Security & OpSec Protocols

This document outlines the mandatory operational security standards for interacting with the Nexus Market Link network. Failure to adhere to these protocols may result in deanonymization or loss of funds.

Status: CRITICAL Updated: 2026-02-04

01. Identity Isolation

Your darknet identity must remain completely distinct from your clearweb identity. Cross-contamination of metadata is the primary vector for deanonymization.

Prohibited Actions

  • Never reuse usernames from Reddit, Discord, or Telegram.
  • Never reuse passwords from any other service.
  • Never discuss your market activity on social media.
  • Never upload photos containing EXIF data.

Recommended Actions

  • Create a new identity specific to Nexus Market.
  • Use a password manager (KeePassXC) strictly offline.
  • Compartmentalize vendor communications.
  • Utilize temporary, encrypted email services if required.

02. PGP Encryption

The Golden Rule: Client-Side Only

Never rely on "Auto-Encrypt" checkboxes provided by the market. If the server is compromised, your cleartext messages are readable by law enforcement. You must encrypt all sensitive data (shipping addresses, tracking numbers) on your own device before pasting it into the browser.

WORKFLOW: ENCRYPTING A MESSAGE GPG / KLEOPATRA
  1. Import the Vendor's Public Key into your PGP Keyring.
  2. Write your sensitive message in a text editor (Notepad/TextEdit).
  3. Copy the message to clipboard.
  4. Use GPG tool to "Encrypt" using the Vendor's key.
  5. Copy the resulting -----BEGIN PGP MESSAGE----- block.
  6. Paste ONLY the encrypted block into Nexus Market.

[!] IF YOU DO NOT ENCRYPT, YOU DO NOT HAVE SECURITY.

03. Verification & MITM Defense

Man-in-the-Middle (MITM) attacks are the most common threat. Attackers create clones of Nexus Market that look identical but steal your credentials and deposit addresses.

How to Verify a Nexus Onion Link

Nexus Market provides a cryptographically signed message at the login page or in the footer. You must verify this signature against the market's known public key.

1. Get the Signed Message

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This is Nexus Market.
Current onion: nexus...onion
Timestamp: 2026-02-04
-----BEGIN PGP SIGNATURE-----
...

2. Verify in Terminal/GPG

Copy the signed message to a file, then run:

gpg --verify nexus_message.txt

If output says "Good signature from Nexus Market", the link is safe. If it says "Bad signature", LEAVE IMMEDIATELY.

04. Browser Hardening

  • 01.
    Security Level: Safest

    Set Tor Browser security shield to "Safest". This disables JavaScript completely, preventing most browser-based exploits and IP leaks.

  • 02.
    Window Size

    Never resize the Tor Browser window repeatedly. Leave it at the default size or maximize it if letterboxing is enabled. Unique window dimensions create a unique fingerprint.

  • 03.
    Clean Sessions

    Restart the Tor Browser completely (New Identity) before logging into Nexus Market, especially if you have been browsing other sites.

05. Financial Hygiene

Protocol Violations

NEVER:

Send coins directly from an Exchange (Coinbase, Binance, Kraken) to Nexus Market. Exchanges use chain analysis and will freeze your account instantly.

NEVER:

Use Bitcoin (BTC) for sensitive transactions if Monero (XMR) is available. BTC is a public ledger and is easily traceable.

Correct Workflow

Purchase XMR on Exchange (KYC)
Transfer to Personal Wallet (GUI/Cake)
Transfer to Nexus Market