Your purchase should be scent and weather proof with some visible barrier in case the package is damaged in transit. Weight: You should receive what you pay for. Heavy packs are common and should be praised, but light packs are just as common and should be just as known. Purity: Again, you should get what you pay for. The purchase should come as advertised and should be known to the user before leaving any rating or feedback. Ratings are very important to a vendor’s business, but the feedback is very important to the rest of the community. Your feedback will exist as long as the vendor shop is open (other users will not know who wrote what) Here are a few tips that will ensure your feedback benefits others. Feedback should only be left after you have received the pack and have assessed it’s contents. This should be the same time that you finalize the order. It should be honest so other people will know what to expect. Remember that this is the darknet and not Amazon, and anything less than a perfect rating can really harm a vendors business, so be reasonable when considering how you rate them. Before leaving bad feedback or anything less than a perfect rating, contact the vendor to see if they could make things right first. Be courteous and you might end up leaving a perfect feedback after all. Getting threatened/blackmailed by a vendorSometimes vendors go full-retard and threaten you. Sometimes they even want to dox you (releasing your personal information like your address) or report you to law enforcement. If that happens to you, you first of all need to stay calm. Follow the steps here and you will have little to worry about. Furthermore you should report him immediately to the market staff and tell them the situation in a normal tone and without any insulting, bad grammar or panic. That way you will have the best chances to win the argument in your favor and get the vendor banned. If you followed the tips on how to be a good buyer you already have an advantage, because all your messages were written in a polite, clam and respectful way. So the market staff will clearly see that you stayed down-to-earth and the vendor is probably the one going crazy. Threats like sending law enforcement to your address are rarely followed though by those who write them because they would have to compromise their own OpSec (e.g. by calling the police) and it would be a lot of hassle any way for them just to fuck with one buyer. So these threats are often just to scare you into giving in and handing your money over to the vendor. However also clean your house so that there is nothing illegal or suspicious (e.g. a bong) in it for the worst case. That way you will be innocent even if law enforcement visits you. That the vendor personally visits you (or sends someone) is highly unlikely because he is just a pussy who wants to win the dispute by threatening you while hiding behind a computer screen. It is probably also a good idea to not make new orders for some time, at least till that matter is resolved. IRL OpSec GeneralThis chapter is about how to keep your OpSec tight in areas that are not primarily related to DNMs. It includes for example reselling (since few of your friends would probably be willing to set up Tails just to communicate with you). Keep your mouth shut The golden rule is to never tell anybody where you get your products from. Period. No exceptions. Even if a long time friend is nagging you to tell him who you get that dank shit from, do not give in the temptation to tell him about your elaborate DNM setup and how you import drugs in bulk. You can never take back what you said (let’s not talk about murder here). Once only one person knows about that, you never know who else will know it too. And one of these persons will spill the beans to law enforcement when they get arrested because the try to get themselves out of trouble by telling them all they know about the crimes others did. Then you will get a visit and, in the best case, you only have to pay several thousands of dollars in lawyer payments. You know how that will look when someone gets busted because he could not keep his mouth shut? Here some examples: Quote: Franklin said 18-year-old Ryan Andrew Backer was under investigation after county drug agents learned LSD was sent to him from the Netherlands. Source Quote: The Monroe County district attorney’s office said that earlier this year university police received a complaint that Mancini was ordering LSD online and selling it. Authorities said a resident director for Lenape Hall at the college noticed Tuesday that Mancini had received a letter from Hawaii. The director contacted police and police obtained a search warrant. Source So if someone asks where you get your stuff from, just tell them you get it from some guy but do not get into details. If that person keeps asking you, you should rethink your business relationship with them. If they just can not accept that you want to keep your sources secret, they will also rat you out as soon as you get in trouble. CommunicatingAsking your friends or customers to send you PGP encrypted emails will probably result in some perplexed faces. So you will have to adapt while still not creating massive evidence against you. It is therefore important that you keep your communications, which can play a big part in your prosecution, secure. So please read that IPhone guide and/or that Android guide. It is also important to use Signal with your contacts and that you check your friends phones to make sure they have it enabled and that messages are getting automatically destroyed after a short period of time (e.g. after 24 hours). Also push full disk encryption of the phones with a strong passphrase. Do not forget to also turn off Icloud/google cloud backups as they will try to upload messages and photos to the cloud where they can be seized by law enforcement with a simple subpoena.