So, you want to be a darknet drug lord…

I had been wondering whatever happened to the original Doxbin onion site. It was a popular Dox TOR hidden service. It was ran by a person named nachash.

Apparently it was one of many sites seized during Operation Onymous, a multinational police initiative, in November 2014.

More on DOX and DOXing some other time. While looking all of this up, I stumbled upon an old document written by nachas. The original link is down already (seized) but it exists in a lot of places. One of which is pastebin:

https://pastebin.com/GrV3uYh5

Even if it was written 4 years ago, it’s still an good read . A lot of it focuses on maintaining your anonymity. I honestly don’t know enough about this topic to say that if all of it is sound or not but I think it’s worth checking out.

Some interesting excerpts are:

  1. Before you even think about installing bitwasp and tor, you need to really understand how tor works.
  2. Once you’ve gotten hidden services working for http and ssh, you’re going to take the first baby step towards evading casual discovery: Bind your hidden services to localhost and restart them.
  3. Transparently proxy your tor computer.
  4. Do everything you can to ensure that the application code you use to power your hidden service isn’t made of Swiss cheese and used bandaids.
  5. You will only connect to your production box via a hidden service.
  6. You need to automate the process of both setting up your hidden service and of destroying it.
  7. Always select either UTC or a time zone that doesn’t match the box’s location.
  8. Intentionally take your service offline periodically in order to mess up attempts to match your downtime with public information.
  9. One thing you have to consider is whether you want to run your hidden service as a relay or not.
  10. Do not contaminate your regular identity with your Onion Land identity.
  11. Don’t log any communications, ever. If you get busted and have logs of conversations
  12. Disinformation is critical to your continued freedom.
  13. Ensure that your communications and data are encrypted in transit and at rest whenever applicable.
  14. Use fake info when signing up for hosting services.

There’s a lot more information there. I just pulled out what was interesting to me or honestly, what I can understand.

Again, we do not condone any of the sites, services or articles featured in this article. This was done for research purposes only.