Hey guys;
Been lurking around the clearnet and darknet for sometime now and I literally can't thank this subreddit enough for things I've learnt. Documentation and help is amazing so thank you all for that. So before jumping the fence and proceeding with my first order I have a few questions and this will be a long post so please bare with me and help. (OPSEC is important for me, we take our freedom for granted but losing it is very easy this century)
- SYSTEM USED
So I have a Mac as my daily driver. I know no one recommends Macs for DNMs but here are what I did thus far;
Installed Tails to a USB from a PC at work in spare time, booted to PC successfully.(can't use that PC) Using TAILS installer I installed it to another USB. (sandisk :/) Tried booting on my Mac using the alt/option key, EFI option shows up, I get the boot screen but can't make it to the greeting screen somehow. Tried the solution to press tab and deleted "live-media=removable" after confirming I got error message "/bin/sh: can't access tty; job control turned off followed by (initramfs)" upon enabling debug and no splash options. Although that was supposed to work according to TAILS documentation, it didn't. Now I get stuck at something about VGA Console right after macbook keyboard backlight gets lit up. It just doesn't get to TAILS Greeter. If you are clueless on what I'm talking about check https://tails.boum.org/doc/first_steps/bug_reporting/tails_does_not_start/index.en.html#entirely
Installed tails to a non sandisk usb using the Mac install method but this time it is not showing as an option to boot upon pressing Alt during start. Alternative could be trying out rEFIt but I don't want to change my Macs boot loader and lose FileVault encryption. Already worried as I am.( see last part; p.s.)
So as far as I can see I have three options;
- Use a virtual machine (VM Box) and use Tails within that with persistent volumes and all. (don't know how safe that is)
- Use TAILS via bootable DVD on my Mac. (I'm almost certain that'll work but I won't be able to use persistent volume)
- Use VPN and TOR on OS X (last resort, avoid at all costs)
Also, would using work network be a problem for this or is it better because I won't be the only one? As a sub-question, I don't get why people don't recommend using TAILS + VPN. Tails uses TOR to manage all internet traffic but if I were to be a victim of a man in the middle or exit node attack, people could still get my IP despite Mac spoofing right? location given away.
- BITCOINS
Bitcoins seem to be my weakest point. Vast majority of people say buying from LCB is a must but I don't get it. It's more expensive and you're still required to deposit the money to the seller via a bank (your official bank with real ID) or give out some sort of identification. So what makes it different from a regular bit coin buying service? (say, coin base)
If I got this right, I should be buying bit coins-sending them to a tumblr(Helix Lite) and that should send to the related DNM. Right?
Part I'm worst at is the wallet part. I have never used bit coins before and have no idea where I should get a wallet, how they work and if I should give my real information while doing so. I know tumbling makes them untraceable but still, if there is a way to be safer, why not go for it?
- SHIPPING
I really don't feel comfortable getting items shipped to where I live as some other people might open them as well and I wouldn't want a vendor to know where I live. (call me paranoid) Would getting them shipped with my name to work be a good idea? I am there almost all the time on weekdays anyway. Or some other alternative would be getting them shipped to a friend's house with my name on it. Which one would you guys say is the best?
- ESCROW / MULTISIG
I'll only be sticking to sites with escrow and won't use FE but just in case I need multisig in the future, could anyone explain it to me? I researched it too but all I could understand was having multi key bit coin wallets and having a third party we both can trust (vendor and I). As a person whose weakest point is bit coins (never used bit coins, don't know how wallets etc work) I'm quite lost when it comes to multisig.
- PGP
I know that I should be using PGP on crucial comms with vendors. Will practice PGP on r/GPGpractice subreddit once I got Tails up and running.
So my todo list before my first order is; (ALSO a TL;DR)
- Decide system to be used (with your help, answers)
- Practice and get a hold of PGP within TAILS
- Decide where to get the goods shipped. (also recommendations needed)
- Research thoroughly and decide on a vendor to be bought. (feedbacks of the vendor on market and reddit)
- Buy 10% more bit coins than the price of product decided to buy. (tumbling costs, hedging for price fluctuations, other commission fees that might come up etc.) (if 10% isn't right, what should be the %?)
- Order, use PGP like a pro for address and other info
- Let the stress begin.
- Get the product finally.
- Get high.
If you have done it this far thank you very much. Can't wait to read your answers. Thanks.
a small p.s. question: I'm already worried and feel like I have contaminated(NSA) my daily driver (OS X) just by looking up and researching tails, deep web, using TOR and hotspot shield, reddit darknetmarkets, bit coins. Although I haven't done anything but browse and read, there is data on the drive and online and it is suspicious activity after all. Is my worry trivial? Am I being super paranoid? Is there anything to be done or just move on?
Finally, what do you guys think of my potential OPSEC in general? (it is for personal use but it doesn't hurt to be safe, also it goes without saying that I'm separating clearnet/darknet nicknames and passwords so basically separating lives.
This would be much better suited for /r/darknetmarketsnoobs