The Illustrated, 100% Idiot-Proof, Step-by-Step, Hand-holding Guide to Using PGP On Every Major OS

Everyone knows that PGP encryption is necessary for staying safe on Dark Net Markets. It's the only way to protect yourself from everything from jackboot 3-letter organizations to malicious exit nodes. But some people still don't use it.

We hope this guide puts an end to that problem. Included is a 36-page, completely original (except for 1 page and a couple pictures) step-by-step guide to using PGP on Windows, Mac and Linux. We believe that if this guide is publicly available more people will stay safe. So that's why we're giving it away for free here.

But we also put a lot of work into it. So any amount you can donate is appreciated and will help us make any updates that may become necessary along the way. We included the Bitcoin address you can make donations to in the book but we'll put it here as well: 1Bik3o59LhafpM1SJK8vQUuLk3MqqsX8rB

You will need the tor browser to access the link here.

UPDATE: We just updated the book with some correct information. But It looks like our old file host infotomb is down now, so the link will take you to a file hosting site called sendspace. It's not ideal, since sendspace may require javascript to run properly, but it will have to work for now. And who has heard of anyone getting in trouble for downloading a freakin book anyway?

Finally, we'd like to ask people to MESSAGE US IMMEDIATELY if the link stops working so we can post it somewhere else. We're not on reddit a lot but rest assure that we check our messages every time we do get on.

Stay safe!

EDIT: /u/CatLover99 brought up a good point about passphrases: you should never use a sentence found in lyrics, books, pop culture etc. So don't use for example Einstein's quote ""You have to learn the rules of the game. And then you have to play better than anyone else." However, this next play on that quote would be a very good passphrase choice: "U have 2 lern the rules of the gayme. & then U have 2 play bedder than any1 else."

Change some words to numbers. Even better, misspell some words. Make it long. But above all take xkcd's advice and make sure it's memorable. A misremembered passphrase is as useless to you as no password at all.


Comments


[22 Points] IGetDankShit:

Don't forget to post this on /r/DarkNetMarketsNoobs too!


[11 Points] None:

but y download gpg if a website can do it 4 me


[9 Points] None:

Honestly if you can't figure out PGP you probably shouldn't be using the markets. Good post, and I hope this helps some people but I STILL see people using privnote and things just because they're too lazy to learn PGP. Same with multi sig, learn it, use it.


[8 Points] CatLover99:

https://infotomb.com/oklpr clear net link

Seems pretty dense/extraneous information for an "%100 idiot proof guide"

Also not a fan of the narrow scope the use of pgp is given in this write up. A generalized tutorial should be standard practice when writing about opsec as it obscures intended use of the technology.

After a quick glance there are some specific issues with the write up. I'll point out the concept of using a "Passphrase", particularly the author's mention of using a sentence. This is generally terrible practice and completely undermines any attempt to increase security. The author should (I would even say must) mention to never use a 'sentence' that can be found in literature (this includes lyrics, poems, etc). Using a sentence that can be found in a textual resource is incredibly easy to brute force

(see brain wallet brute forcing: A quote by Einstein for example could be "You have to learn the rules of the game. And then you have to play better than anyone else." which lo and behold, when used a passphrase for a brainwallet, is the private key for this address https://blockchain.info/address/12FbeY2Uf4PJ4x3vx2AX6gfh3Y6pPYAkmW and my personal favorite example: http://www.reddit.com/r/Bitcoin/comments/2955z7/who_the_fuck_sent_108_btc_to_the_correct_horse/)


[2 Points] sullyrb:

if on OS X follow this guide http://notes.jerzygangi.com/the-best-pgp-tutorial-for-mac-os-x-ever/


[2 Points] lickcunt2:

You know what good shit I didn't read it but good shit if this helps because when I first started the best guide is for windows the guide isn't as good for Mac but I'm also an idiot when it comes to shit like this


[2 Points] DNMShopper:

Finally now I can encrypt Bailey J and I's convos. I was extreamly worried LE would catch on to me for seducing an online goddess. Ty OP


[1 Points] Flyguy55:

GIVE THIS MAN AN AWARD GODDAMNIT


[1 Points] youtakesally:

The link doesn't work for me..

BTW, does it tell how to verify software with its signature? I always get lost with that.


[1 Points] al_eberia:

Your explanation for why vendors should require PGP is totally wrong. Every market listed on this sub is hosted on a hidden service, so there is no exit node. All traffic to a hidden service is encrypted with the public key of the service, from which the .onion domain is generated. Tor takes whatever .onion you request and gets the matching public key from the distributed hash table. Man in the middling the connection is impossible unless you phish someone and give them a totally different .onion address.

What you should mention is that when the FBI located SR1 and SR2 they imaged the server and watched it for months, recording everything, including the addresses of anyone who didn't encrypt. There is also the possibility that a unaffiliated hacker or the market staff might record plaintext addresses for blackmail.


[1 Points] bloatedjam:

Dnm newbie here so sorry if this sounds dumb, but shouldn't you be using pgp on tails?


[1 Points] omega015:

thank you for your help


[1 Points] choleropteryx:

Thank you for doing this! However, i think that putting it

a) in PDF format b) on a site that requires Javascript

kind of defeats the purpose. Can you just turn them into .pngs and host them like that?


[0 Points] EDibst:

Lol, "idiot-proof" is essential


[-2 Points] 1percentof1:

the funny thing is PGP won't save you.