The Ultimate Tor Guide – DarkNet Bible

Tor basics

What is Tor?

Tor is an open-source software that bounces Internet traffic through a worldwide network consisting of almost million relays in order to hide user’s location and protect against surveillance or traffic analysis. Tor makes more difficult to trace Internet activity: websites visits, online posts, instant messages and other communication forms.

Who created Tor?

The idea of onion routing was created in 1995 at the U.S. Naval Research Lab by David Goldschlag, Mike Reed and Paul Syverson in effect of a research to find a way to create Internet connections that don’t reveal who is talking to whom. The reason was to protect US intelligence communications online.

In early 2000s, Roger Dingledine (MIT graduate) with Paul Syverson began working on the onion routing project created at Naval Research Lab. To distinguish their work from other efforts, they named the project Tor.

Tor was oficially deployed in October 2002 and its source code was released under a free and open software license. In December 2006 computer scientists Roger Dingledine, Nick Mathewson and five others founded The Tor Project research-education nonprofit organization that is responsible for maintaining the software.

Tor is supported by US government, many NGOs, private foundations, research institutions, private companies and over 20,000 personal donations from people from around the World.

How to access Tor?

The easiest way to access Tor is to install Tor Browser. It is a modified Mozilla Firefox browser with multiple privacy improvements. It is available for Windows, Linux, OS X and Android.

Download Tor Browser

How does Tor work?

Your traffic passes through at least 3 different servers before sending it on to the destination. Because each of the 3 nodes has separate layer of encryption, nobody watching your connection can read what you are sending into Tor network. The nodes are called: Guard node Knows your IP address but doesn’t know what website you visit. Middle node Immediate layer between guard node and exit node. Exit node Knows the destination but doesn’t know who you are.

Privacy is a human right. In democratic states using Tor is legal. However, some countries censor Internet and the only way to access Tor is to use a bridge. In this case select “Tor is censored in my country” in connection wizard after starting Tor Browser. You may also set up bridge in browser settings at any time.

How to enter darknet?

Darknet is a hidden part of Internet that can be accessed only through anonymizing software like Tor Browser. Most dark web sites are legal and are used by activists, journalists and news organizations. Their domain names finish with .onion. However, many hidden services contain illegal stuff. There are multiple darknet markets where users can buy drugs, guns, counterfeit money, cloned cards, hacked accounts, etc.

Enter the following search engines and link lists to find interesting content:

The Hidden Wiki : http://torlink2uegl22vwzop42t4eipy2r2eksk67kvan4vx4r6h77t3cejad.onion

DarkWeb Wiki : http://darkwebp7lyr44rpgqdtevalty2pk5oqmc6m2cnicnix7itelt3lp3id.onion/

Torlist Wiki : http://torlisthsxo7h65pd2po7kevpzkk4wwf3czylz3izcmsx4jzwabbopyd.onion/

Torwiki Links List : http://torwikijwqskahohtn35pyfde2uqmgrxgr2fru4mn4rer5muj445dxyd.onion/

DarkNet Wiki : http://darknetmdzfznq7zxywqzqnskp6b6thm3yy2uvuxqijrpzltvrdxuyyd.onion/

Darknet markets

Darknet market is a commercial website that operates on the dark web. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit money, stolen credit cards, stolen Bitcoin wallets, fixed soccer matches, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products.

Darknet markets are characterized by:

  • anonymized access (typically Tor)
  • payments with cryptocurrencies
  • escrow services
  • feedback systems

How to find markets?

Use Tor search engines and link lists to find darknet markets:

The Hidden Wiki : http://torlink2uegl22vwzop42t4eipy2r2eksk67kvan4vx4r6h77t3cejad.onion

DarkWeb Wiki : http://darkwebp7lyr44rpgqdtevalty2pk5oqmc6m2cnicnix7itelt3lp3id.onion/

Torlist Wiki : http://torlisthsxo7h65pd2po7kevpzkk4wwf3czylz3izcmsx4jzwabbopyd.onion/

Torwiki Links List : http://torwikijwqskahohtn35pyfde2uqmgrxgr2fru4mn4rer5muj445dxyd.onion/

DarkNet Wiki : http://darknetmdzfznq7zxywqzqnskp6b6thm3yy2uvuxqijrpzltvrdxuyyd.onion/

How to pay for stuff?

All transactions in dark web are made in cryptocurrencies to protect you against law enforcements. The most widely used cryptocurrency is Bitcoin. This is a digital currency that eliminates the need for central authorities such as banks or governments. Instead, it uses blockchain technology to support peer-to-peer transactions between users. This makes Bitcoin safe to pay for goods in dark web if used correctly.

To learn how to buy bitcoins and make payments, read chapter Bitcoin guide.

How to buy drugs?

If you have no criminal connections, it may be almost impossible for you to find a trusted drug dealer on street. Meeting a random person from Facebook, Signal, Telegram or Whatsapp can be risky. It’s often difficult to tell if the dealer is legitimate. You could put yourself in danger if the dealer is violent or aggressive. You can also put yourself to jail if you are caught buying drugs. The dealer you are going to meet may be an undercover cop. Last, there is always the risk that the drugs you purchase may be of poor quality or laced with other substances which could lead to adverse health effects. This may be done to cut down on costs and increase the likelihood of buyers becoming addicted.

Darknet resolves these issues. This day it’s way safer to buy shit on the darknet than hand-to-hand. If you get busted hand-to-hand, you’re fucked. If some shit shows up in your mailbox with a fake name and no paper-trail, you have plausible deniability. You say you didn’t expect this and they have no evidence that you really ordered this stuff. It’s important to follow opsec rules when browsing darknet markets and to find a trusted vendor who knows how to package drugs to avoid detection by customs.

Add products to cart

Find interesting product and click button Add to cart. You will be redirected to cart. Navigate back or click store name on the top to return to product list and buy another item. After you finish, go to cart and click Checkout.

Enter delivery address

You need to enter shipping details. Our recommendations:

  • Full name – use your real name or a fake name that sounds real
  • E-mail – use privacy e-mail like ProtonMail, Cock.li, Morke, SecTor.City, TorBox, Riseup
  • Address – provide valid address where courier will deliver package – if you don’t have access to any drop place, you should enter your home address
  • Parcel locker – if there are parcel lockers in your town, you can enter one or more locations but keep in mind that this shipping option might not be available and you will get package delivered to home
  • Phone – leave entry or enter to receive tracking on phone
  • Comments – additional information about your needs, delivery, etc.
  • Shipping option – leave regular shipping, don’t overpay for fast delivery unless time is urgent
  • Payment currency – leave Bitcoin unless you are familiar with other cryptocurrencies

Verify information

Verify if all information is correct and then click Finish order.

Make payment

Now you must pay for your order with selected cryptocurrency. It’s recommended to withdraw bitcoins from the exchange to a local wallet before spending them in darknet. However, if you are impatient, you may transfer funds directly from the exchange. It’s also safe because an unique Bitcoin address is generated for each order.

How to buy weapons?

Most countries restrict guns possession by ordinary civilians like you. The only way to get armed is to acquire a weapon from illegal source. If you have no criminal connections, you are unlikely to find a dealer on street. In this tutorial you will learn how to buy guns in darknet safely and not to end up in jail.

I guess the most alarming thing for me was how easy it is. Majority of people who want to buy a gun on the street wouldn’t know where to start unless they have connections to the criminal world. But the dark web gives almost a real time access to a world wide supply of firearms that are available for people to purchase. It took me five minutes on Google to find a guide on how to access the dark web. Five minutes later I had my account on a cryptomarket and could really easily find weapons.

– Giacomo PaoliCambridge Independent

You can buy weapons in darknet markets and guns stores. Use dark web search engines and .onion directories to find links to these websites. Buy only from trusted vendors with good reputation.

Enter delivery address

You need to enter shipping details. Our recommendations:

  • Full name – use your real name or a fake name that sounds real
  • E-mail – use privacy e-mail like ProtonMail, Cock.li, Morke, SecTor.City, TorBox, Riseup
  • Address – provide valid address where courier will deliver package – if you don’t have access to any drop place, you should enter your home address
  • Parcel locker – if there are parcel lockers in your town, you can enter one or more locations but keep in mind that this shipping option might not be available and you will get package delivered to home
  • Phone – leave entry or enter to receive tracking on phone
  • Comments – additional information about your needs, delivery, etc.
  • Shipping option – leave regular shipping, don’t overpay for fast delivery unless time is urgent
  • Payment currency – leave Bitcoin unless you are familiar with other cryptocurrencies

Verify information

Verify if all information is correct and then click Finish order.

Make payment

Now you must pay for your order with selected cryptocurrency. It’s recommended to withdraw bitcoins from the exchange to a local wallet before spending them in darknet. However, if you are impatient, you may transfer funds directly from the exchange. It’s also safe because an unique Bitcoin address is generated for each order.

How to buy counterfeits?

In today’s fast-paced world, the desire of quick cash can blind individuals to the harsh realities of crime. One of the riskiest missteps one can take is dabbling in the world of counterfeit currency. The consequences are severe. Going to jail is a very real possibility. Most of the counterfeit currency seized in recent years were low quality and often home-printed. These amateur attempts might seem tempting for the adventurous rogue, but they often lack the quality necessary to pass muster in modern-day transactions. To reduce the risk, buy only from trusted vendors who are constantly upgrading their professional equipment and enhancing their printing processes, the graphics, texture and specialized inks found in authentic notes.

Despite endless pronouncements that cash is dead, the underground market for fake money is thriving. In 2022, there was an approximately 91% increase in dark web market listings advertising counterfeit banknotes. During this time, the number of unique actors selling these fake bills increased by approximately 82%.

If you have no criminal connections, you are unlikely to find a trusted dealer on street. Darknet resolves this issue. There are many stores offering high-quality counterfeit banknotes as well as genuine cash saved from disposal.

The most popular dark web store selling pre-shredded cash is E-Market operating since 2016.

How to buy credit cards?

Carding is a term describing collecting, trafficking and unauthorized use of credit cards. Stolen credit cards and credit card numbers are then sold on darknet markets or used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data and money laundering techniques.

Carding methods

There are a great many of methods to acquire credit card and associated financial and personal data. The earliest known carding methods have also included information diving for financial data, raiding mail boxes and working with insiders. Some bank card numbers can be semi-automatically generated based on known sequences via a “BIN attack”. Carders might attempt “distributed guessing attack” to discover valid numbers by submitting numbers across a high number of ecommerce sites simultaneously.

Today, various methodologies include skimmers at ATMs, hacking or web skimming an ecommerce or payment processing site or even intercepting card data within a point of sale network. Randomly calling hotel room phones asking guests to “confirm” credit card details is example of a social engineering attack vector. Modern techniques involve the use of social media.

The stolen sensitive information in a carding activity often includes the following data:

  • Cardholder name
  • Credit card number
  • Expiration date
  • CVV (card verification value)
  • ZIP codes

Phishing websites

Cybercriminals run phishing websites of popular marketplaces with fake payment processors which collect credit card info provided by victims. This involves sending fake e-mails or text messages that appear to be from a legitimate company. Links to nasty websites are often posted in social media from hacked legitimate accounts making them look trustworthy and using various social tricks.

Skimmers at ATM

Skimmers are tiny devices that can be attached to credit card terminals and ATMs to harvest data from your credit card. They are very difficult to spot. Most of the time the attackers also place a hidden camera somewhere in the vicinity to record personal identification numbers or PINs. Some criminals go so far as installing fake PIN pads over the actual keyboards to capture the PIN directly, bypassing the need for a camera. To prevent this type of attack, avoid cash withdrawals from ATMs and set low daily payment limit.

Unsecured connections

Ensure that connection is secure (HTTPS) and certificate belongs to your bank or a payment system that you trust. Do not proceed if you have any doubt. Avoid making transactions from public WiFi networks because all information that you send over network like credit card numbers can be intercepted by others using man-in-the-middle attack if communication is not encrypted.

Physical access

These methods include:

  • working with insiders
  • raiding mail boxes
  • trashing (recovering secret data from discared material)

How to protect my credit card?

To prevent stealing your credit card information:

  1. Keep your credit card safe.
  2. Keep changing PIN on a monthly basis.
  3. Do not make online transactions from unknown system/mobile.
  4. Do not make online transactions via public WiFi networks.
  5. Do not disclose CC details if asked via telephone.
  6. Always verify if you are on a legit bank website.

Where to buy cloned cards?

You can buy them in darknet markets and credit card stores. Use dark web search engines and .onion directories to find links to these websites. Buy only from trusted vendors with good reputation.

The oldest dark web financial service is Emarket which sells cloned physical credit cards, digital credit cards, Western Union transfers, MoneyGram transfers and gift cards to many online stores for bitcoins.

Hacked PayPal accounts

Cybercriminals steal PayPal credentials by running fake payment gateways or intercepting network traffic. Hacked PayPal accounts are then sold in darknet markets and automated stores like EMarket.

How to buy fixed matches?

Match-fixing occurs when players, coaches or referees agree to influence the results of a match. This may stem from a desire for financial security, the burden of debt or external pressures, including receiving bribes from bookmakers or sports bettors, and blackmail. These contacts and transfers can sometimes be discovered.

There are multiple dark web sites offering insider fixed matches info. Use dark web search engines and link lists to discover these stores. For example on website Fixed Matches you may buy single matches info for specified date as well as bundles and monthly subscriptions. You can bet on these matches online or in offline bookies.

How bets work?

You buy a match info for $100 with an odd of 12+. Next, you place a bet for $50 and after winning the match you win $600. In two hours you earn $450 absolutely legally.

Odd types

Fixed matches stores offer different types of results:

  • full time – you get result, which team wins or draws, but no correct score
  • correct score – you get exact score of the match, e.g. one team wins 2:1
  • ft/ht – you get result of the first and the second halftimes

How to become a vendor?

You can become a vendor in just a few minutes. Most darknet markets take money to start selling but there are some that don’t take any fee. From this chapter you will learn how to register on Emarket and create a store for free. This works the same way as on clearnet marketplaces like Amazon or eBay.

Open Emarket marketplace

Click the following link to open Emarket marketplace:

http://emarketzhfjehkqd53lnjgmtvbf7tseydias4rjpazwifiqcotoi2gad.onion

Create account

You must create an account before creating a store. Click Sign in and then Create new account. Read the terms carefully and if you agree, click I will follow rules.

Do not provide any information that would help authorities reveal your identity. Do not talk about your interests, occupation, family, movies, etc. Use usernames other than in clearweb and unrelated to your everyday life.

The next step is to provide some information about you:

  • Username – you will use it to sign in to your account
  • Password – strong password to your account
  • E-mail – use privacy e-mail like ProtonMail, Cock.li, Morke, SecTor.City
  • Telegram – optional, customers might want to contact you privately
  • About you – optional, do not provide any personal information
  • PGP public key – optional, you may add it later

Verify all information and then click Create account.

Create store

After creating an account and logging in to the market, you may create a store.

  • Click your username on the top of website
  • Click Add new store in menu bar
  • Provide information about your store:
    • Store name – use quick catchy self-describing name
    • Country – where you operate and ship from
    • Thumbnail image – upload image best describing your store
    • About your business – write about your store, products, delivery options, etc.
    • PGP public key – optional, users might want to encrypt mesages writing to you
  • Click Create store and now you can post your first offer.

Post first offer

Go back to the market by tapping Emarket logo and click + Sell button. Fill the form:

  • Store – select previously created store
  • Category – select proper category for your product
  • What do you sell – title of your offer
  • Unlimited supply – check this option if your product is always available, e.g. e-book
  • Amount in stock – how many items you are going to sell (leave empty if unlimited supply)
  • Price USD – price of your product (without $ character)
  • Unit – unit of your product, e.g. gram (optional)
  • Price options – you may specify options in a format Price option – price in separate lines
  • This is physical product – check this option if your product needs to be packaged and sent to buyer
  • Shipping from – where you ship from (leave empty to use store’s country)
  • Shipping to – tell your buyers where you ship to (leave empty if worldwide)
  • Product image – upload a real photo of your product
  • Spoiler after payment – optional, useful if you sell a digital product so you can include a link to e-book, credentials, how to get the product or any important info after purchase

Deliver orders

To view purchased products and tell buyers that the package is in the way:

  • Click your name on the top of the page
  • On left side under SELLER section tap ✈ Delivery
  • Send purchased products to provided address
  • Expand Mark as sent and write package details (e.g. tracking link)
  • Click Mark as sent to notify buyer about incoming package

Darknet services

The darknet offers a range of services that extend beyond the realm of illicit activities. While it is frequently associated with criminal behavior, such as drug trafficking and hacking services, the darknet also provides several legitimate and unique services that cater to privacy-conscious individuals and communities. Here’s an overview of some of the notable services typically offered in the darknet.

Hacking services

In clearweb hackers will help you only for ethical and legitimate purposes. If you need to break into social media accounts, erase debts, crack passwords or install a RAT on somebody’s mobile phone, darknet is the only place to order tasks that require both sides of the transaction to stay anonymous.

The best hackers at the moment are Rent-A-Hacker :

http://hackerfuiogkjafl7ome7etnizvduzvlviyo7tupnjo5uvr2by25m3yd.onion/

Some of the services offered are:

  • personal attacks – deflamation, legal sabotage, financial disruption
  • hacking e-mail, websites and social media accounts
  • IP / location / phone tracking
  • installing malware, e.g. RAT (Remote Access Control)
  • DDoS (Distributed Denial of Service)
  • Bitcoin wallet recovery
  • grades change

Discussion forums

Discussion boards and communities allows like-minded individuals to gather and discuss a multitude of subjects, ranging from tech and cyber security to hobbies and niche interests, with a shared emphasis on privacy.

The most popular dark web Q&A forum was Hidden Answers. Unfortunately, the website has been shut down by administrator in 2021 due to concerns of getting into trouble with law by running free-spech discussion platform.

There are many successors of the original site. Use Darknet Home and FindTor search engine to find links to discussion forums, Q&A sites, dark web social media and privacy-focused alternatives for Twitter, Instagram, etc.

Whistleblowing

Whistleblowing is revealing information about illegal, immoral, illicit, unsafe or fraudulent activities within private or public organizations. Secure channels exist for individuals to report misconduct, corruption or violation of human rights in oppressive states without fear of retribution or arrest. These platforms protect the identity of whistleblowers, enabling them to share important information with the public or authorities.

The most widely known whistleblowing service is SecureDrop which is an open source submission system that media organizations and NGOs can install to securely accept documents from anonymous sources.

Hitman for hire

There are websites that offer contract killings for bitcoins. Most have been compromised and some are run by law enforcements to catch customers who want to kill someone, therefore using their services is a highway to jail.

Red Room

Red Room is a dark web service where viewers can witness or participate in live-streamed tortures or murder for entertainment purposes. There are multiple sites offering access to the red room as a spectator or a commander. Use FindTor search engine or MegaLinks directory to find .onion link to the red room.

Satanic Ceremony

Deep within the labyrinthine depths of darknet there are platforms offering access to underground, controversial and darkly fascinating content accessible only via anonymizing tools. Satanic Ceremony offers a live-streaming service that broadcasts various types of extremist ceremonies purportedly linked to satanic practices. This may range from ritualistic gatherings where practitioners participate in premeditated rites designed to invoke higher powers and supernatural forces to denials of traditional morality through sexual orgies. Drawn by curiosity and thrill, viewers able to access the site engage with the content from the concealed safety of their own screens.

Throughout its dark digital corridors, participants appear clad in ceremonial robes adorned with cryptic symbols, with solemn spaces transformed into elaborate environments, redolent of ancient times. In some streams, acts like ceremonial sacrifices or symbolic representations of rebirth unfold amid chanting and ritualistic elements. These live events capture the group’s community spirit fueled by shared beliefs – reinforcing the bond between followers drawn to the esoteric secrets of the universe.

Aside from the ceremonial activities, the site serves as an interactive forum for those who dare to tread beyond conventional ethics. Viewers can participate in discussions ranging from philosophical explorations of the occult to DIY guides on creating ritual paraphernalia at home with blood-tinged performance art and esoteric literature.

With each live stream viewers are taken farther into realms few dare explore. The rites and the digital artifacts serve as potent reminders of the shadowy allure humanity finds in the unknown, urgently calling one to question the boundaries between societal taboos and the thirst for hidden knowledge.

Safety in darknet

From this chapter you will learn:

  • How to stay anonymous?
  • How to do safe shopping?
  • How to recognize controlled delivery?
  • How to behave when package gets discovered?

Staying anonymous

To stay anonymous in dark web, you should follow some rules:

  1. Use the latest version of Tor Browser
  2. Don’t use logins and passwords that you use in clearnet
  3. Don’t search for items that you search in clearnet
  4. Don’t input personal info, interests, hobbies, etc.
  5. Don’t tell anyone about your darknet activity

Safe shopping

When shopping in dark web, follow these rules:

  1. Provide real address where package has to be sent
  2. Provide fake name that looks real in your country
  3. Dispose the packaging away from your home
  4. Don’t order illegal items to your workplace
  5. Don’t order more than one package at a time
  6. Don’t order to neighbors or fake places – you will make more trouble
  7. Don’t sign anything if asked by courier – you didn’t expect this package
  8. Don’t keep anything illegal at home – in case of a search warrant
  9. Don’t pick the package if there are two or more couriers
  10. Don’t pick the package if delivery time is unusually long

Tails and Whonix

Tails is a portable operating system that boots from USB stick and leaves no trace after shutdown. It routes all Internet traffic through Tor network. You boot your computer from USB stick. Pull out USB stick from the port to power down your computer immediately in emergency cases. Visit the official website to learn more.

tails.net – Tails official website

Whonix uses different approach. It consists of two virtual machines – gateway and workstation – which are run on host operating system like Windows, MacOS or Linux with virtualization software like VirtualBox, VMWare, KVM. This architecture ensures that all traffic inside workstation virtual machine comes through Tor and no program can bypass Tor. The gateway virtual machine is responsible for routing all traffic through Tor network.

whonix.org – Whonix official website

Qubes takes an approach called security by compartmentalization. This is a security-focused operating system for single-user desktop machine that leverages Xen-based virtualization to allow for the creation and management of isolated compartments called qubes. Every part of the system like desktop manager, networking, USB devices, kernel and user space is isolated in a separate virtual machine. It also lets you to create disposable VMs. If one qube gets compromised, the others remain safe, so a single cyberattack can no longer take down entire system.

qubes-os.org – Qubes OS official website

Package discovery

Millions of packages are shipped throughout the world on a daily basis. Trying to segregate those packages which contain illicit items is a difficult task. There are a number of investigative efforts that can be used in this environment. First and foremost, a properly trained drug canine team needs to be in place to conduct these types of operations. Without such a resource, package cases are virtually impossible to make. The drug canine is the ultimate instrument in the development of probable cause for the opening of a suspected package. The canine should be a single-purpose drug dog whose handler trains in the package environment. However, if you run into bad luck and something illegal gets discovered, you may expect controlled delivery or love letter.

Controlled delivery

Controlled delivery is a technique used by law enforcement officers allowing the package to go forward and be delivered under surveillance in order to identify the intended recipients. The actual physical delivery is typically made by an undercover police officer, by postal inspector or with assistance of police officers. The undercover agent will attempt to solicit any statements in which the suspect may admit knowledge of the parcel delivery. The key to any parcel investigation is to prove that the subject had knowledge of the package’s contents. This is critical to the prosecution of the suspect in an investigation. It’s virtually impossible to litigate a criminal case without proving knowledge of contents. If you suspect controlled delivery, then refuse to pick the package and deny that you ordered any illegal goods.

Signs of controlled delivery:

  • Package is late – delivery time is longer than usual
  • There are 2 or more more couriers delivering your package
  • Courier asks for signature – never sign anything!
  • Suspicious cars or people nearby

Instead of getting the package delivered to the address, you may receive a notice that illegal goods have been seized but no legal action has been taken. This is love letter. Do not go for the package under any circumstances unless you feel like getting arrested at post and going to jail. If contacted, deny that you expected this package.

Plausible deniability

Not admitting to anything is the first rule of accepting illicit packages safely. Proof of knowledge of the contents by the receiver is absolutely necessary to prove a case! Police officers will use different techniques to make you admit that you ordered the package and you knew its content. The good and bad guy technique is often used. The good one tries to be your nice friend: “Look man we don’t really care if you ordered yourself a little bit of drugs to use for yourself, we just want the sellers, the real bad guys, so just tell us where you got this from.” If it doesn’t work, the bad officer tries scare tactics: “Look man you are FUCKED. You are going to jail as it stands. You are going to lose your job, house, kids and the only way to get out of it is to just admit what you did.”

Bitcoin Guide

All transactions in dark web are made in cryptocurrencies. The most widely used cryptocurrency is Bitcoin. From this chapter you will learn how to buy and spend bitcoins.

What is Bitcoin?

Bitcoin is a digital currency that eliminates the need for central authorities such as banks or governments. Instead, it uses blockchain technology to support peer-to-peer transactions between users. This makes Bitcoin safe to pay for goods in dark web if used correctly.

How Bitcoin works?

All transactions are stored in a public ledger called blockchain but the only information are: sender address, amount sent and recipient address. No one knows that you own Bitcoin addresses unless you reveal your identity to the exchange. Also, no one knows whom you sent crypto because in dark web markets an unique payment address is generated for every transaction and every payment address is used only once.

Bitcoin mining

Bitcoin mining is the process by which new bitcoins are created and transactions are verified on the Bitcoin network. It involves powerful computers solving complex mathematical problems to validate transactions and add them to a public ledger called blockchain, with miners receiving rewards in the form of newly minted bitcoins for their efforts. When you send bitcoins to someone, your transaction awaits for confirmation in the pool of unconfirmed transaction called mempool. Miners take certain amount of unconfirmed transactions and try to compute a block. The higher fee you pay for your transaction, the more priority it has in mempool.

mempool.space – live view on unconfirmed transactions and newly mined blocks

Blocks are mined approximately every 10 minutes but the time may vary depending on current computational power of network and the luck. Once new block is added to the blockchain, the previous blocks have greater degree of security because transactions from these blocks cannot be rolled back and this is called a confirmation.

Address (public key)

In the world of cryptocurrency, an address serves a purpose similar to a bank account number: it’s where you receive funds. However, unlike a traditional bank account, creating an account requires generating a unique pair of cryptographic keys — public and private. Let’s break down these components to help you grasp the concept.

An address is a string of alphanumeric characters, beginning with 1, 3 or bc1 depending on the address type. This address functions as a place for you to send and receive Bitcoin, much like giving your bank account number to someone to deposit funds. You can think of it as a digital “letterbox” where your cryptocurrency is delivered.

Private key

In contrast, the private key is purely for your use and is a guarded secret. Think of it as the password to your online banking account or the keys to your physical bank vault. The private key controls access to your Bitcoin funds and is required to spend bitcoins from your address. Anyone who has access to your private key can take your bitcoins, so it’s crucial to keep it safe and protected.

Bitcoin wallets

When you create a Bitcoin account, you don’t manually generate this pair of cryptographic keys. Instead, you utilize wallet software, which automates the entire process for you. Wallet software manages the generation of your public and private keys and helps you navigate the Bitcoin network smoothly. There are various types of wallets, including software wallets (on your device) and hardware wallets (for cold storage).

bitcoin.org – interactive tool to help you choose right wallet

How to create wallet?

You need a wallet software to store purchased bitcoins.

Desktop wallet

For desktop computers we recommend Electrum. If you use Tails or Whonix operating system, you will find Electrum already installed. Otherwise download it from the official website. In Ubuntu Linux you will also find it in the Ubuntu Software Center. Some web browsers like Opera and Brave have built-in crypto wallet feature.

To create bitcoin wallet in Electrum:

  1. Download Electrum from electrum.org
  2. Press Next to create a new wallet
  3. Leave Standard wallet and press Next
  4. Leave Create a new seed and press Next
  5. Write down 12-word seed on a paper and keep it in a secure place
  6. Type the seed to ensure that you have written it down correctly
  7. Set a password to your wallet (optional, but recommended)

Mobile wallet

For mobile phones we recommend Coinomi which supports also other cryptocurrencies.

To create bitcoin wallet in Coinomi:

  1. Install Coinomi from Google Play or App Store
  2. Choose option Create new wallet
  3. Write down seed pharse on a paper and keep it in a secure place
  4. Add a password you will use to spend bitcoins
  5. Add Bitcoin currency to your wallet.

Hardware wallets

There are also hardware solutions for storing your bitcoins securely like Ledger and Trezor.

Recovering wallet from seed pharse

⚠️ Keep the 12-word seed pharse in a secure place and do not share to anyone. These 12 words allow to recover your wallet on any computer with full history and with ability to spend and receive bitcoins. Anybody who knows the seed may steal bitcoins without physical access to your computer.

Technically the seed is to generate addresses with corresponding private keys in a deterministic way. This means that each combination of words create the same set of public and private keys.

Bitcoin Wiki – learn more about seed pharse

How to buy bitcoins?

There are many ways to buy bitcoins. You don’t have to buy the whole bitcoin because it’s dividible to 8 decimal points so the smallest value is 0.00000001 BTC.

Binance, Coinbase – low anonymity

You may buy bitcoins online at major crypto exchanges like Binance or Coinbase with credit card or wire transfer. These exchanges require KYC which involves scanning your ID, home address verification and scanning your face. However, it’s the easiest way to buy crypto for beginners. There are multiple methods to anonymize bitcoins.

If you live in US, go to Coinbase. For EU users both Binance and Coinbase are relevant.

Do not use Tor on these exchanges. Otherwise they will ban or flag you as suspicious!

Some exchanges don’t require KYC if not obliged by law in countries where they operate. Check the limits how much crypto you can buy or sell without revealing your identity. Do your own research.

To buy bitcoins at online exchange:

  1. Register on the exchange and verify your identity if required
  2. Transfer money by credit card or wire transfer
  3. Buy specified amount of bitcoins

You may keep purchased bitcoins on the exchange and spend them from there but it’s highly recommended to withdraw them to a local wallet for higher security, especially for long-term investments and darknet shopping.

Bitcoin ATM – medium anonymity

This is the easiest way to buy bitcoins for cash. Use clearnet search engine like Google to find a Bitcoin ATM in your town. Some ATM providers require KYC (Know Your Customer) to comply AML (Anti-Money Laundering) laws in your country. For example in European Union you must scan your ID for transactions above €1000 but some countries may have more strict AML regulations. You will usually find AML rules on ATM provider’s website.

Don’t mask and don’t behave suspicious when using ATMs. You are buying bitcoins for investment purposes like many other customers who use these machines every day. Otherwise ATM may ask to scan your ID to proceed.

To buy bitcoins in ATM:

  1. Install a wallet application on your cell phone, e.g. Coinomi
  2. Write down seed pharse on a paper and keep in secure place
  3. Go to the ATM and follow instructions
  4. Open the wallet application and tap Receive bitcoins
  5. Scan QR code of your Bitcoin address from phone’s screen
  6. Enter cash to the machine, e.g. 500 USD
  7. Wait for network confirmation to receive bitcoins

Brick-And-Mortar Exchange – high anonymity

Use clearnet search engines like Google to find a brick-and-mortar crypto exchange. The same AML rules apply. If they ask about the reason for buying bitcoins, you are a crypto trader and you buy bitcoins for investments. Never disclose that you’re going to spend bitcoins in darknet! For very large amounts, if obliged by law, they may ask you for SOF and check your crypto market knowledge.

Buying bitcoins in physical exchange involves:

  1. Install mobile wallet (some exchanges require their own app)
  2. Go to the exchange (don’t mask yourself)
  3. Give cash and receive bitcoins

Peer-To-Peer Exchange – high anonymity

You trade crypto directly with another person for cash, bank transfer and more. You meet online or face to face. Choose only verified sellers with good reputation. Go to kycnot.me to find a safe P2P exchange.

Buying bitcoins from another seller involves:

  1. Install crypto wallet on your cell phone (e.g. Electrum, Coinomi)
  2. Find a trusted crypto dealer
  3. Meet him online or in person
  4. Give cash and receive bitcoins

When meeting in person, wait for transaction confirmation by miners because unconfirmed transactions can be reversed by untrustworthy sellers. You will lose cash and not receive bitcoins. Ask the seller to set high fee.

How to spend bitcoins?

You bought some stuff on darknet market. Now they ask you to pay for your order.

Send equal amount of bitcoins to address visible on checkout page. It’s recommended to copy and paste address instead of typing it by hand to avoid typo. If you use a mobile wallet, open the app and scan QR code.

The higher fee you set, the faster your transaction will be confirmed by miners. Do not lower fee suggested by your wallet. This may cause your transaction stuck in mempool forever. Sometimes Bitcoin network is overloaded and fees are very high. You may view current fees and awaiting transactions on mempool.space website.

From desktop wallet

  1. Open wallet software, e.g. Electrum
  2. Switch to tab Send
  3. Paste destination address and equal amount
  4. Click Send to broadcast transaction

From mobile wallet

  1. Open wallet application, e.g. Coinomi
  2. Select currency you wish to spend, e.g. Bitcoin
  3. Switch to tab Send
  4. Scan QR code visible on checkout page
  5. Check if destination address and price are correct
  6. Click Send and confirm your password

From exchange

  1. Go to the exchange, e.g. Binance
  2. Go to your wallet and click Withdraw
  3. Paste destination address and equal amount
  4. Confirm your password and click Confirm

Running .onion website

Creating an onion service allows you to run a website that is only accessible via the Tor network, providing anonymity for both the host and the visitors. Here’s a quick guide on setting up your own .onion service.

Select VPS server

To start, you’ll need a server with full access to the machine. There are many providers to choose from. Look for a reputable provider that respects your privacy and allows payments in cryptocurrency.

Criteria to consider:

  • no activity logs – choose a provider that doesn’t log user activities
  • location – opt for jurisdictions with strong privacy protections
  • performance – look for SSD storage and sufficient RAM (at least 1 GB)

Install Whonix system

Whonix consists of two virtual machines: a gateway and at least one workstation. This architecture ensures that all traffic comes through Tor network but the workstation have no knowledge of it. It prevents deanonymization in case if some software contained vulnerabilities and your workstation were compromised.

Install VirtualBox

Download VirtualBox from virtualbox.org.

Download Whonix

Follow all steps on Whonix download page.

If you are a beginer, download version containing XFCE graphical desktop environment. Later you may switch to CLI mode by lowering RAM to less than 512 MB in virtual machine settings. After you download Whonix images, double-click the file to import virtual disks and create virtual machines with recommended settings.

Change passwords

The default password for both user and root users is changeme. The first action you should do on gateway and workstation is change passsword for both users. Use different passwords and keep them in secret. To change password for root user, open terminal and type:

sudo passwd root

Accordingly change password for user user:

sudo passwd user

Keep timezone UTC

Do NOT change your timezone. It’s set by default to UTC to avoid timezone leaks.

Update Whonix

The next step after installation is to update both Whonix Workstation and Whonix Gateway. You need at least 1050 MB RAM to install updates. Otherwise the process of compiling VirtualBox Guest Additions may hang forever. On both virtual machines open terminal and type:

sudo upgrade-nonroot

Set up hidden services

In Whonix-Gateway type the following command:

sudo mousepad /usr/local/etc/torrc.d/50_user.conf

Then add the following lines:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 10.152.152.11:80
HiddenServiceVersion 3

If you want to host multiple hidden services, just add more lines with different port number:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 10.152.152.11:80
HiddenServiceVersion 3

HiddenServiceDir /var/lib/tor/another_service/
HiddenServicePort 80 10.152.152.11:81
HiddenServiceVersion 3

Now reload Tor configuration:

sudo systemctl reload tor@default

To check status of Tor service, type:

sudo systemctl status tor@default

To retrieve .onion hostnames, type:

sudo cat /var/lib/tor/hidden_service/hostname
sudo cat /var/lib/tor/another_service/hostname

Set up web server

In Whonix-Workstation install a webserver. If you need to serve only static content without dynamic scripting, use a simple server micro-httpd containing only 200 lines of code.

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install --no-install-recommends micro-httpd

Server will listen on port 80 and serve files from /var/lib/www. To change port, folder or start multiple instances, you need to edit /etc/inetd.conf and /etc/services files and restart inetd. Type man micro_httpd for help.

Advanced web server

However, if you need to serve multiple hidden services or serve dynamic content with PHP, it’s recommended to install nginx or Apache instead. nginx is preferred.

If you installed micro-httpd before, uninstall it first:

sudo apt-get remove micro-httpd

Then install nginx and PHP

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install --no-install-recommends nginx
sudo apt-get install --no-install-recommends php-fpm

Edit main configuration file

sudo mousepad /etc/nginx/nginx.conf

Paste the following configuration

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
}

http {
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	log_format main '$document_root - [$time_local] '
                        '"$request" $status $body_bytes_sent '
                        '"$http_referer" "$http_user_agent"';

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	gzip on;

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

	server {
		if ($request_method !~ ^(GET|HEAD|POST)$ ) {
			return 444;
		}
		if ($request_method = HEAD) {
				return 200 OK;
		}
		add_header X-Frame-Options "SAMEORIGIN";
	}
}

Now create configuration file for each hidden service. When you ls /etc/nginx, you will notice 2 directories sites-available and sites-enabled. This is by design. The first folder contains configuration files for each hosted website. The second folder contains symlinks to these configuration files but only for those websites that need to be published. To disable a website, just delete a symlink from sites-enabled.

In this tutorial you will create configuration files for 2 hidden services. If a default configuration file already exists in sites-available folder, you can rename and edit it. Otherwise create new file and start editor:

sudo rm /etc/nginx/sites-available/*
sudo touch /etc/nginx/sites-available/service1
sudo mousepad /etc/nginx/sites-available/service1

Paste the following content

server {
	listen 80;
	listen [::]:80;

	server_name _;

	root /var/www/service1;
	index index.html index.htm index.php;

	location / {
		try_files $uri $uri/ =404;
	}

	location ~ [^/]\.php(/|$) {
		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
		if (!-f $document_root$fastcgi_script_name) {
			return 404;
		}

		fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# include the fastcgi_param setting
		include fastcgi_params;
	}
}

You may need some modifications:

  • if you use another port than 80, change it at lines 2 and 3
  • if you keep website files in other folder, change it at line 7
  • check PHP version installed and fix .sock file name at line 20 (see below)

To find valid .sock file name, open terminal and run the following command:

sudo ls /var/run/php/

Now create a symlink in sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/service1 /etc/nginx/sites-enabled/service1

Create directory /var/www/service1 with empty index.php file.

sudo mkdir /var/www/service1
sudo touch /var/www/service1/index.php

Repeat this step for remaining hidden services but remember to change port number and root directory. If you don’t need PHP and will serve only static content, you may remove the last location section from configuration. You might also need to tune /etc/php/8.3/fpm/php.ini to enable, disable or configure PHP features.

To apply configuration, restart nginx.

sudo systemctl restart nginx

Your hidden services are still inaccessible from Tor network. You need to open ports you use for hiddden services by editing Whonix firewall in Whonix-Workstation

sudoedit /usr/local/etc/whonix_firewall.d/50_user.conf

Add the following lines to open ports 80 and 81.

EXTERNAL_OPEN_PORTS+=" 80 "
EXTERNAL_OPEN_PORTS+=" 81 "

Save file and close editor. Restart firewall to apply changes:

sudo whonix_firewall

Generate custom .onion name

You may include custom word in the beginning of .onion hostname. This is called vanity .onion address. You need a tool that will generate it. For v3 .onion services download mkp224o and compile it using commands:

cd ~
sudo apt-get install gcc libsodium-dev make autoconf
wget https://github.com/cathugger/mkp224o/archive/master.zip
unzip master.zip
cd mkp224o-master
./autogen.sh
./configure
make

If mkp224o compiles with success, it’s ready to generate addresses. Time needed to find an address depends on length of the prefix. The following table shows approximate computation time depending on prefix length.

Prefix lengthComputation size
1-3>1 second
41-10 seconds
510-30 seconds
6few minutes
715-30 minutes
8few hours
9+days to years

To generate address with prefix custom, type

./mkp224o -n 1 custom

Then copy contents of newly generated folder to hidden service directory in Whonix-Gateway and restart Tor.

sudo cp ~/folder_name/* /var/lib/tor/hidden_service/
sudo systemctl restart tor
sudo systemctl status tor
sudo cat /var/lib/tor/hidden_service/hostname

Open Tor Browser in your host machine and try to visit your website.

Advertise your website

In the fast-paced digital world, reaching your target audience is essential and when it comes to the Tor network, having a .onion website is your key to accessing a unique community of potential customers.

By utilizing these strategies, you’re not just advertising; you’re creating a lasting presence within the Tor network. Take your business to new heights with your .onion website and start building that loyal customer base today!

Get listed on well-known Tor directories tailored for hidden services. Ensuring your .onion URL appears here dramatically increases your site’s visibility. This targeted traffic can lead directly to better engagement and sales.

Add your .onion site to link lists and catalogues. For example Darknet Home takes no fees for just submitting links to the directory but offers some paid promotion features that allow to rank your .onion site higher.

There are quality-over-quantity catalogues like FindTor Directory, TorDex Directory that ask to pay one-time fee in order to fight spam and keep high quality of content. This is even better approach to boost your presence in dark web and gain trust by listing your .onion site on quality-over-quantity catalogues.

Search engines

There are many search engines in dark web. Some of them crawl the whole dark web galaxy while others need to submit .onion links manually. Post your .onion links to as many search engines and catalogues as you can.

Keyword advertisement

Some search engines like FindTor offer keyword advertisement. Let’s give an example. You buy ad for 5 words: hacking, linux, windows, android, ios. Everyone who types any of these words into search box, e.g. after searching phrase hacking services will see your .onion site on the top of search results because the word hacking occured.

Communities

Dive into forums and dark web communities. By participating genuinely, sharing knowledge and offering value to users, you can subtly promote your .onion site. Cultivating relationships and providing answers can lead earning trust and loyal visitors. The most popular dark web forum was Hidden Answers but was closed by admin in 2021. Since then many clones were launched. Use link lists and search engines to find these communities.

Social media

While standard platforms might limit your audience reach, consider using niche social media, forums, or even encrypted messaging apps to share your .onion link. Promote through communities that value privacy, enabling you to connect with those who understand the market.

Popular .onion sites

Search engines

Services and software

News and publications

Forums and communities

Markets and finances

Leave a Reply

Your email address will not be published. Required fields are marked *