Final questions before jumping the fence/popping the cherry

Hey guys;

Been lurking around the clearnet and darknet for sometime now and I literally can't thank this subreddit enough for things I've learnt. Documentation and help is amazing so thank you all for that. So before jumping the fence and proceeding with my first order I have a few questions and this will be a long post so please bare with me and help. (OPSEC is important for me, we take our freedom for granted but losing it is very easy this century)

  1. SYSTEM USED

So I have a Mac as my daily driver. I know no one recommends Macs for DNMs but here are what I did thus far;

So as far as I can see I have three options;

Also, would using work network be a problem for this or is it better because I won't be the only one? As a sub-question, I don't get why people don't recommend using TAILS + VPN. Tails uses TOR to manage all internet traffic but if I were to be a victim of a man in the middle or exit node attack, people could still get my IP despite Mac spoofing right? location given away.

  1. BITCOINS

Bitcoins seem to be my weakest point. Vast majority of people say buying from LCB is a must but I don't get it. It's more expensive and you're still required to deposit the money to the seller via a bank (your official bank with real ID) or give out some sort of identification. So what makes it different from a regular bit coin buying service? (say, coin base)

If I got this right, I should be buying bit coins-sending them to a tumblr(Helix Lite) and that should send to the related DNM. Right?

Part I'm worst at is the wallet part. I have never used bit coins before and have no idea where I should get a wallet, how they work and if I should give my real information while doing so. I know tumbling makes them untraceable but still, if there is a way to be safer, why not go for it?

  1. SHIPPING

I really don't feel comfortable getting items shipped to where I live as some other people might open them as well and I wouldn't want a vendor to know where I live. (call me paranoid) Would getting them shipped with my name to work be a good idea? I am there almost all the time on weekdays anyway. Or some other alternative would be getting them shipped to a friend's house with my name on it. Which one would you guys say is the best?

  1. ESCROW / MULTISIG

I'll only be sticking to sites with escrow and won't use FE but just in case I need multisig in the future, could anyone explain it to me? I researched it too but all I could understand was having multi key bit coin wallets and having a third party we both can trust (vendor and I). As a person whose weakest point is bit coins (never used bit coins, don't know how wallets etc work) I'm quite lost when it comes to multisig.

  1. PGP

I know that I should be using PGP on crucial comms with vendors. Will practice PGP on r/GPGpractice subreddit once I got Tails up and running.

So my todo list before my first order is; (ALSO a TL;DR)

If you have done it this far thank you very much. Can't wait to read your answers. Thanks.

a small p.s. question: I'm already worried and feel like I have contaminated(NSA) my daily driver (OS X) just by looking up and researching tails, deep web, using TOR and hotspot shield, reddit darknetmarkets, bit coins. Although I haven't done anything but browse and read, there is data on the drive and online and it is suspicious activity after all. Is my worry trivial? Am I being super paranoid? Is there anything to be done or just move on?

Finally, what do you guys think of my potential OPSEC in general? (it is for personal use but it doesn't hurt to be safe, also it goes without saying that I'm separating clearnet/darknet nicknames and passwords so basically separating lives.


Comments


[2 Points] al_eberia:

This would be much better suited for /r/darknetmarketsnoobs


[1 Points] pscifi:

I can answer a few questions for you.

Localbitcoins does come with a markup. When you deposit cash at a bank for LBC, you are depositing into the bitcoin sellers account, not your own. Bank of America doesn't require you to show ID for that, but Chase does. Its up to the bank. The seller will tell you everything you need before you head to the bank. Personally, I use coincafe.com. Their fees are pretty low and they haven't screwed me yet. They're a registered business. The catch is you have to wait 24 hrs for your BTC to be released, or pay a higher fee to receive them the night of. You gotta hope you catch bitcoin on an upswing. They do require you to verify identity with the website though. But if you tumble your coins into your wallet before moving them onto a market, you should be anonymous.

Don't ship to your work, Just please don't do it. You don't want to get arrested at the office, and have everyone know about your habits, as well as lose your job. Ordering to a friend's house is fine, if they understand the risks, and if you understand that they might tell you "it never came bro". If you're worried about ordering to your residence you could buy a P.O. box.

Yes always always always use PGP. You wouldn't want to go through all that effort and then put your name and address out in cleartext like that. Shoot me a PM if you want to practice PGP. Last thing I learned about ordering online: Don't order on Friday... I've ordered on friday almost every damn time. The vendor might mark it shipped on friday, but that just means they dropped it off then. It doesn't actually go into transit until the next business day, fucking monday. That adds an extra two days into the shipping time that I didn't even consider. The delay thats not really a delay throws me off and I start getting paranoid and worrying, ready to burn down the house and move to belize.

/r/darknetmarketsnoobs can help you out more. I wish you luck!


[1 Points] badassmthrfkr:

The degree of complication is directly relative to the level of your paranoia. Personally, I feel safe enough with basic security. I don't tumble btc, I ship my shit to work and I definitely don't bounce off of a proxy (shit, tor is slow enough already). Maybe I'll eat my words in prison, but the amount of fuck that that they give for casual users is nil.


[1 Points] Theeconomist1:

Just to address one part of your post. On the Mac, I had a ton of trouble getting TAILS to boot from a USB. There are some tools you can download, rfEdit (or something like that) which lets you boot from USB. HOWEVER, it works easily off a bootable CD with a CD Drive as you noted but you can still use persistent volume. I use a Tails CD with a USB stick for the persistence and works fine. When you boot, Tails will ask you if you want to create one (if I remember correctly) and this works just fine. I'd much rather boot off USB but it works fine with CD and persistence.


[1 Points] None:

Also another factor that is not often mentioned is your passwords. Use different passwords for each and every one of your DNM-associated accounts. This significantly lowers the impact in case you get phished and all your coins stolen, which happens a lot these days