Operational Manual

Security & OpSec

Mandatory operational security protocols. Mistakes lead to irreversible loss of funds or total deanonymization. Read, understand, and implement these directives before initiating any network connection.

01. Identity Isolation

Total compartmentalization is the foundational rule of operational security. Your real-world identity must never intersect with your network presence.

  • Zero Reuse: Never use a username, password, or PIN that you have utilized on clearnet platforms, forums, or other applications.
  • Information Blackout: Under no circumstances should you provide personal contact information, identifiable speech patterns, or regional details to any entity on the network.
  • Dedicated Environment: Operations should ideally be conducted on an isolated operating system designed for amnesia (such as Tails OS) to prevent local forensic recovery.

02. Connection Integrity & Verification

The network is adversarial. Malicious entities routinely run proxy nodes designed to execute Man-in-the-Middle (MitM) attacks. These intercepting nodes capture credentials and manipulate deposit addresses.

Mandatory Verification Protocol:

  1. Import the official Nexus Market PGP public key to your local keychain.
  2. When connecting to any .onion address, locate the marketplace's PGP-signed mirror manifest.
  3. Download the cleartext signature and verify it locally against the official key.
  4. Only proceed if your local cryptographic software confirms a valid signature.

Do not trust URLs aggregated on random wikis, social media platforms, or unverified discussion boards. Cryptographic proof is the only acceptable metric of authenticity.

03. Tor Browser Hardening

The Tor Browser is pre-configured for privacy, but operational use requires stricter parameters to prevent tracking and exploitation.

  • Security Level Set the security slider strictly to "Safer" or "Safest". This disables dynamic features that can be weaponized.
  • Javascript Disable (NoScript) While Nexus operates without JS, ensure NoScript is globally active to defend against secondary exploitation.
  • Window Fingerprinting Never resize your Tor Browser window. Altering the geometry allows advanced correlation techniques to identify your display hardware footprint. Leave the window at its default launch dimension.

04. Financial Hygiene

Blockchain analysis is a sophisticated global industry. Careless transactional loops will result in severe exposure.

Never Route Directly from Exchanges

Do not transfer Bitcoin (BTC) or Litecoin (LTC) directly from centralized exchanges (e.g., Coinbase, Binance, Kraken) to network nodes. These accounts are KYC-linked directly to your biological identity.

The Buffer Protocol: Funds must transit through a personal, unhosted intermediary wallet (such as Electrum).

Asset Preference: The usage of Monero (XMR) is strongly advised over legacy transparent ledgers. Monero's ring signatures, stealth addresses, and confidential transactions provide baseline fungibility and severely degrade external chain analysis.

05. PGP Encryption
(The Golden Rule)

"If you don't encrypt, you don't care."

Pretty Good Privacy (PGP) is the only barrier standing between your physical security and network compromise. Server seizures occur; databases are decrypted. If your data is in cleartext, you are compromised.

Client-Side Enforcement

Sensitive logistics, instructions, and routing data must be encrypted client-side—on your own physical machine—before they are ever pasted into a web browser.

Never utilize "Auto-Encrypt" checkboxes.

Delegating encryption to the server implies a fundamental misunderstanding of cryptography. If the server is compromised, it logs the cleartext input before encrypting it.

Standard Encryption Flow:

  1. Import the recipient's public key to your local software (e.g., Kleopatra, GPG).
  2. Draft your sensitive data in an offline text editor.
  3. Encrypt the text block locally using the recipient's key.
  4. Copy the resulting -----BEGIN PGP MESSAGE----- block.
  5. Paste strictly the encrypted cipher-block into the network interface.