Hey /r/DNMs!
I've been operating since SR1 in 2011. I've been operating freely since then, and I feel I have a somewhat secure setup for vending. This post is specifically for vendors, buyers will not need this level of security or planning.
Your handle
The longest I have kept a single handle is 6 months. The long-standing, large players are always the first targets of LE. The benefit of Tor is you CAN create a new identity! If you were able to delete or disown yourself from your past mistakes, wouldn't you? This is firstly about minimizing impact of being caught. Why get sentenced for 4 years worth of breaking the law, when it could just be a couple of months?
I have actually discussed the above with other vendors, and some have admitted to pulling their BTC out and burning the handle in the past. I personally have not scammed my customers. You don't bite the hand that feeds, and I make plenty enough money as it is. However greed is something we'll never get rid of in this market, and is present in any aspect of life.
The less people, the better
Next, I operate entirely on my own. In terms of sourcing, I have only had to contact my suppliers twice in the past year (to increase shipment sizes). We have a system which includes a "warrant canary"-type scenario, where if they do not act on something within a time-frame, I know something has gone wrong on their end.
I implemented this system with my suppliers more than 2 years ago and have not had a false positive since. Plan ahead. There's millions of dollars invested in catching you each year.
Your office
I have a semi-legitimate business in IT. I have my own office and warehouse. This not only allows me to separate vending from personal at even a physical level, but also allows for me to have shipping/packaging equipment and all of the large-scale vending necessities without raising suspicion.
My office environment includes 24-hour live surveillance and alarms which I've installed myself. There are motion sensors on the inside that notify me when there is movement in the office when I am not present. The majority of the camera's and sensor's aren't visible from outside, just enough to detract burglars.
Your computers and network
My network and computer setup includes:
- A router which routes all traffic through a VPN which I have setup myself in a separate physical location. This address has no link to me aside from sending me video of the server room, and notifying me if any movement occurs around my server. If someone touches my server, I know I need to burn everything.
- A mini computer (like an ODROID) which has Whonix installed. This is so my IP/personal location can never be gathered from my main work station via exploitation or of my own accord.
- My main work station of course has all the bells and whistles of modern OpSec encryption, there are plenty of guides for that. However an additional level I have on top of that, is a dead man's switch. I have a small RFID device attached to my wristwatch. If I walk away from my terminal, the work station closes all applications, nulls the memory and shuts down. You will find with Ulbricht being arrested they had to catch him logged into the DNM. Now if I am pulled away from my desk, or even step back - everything is covered. (Be sure to goto the toilet before you start.)
Other thoughts
There are many pro's and con's of having a separate place for packing and shipping your products, and conducting your DNM business on the computer (taking orders, responding to queries, etc).
My entire IT setup is pretty water-tight. However having product on-premises can be somewhat risky. It's always a good idea to have the minimum amount of product at your regular place of packaging. Separate the bulk of your product from your day-to-day requirements. You may want to even go to a level of splitting month, with week, with day product-requirements in separate locations.
Why share this?
I've been extremely lucky. I started off with a decent amount of capital and happened to already have a reliable supplier who I've continued to do business with since starting. I started vending for the money and it has been more lucrative than I thought possible.
However I am now at a point in my life where I can retire, raise a family and do what I like. So I plan to close-up shop and cash out my remaining BTC in the next few months and work on my own projects. Vending isn't an enjoyable life, I work a monotonous 9-5 40-hour week like everyone else. My advice to vendors is to set your limit and quit once you reach it.
Finally, tell no one what you do. Have a good cover for your business. I do occasionally do legitimate work which is obtained by word-of-mouth. You can't avoid that without raising suspicion. I have been in a relationship for 3 years and I wouldn't dare put the responsibility of knowing what I do on my SO, or my family, or my friends.
Good luck, be safe.
Very interesting to read. There is such a allure to being a vendor but I feel a lot of it is just romanticized in my head haha. Glad you had a good run man, and even more glad to hear your getting out safe and sound.