Documentation Level: Critical

Operational Security Guide

Mandatory protocols for safe analysis and navigation of the WeTheNorth Market architecture. Strict adherence to these rules prevents exposure, compromise, and unrecoverable loss.

1

Identity Isolation

The absolute foundation of operational security is the strict separation of your real-life identity from your Tor persona. Cross-contamination is the leading cause of deanonymization.

  • X Never mix identities: Do not use usernames, handles, or passwords that you have ever used on the clearnet (Reddit, Twitter, gaming accounts).
  • X No personal contact data: Never provide real email addresses, phone numbers, or social media links to any counterparty.
  • Compartmentalize: Create a unique, randomly generated username specifically for the WeTheNorth framework. Keep this identity contained entirely within the Tor environment.
2

Verification & MitM Defense

Man-in-the-Middle (MitM) attacks are prevalent. Malicious actors clone market interfaces to intercept credentials and divert financial deposits. Relying on unverified sources results in total loss.

Mandatory: Verifying the PGP signature of the provided onion link against the known official public key is the ONLY cryptographic method to ensure you are connecting to genuine infrastructure.

Do not trust URLs distributed via random wikis, clearnet forums, Reddit, or unsolicited messages. Always verify the signature of the mirror list.

Verified Reference Node

PGP Signed Node
3

Tor Browser Hardening

The default configuration of the Tor browser requires modification to prevent advanced fingerprinting and malicious script execution.

  • Security Slider
    Navigate to Settings > Privacy & Security. Change the Security Level to "Safer" or "Safest".
  • Script Disabling
    Utilize the built-in NoScript extension to block all JavaScript globally. Only allow scripts if technically forced by CAPTCHA, and even then, limit scope.
  • Window Fingerprinting
    Never maximize or resize the Tor Browser window. It must remain at its default launch dimensions to prevent screen-resolution tracking.
Environment Secured
4

Financial Hygiene

Blockchain ledgers are public and immutable. Poor transaction flows will permanently link your verified identity (KYC) to hidden service interactions.

The Intermediary Rule

Never send cryptocurrency directly from a centralized exchange (e.g., Coinbase, Binance, Kraken) to the market wallet. Always route funds through a self-custodied intermediary wallet (like Electrum or official GUI wallets) installed locally on your machine.

  • Monero (XMR) Recommended
  • Utilizes ring signatures, stealth addresses, and confidential transactions to obscure sender, receiver, and amount. The definitive standard for financial opacity.
  • Bitcoin (BTC) High Risk
  • Transparent ledger. Coins can be tracked via chain analysis. If use is mandatory, coins must be thoroughly tumbling/mixed via independent protocols prior to deposit.
5

PGP Encryption (The Golden Rule)

"If you don't encrypt, you don't care."

Pretty Good Privacy (PGP) is non-negotiable. It ensures that only the intended recipient holding the private key can read your message. If server infrastructure is ever compromised, unencrypted plain-text messages expose all participants instantly.

Server-Side (Unsafe)

  • Checking the "Auto-Encrypt" box on the website.
  • Trusting the server to encrypt your address.
  • Leaves plain-text logs in the server's memory.
  • Never do this.

Client-Side (Mandatory)

  • Encrypting on your own offline machine (Kleopatra/GnuPG).
  • Pasting an already scrambled PGP block into the website.
  • Even if the server is logging, they only see gibberish.
  • The only secure method.

Always import the vendor's public PGP key into your local software. Highlight your shipping data, encrypt it utilizing their specific public key, and only paste the resulting -----BEGIN PGP MESSAGE----- block into the browser. Enable 2FA (Two-Factor Authentication) on your market account utilizing PGP decryption challenges.