Facebook
From Mungo Matamata, 3 Years ago, written in Plain Text.
Embed
Download Paste or View Raw
Hits: 66
  1. *V0.1.0*
  2.  
  3. # Dark Web and You
  4. So there is a simple way to access, browse and purchase stuff on the dark web. It's not complicated. But if you value your safety and security you should never do it that way.
  5.  
  6. But let's just review the no-no way for fun:
  7. - Buy BTC and have it
  8. - Download TOR Browser on your computer
  9. - Open dark.fail on your TOR browser
  10. - Find the market you want (Right now I like The Versus Project)
  11. - Create an account on the market
  12. - Find what you like
  13. - Purchase product
  14.   - Put your shipping address in the 'comments to vendor'
  15.   - Market generating a bitcoin wallet address for the purchase
  16.     - Some markets have a side-account you need to transfer into prior
  17.   - Send BTC to address
  18.   - After 5-20 mins the market will show confirmed
  19. - Wait for your goodies (domestic packages have ranged from one week to two, one came as early as 4 days)
  20.  
  21. Don't ever do this
  22.  
  23. ## They are out to get you
  24. It's pretty easy to follow but there are so many ways you can get fucked by doing this. And you have to recognized that you can get fucked from two different directions. From the 'law enforcement' (LE) and from scammers.
  25.  
  26. ### Law Enforcement
  27. The 'law enforcement' (LE) do not care about personal-use purchases. They will only lift a finger if you do something so stupid that you make it easy for them. This turns on it's head if you start pulling in intent-to-distribute numbers (but this guide assumes that's not the case).
  28.  
  29. ### Scammers
  30. The scammers just want your money. Due to the nature of the DW and the amount of money flowing through the markets the level of sophistication is way higher than you might expect. They are not only way more sophisticated than law enforcement, they are agile-tech-company-morning-standup-sprint-board sophisticated. The most likely 'attack vector' is either steal your bitcoin by using phishing sites or by hitting you with ransom-ware.
  31.  
  32. ## What can go wrong?
  33. So what is wrong with using the simple steps we noted above?
  34.  
  35. ### 1. Browsing onion links on your personal OS
  36. Tor only makes sure that no outside parties can see whom you are connecting to and what is being sent or received. But it's still an onion site. Just because no one can see or know that you are making out with a stranger does not mean that it's safe.You need a condom between you and the darkweb sites. This is mostly about scammer and less about authorities.
  37.  
  38. The solution is "sandboxing" your activity to these sites through a virtual machine. 'Tails' is universally known to be the best OS to browse the dark web from. It's built from the ground up to route all network traffic (not just web traffic) through the TOR network. It's also amnesic, meaning that nothing that you do with it persists on your computer.  By default, everything is wiped when you turn it off. Nothing you did ever happened. And nothing you accidentally downloaded can continue to track you.
  39.  
  40. ### 2.   Transferring your coin directly into a marketplace or vendor account.
  41. This is 100% about LE. It's the only really stupid thing you can do to signal to the authorities "Hi, I'm going to order some illegal drugs right now". Today, the only practical way you can purchase a cryptocurrency with fiat currency is through a regulated exchange. These exchanges require verified ID in order to permit people to purchase coin for dollars. So all transaction from your account are basically known to all law enforcement.
  42.  
  43. The good news is, after one hop, law enforcement is basically blind to anything going on in the crypto space. All you need to do is have another wallet that you control that does not have your name on it. And that is easy to get.
  44.  
  45. We will be covering how to manage your crypto currency later in the guide.
  46.  
  47. ### 3. Not using PGP to send your address to the vendor
  48. This is another law enforcement measure. At the end of the day you still need to send your real address to a real person who will then use it to send you drugs. It's the marketplace that should be blind to who you are. If they get seized, you do not want your name and address in clear text in their data centers. Sure they have their own encryption but LE might find their keys as well.
  49.  
  50. The markets have that all figured out. Each vendor publishes a public key on their profile in the market place. You encrypt any sensitive messages to them with their key. That's it, no one else but the vendor knows who you are. The marketplace doesn't know, it's just sending over some hashed message.
  51.  
  52. We will break this down later in the guide.
  53.  
  54. ### 4. Not using PGP two-factor authentication to login to the marketplace
  55. This is a scammer prevention measure. At this point, phishing has become omnipresent. Every single marketplace worth looking at will offer the user the ability to add a PGP two-factor authentication and you should set it up before you ever think about transferring any money to (or through) the marketplace.
  56.  
  57. It's the only way to guarantee that the marketplace you signed up for is the same marketplace you are now transferring money to the next day. When you sign up for an account, you add your personal public key to your account settings. Now when you login, they will send YOU an encrypted message using the public key that you provided, and you need to decrypt it and paste the message into the input. This verifies that you both are whom you say you are.
  58.  
  59. ## How to protect yourself
  60. So all that said, it's not soo much extra work. Here is the new high-level process:
  61.  
  62. - Buy BTC from an exchange
  63. - Transfer that to an anonymous wallet
  64. - One time setup
  65.   - Download VirtualBox
  66.   - Download Tails
  67.   - Setup Tails to load inside VirtualBox
  68. - Open TOR inside Tails
  69. - Open dark.fail on your TOR browser
  70. - Find the market you want
  71. - Create an account on the market
  72. - Generate a PGP key-pair and save that somewhere safe
  73. - Add your public key to your market account for safety
  74. - Find what you like
  75. - Copy vendors public PGP key and save it somewhere safe
  76. - Purchase product
  77.   - Write down your name and address on a notepad and copy it
  78.   - Open your PGP utility app (there is one in Tails) and "encrypt the clipboard" by selecting the vendors public key
  79.   - paste that encrypted address in the 'comments to the vendor'
  80.   - The market generates a bitcoin wallet address for the purchase
  81.     - Some markets have a side-account you need to transfer into prior
  82.   - Send BTC from your anonymous wallet to address
  83.   - After 5-20 mins the market will show confirmed
  84. - Wait for your goodies (domestic packages have ranged from one week to two, one came as early as 4 days)
  85.  
  86.  
  87. # Knowledge you need (will learn) to access the DW
  88. - How to handle cryptocurrency (buy and transfer) and understand obfuscation methods like 'mixing'
  89. - Practical understanding and use of cryptography
  90. - How to really, truly, actually anonymize yourself online using TOR and Tails
  91. - Why the DW markets are THE BEST, and also why they suck
  92. - Also, some practical hygiene when purchasing, receiving product.
  93.  
  94. # Setting up your Dark Web command center
  95. The pattern we will use when conducting activity on the DW is shutting down your personal computer and then booting it back up with a USB stick that has `Tails` installed. This separates your personal activity from your DW activity at a near-hardward level and as far as your are concerned those are occurring in separate universes.
  96.  
  97. ## Installing Tails into a bootable usb stick
  98.  
  99. Navigate to https://tails.boum.org/install/index.en.html and choose the OS you will be installing from.
  100.  
  101. ![Get Tails Page](https://i.imgur.com/VsKSSH6.png)
  102.  
  103. From here select "Install from [Your selected OS]" button
  104.  
  105. ![OS Page](https://i.imgur.com/anzfFjn.png)
  106.  
  107. You will they have a handy outline for the process you will take to get this setup. Just click "Let's go"
  108.  
  109. ![High level walkthrough](https://i.imgur.com/gGCsAbo.png)
  110.  
  111. From here you want to download Tails. It will be around 1gb `.img` file.
  112.  
  113. [Download](https://i.imgur.com/6KeFrga.png)
  114.  
  115. Once the download finishes you can be extra secure and to a verification process or you can just skip that like I did.
  116.  
  117. [Skip it!](https://i.imgur.com/Uejk4Dd.png)
  118.  
  119. The next steps are start varying from machine to machine but the Tails website does a great job of guiding you through the process.
  120.  
  121. - [Windows instructions](https://tails.boum.org/install/win/usb/index.en.html)
  122. - [Mac instructions](https://tails.boum.org/install/mac/usb/index.en.html)
  123.  
  124. The guides are quite friendly but I want to reiterate the high-level steps here for reassurance.
  125.  
  126. - You will download an app called Etcher and use it to flash your USB with the .img file you just downloaded
  127. - You will open that same page on a smart phone, tablet or another device so you can keep it handy
  128. - You will find your "boot menu" key for your device (for example holding the 'Option' key during boot on a Mac device will open up OS X's Startup Manager)
  129. - You will shutdown your computer and then turn it on using your "boot menu" key
  130.   - Alternativly Mac and Windows both have ways you can do an "Advance Startup" where you can tell it to restart and boot from a device explicitly
  131. - Load up Tails on your computer!
  132.  
  133. These guides will be the most helpful and up-to-date. They also include a lot of troubleshooting infomation in case you get stuck with this.
  134.  
  135. ### Just click Start Tails
  136. [Tails start up](https://i.imgur.com/fNZEUP1.png)
  137.  
  138. This is enough to at least open up the TOR browser from Tails. Just click `Applications` -> `Favorites` -> `Tor Browser`.
  139.  
  140. [Tor Browser](https://i.imgur.com/IfD2dms.png)
  141.  
  142. At this point, anything you do will be completely anonymous and untracable and all artifacts of your DW activity will be wiped clean as soon as you turn off your computer.
  143.  
  144. You're still not properly setup to actually purchase anything from a market but you can browse them safely.
  145.  
  146. # Where to browse
  147.  
  148. ## First, a few terms
  149. Clear Net/Web: Used to refer to normal websites (reddit, facebook, etc).
  150.  
  151. Onion URLs: These are urls with a `.onion` TLD. These are the web addresses that only TOR browsers can navigate to. Any website that can only be reached through these urls is considered part of the Dark Web. Many sites have both a clear net url and an onion url and so they are still considered a clear net public website.
  152.  
  153. DDos Attack: Distributed denial of service attack. When someone uses a swarm of bots to relentlessly request a pages from a web server faster than it can process them, causeing the server to crash so no one else can use it.
  154.  
  155. ## Setting Expectations
  156. Most popular dark web marketplaces are constantly being DDos attacked. It's unclear exactly who is doing this or why. It could be law enforcement from around the world or other groups. This is just the reality of the DW and so you will need to expect stability issues going into it. If a site is down or starts throwing errors don't worry. Patiance is going to be key as the issue may last for hours, days, and sometimes weeks. As we will see, there are ways to navigate this.
  157.  
  158. TOR is not a quick way to browse the web. You will find that websites are going to be much slower to load, escpecially when routed via an onion link. The TOR networking protocal is optomized for anonymity, not speed. I doubt most people will decided to use TOR for all there personal online activity.
  159.  
  160. Darknet websites are basic, simple, and not very appealing to look at. They do not enjoy the benifits of a design or brand team. They will often not use any javascript so I would not expect any elegent user interface or animations (some will not require that you turn javascript off before letting you enter the site). If you think these sites look shady it's because 'duh'. You will need a different set of crieria for evaluate the 'trustworthyness' of a darknet website or service.
  161.  
  162. ## Opening up the browser
  163. When you boot up Tails it will notify you of a few things up top, one of which will indicate the TOR is ready to use. If you're not sure, you can open the browser anyway and it will tell you if it's not ready. If not, close it and wait.
  164.  
  165. The top left corner of the screen will have a menu of applications. You will find the TOR Browser listed there. Just click to launch it.
  166.  
  167. ## Our first destination
  168. Open up the TOR browser and type 'dark.fail' into the url bar and hit enter
  169.  
  170. ![dark.fail](https://i.imgur.com/V0OJpW7.png)
  171.  
  172. 'dark.fail' is a site accessible on the clear net that links out to popular DW destinations such as Marketplaces. They are established authority within the DW commuity for indexing only verified onion urls for these named destinations.
  173.  
  174. When landing there you will see the name of each site and a list of onion urls you can use to reach them. Since many of these sites are on a near constant DDOS attack, dark.fail will routinely check the status of each one and try to only show ones that are working.
  175.  
  176. So for both security and for navigating marketplace stability issues it's good practice to always start your DW session here and navigate to where you want to go.
  177.  
  178. Take a look at the list of sites that are available. There will be a variety of marketplaces there. At the time of this writting the "Empire Market" seems to be the most popular among the dark web community and so also will have the highest level of instability as it recieves most of the DDoS attention.
  179.  
  180. I would recomend that you take a look at the DW community forum called 'Dredd'. This is considered the "Reddit of the dark web" but do not let that set your expectations too high. Dredd is a simple forum website with sub-topics. 99% of the Dredd activity is people complaining about marketplaces and vendors but it is a good way to get a sense of what's going on. Do not trust anyone on there. Assume any link posted is a scam, however you can browse to your hearts content since we are using Tails. Sometimes its just nice to know that a marketplace is down for others and not just you.
  181.  
  182. ## Accessing a darknet destination
  183. I wont be to picky about the first site you should visit because who knows which one will be available at the moment. For now lets see browser which ever one we can find that is working.
  184.  
  185. Pick a site from the list and copy the onion link for it. Open up a new tab in your TOR browser and paste the onion link into the URL bar and press enter.
  186.  
  187. Did something load? If not, this site might be down from a DDoS attack. Try go back to the dark.fail tab and see if there is another onion link for that site and try again. If you have tried a bunch and they are all not working then lets move on to another site and come back to this one later. Chances are it will be back up in a few hours.
  188.  
  189. ### Captchas
  190. If something does load I'm sure it will be Captcha landing page. The primary way that DW sites resist DDoS attacks is using these Captcha's to prevent bots from accessing more resource intensive services. This is why its the first thing you are going to see as the captcha gates the rest of of the site.
  191.  
  192. You should be familar with Captchas as most sites use same tools and place a 'I'm not a robot' at the end of a form submission. Sometimes you might get asked to pick out all the photo's that contain a bus from a list.
  193.  
  194. These Captchas are not like any I have seen on the clear net. They can often be elaborate and have mutiple stages. So expect some light puzzle-solving before being able to actually browse the dark net site.
  195.  
  196.  
  197. ### Creating User accounts
  198. For non-marketplace DW sites like Dredd they will allow you to browse the content before creating a user account. But most marketplaces will not show any of their listings without a User account created. This process will not be too different from what you might expect. Your are going to typically enter a Username and Password.
  199.  
  200. Don't worry about providing personal information. For one, we are just going to create a throwaway account for now. All we want to do is browse listing for now. We will create our actual account and secure it in another section. The other reason you shouldn't worry is that legitimate DW marketplaces do not want your personal information. They will never ask for PII or contact information like phone or email. If you stumble upon any site on the DW that requires some PII it's probably a scam of some sort.
  201.  
  202. For now, create an account where you fully expect to never log into it again.
  203.  
  204.  
  205. ## Browsing the dark web marketplace
  206. If all goes well you should see a market place store front, complete with a list of products and product categories, etc. All dark web maretplaces will look like an eCommerce site from the late 90's. No frills, all business. However as you begin using there sites you will see some surprisingly modern and/or foreign features. Here is a quick scavenger hunt to check off to help you gain familiarity:
  207.  
  208. - How can you search for a product? Marketplaces will have a different set of search features. Some are really basic and require some manual digging to find what you want and others offer a vareity of filters to find what you need.
  209.  
  210. - How can you see who is selling the product? Everything supplied by on a marketplace is provided by a 'Vendor'. As you might have guessed, this is not Amazon. The marketplace does not provide any product itself. It is a mere plaftorm for sellers to connect with buyers.
  211.  
  212. - How can you see all the customer feedback left for the Vendor? This isn't Amazon, but like Amazon you can leave feedback on the sellers. Are these real? Mostly yes. Though there is technically nothing stopping a seller from making 100's of customer accounts and try to inflate their score, good marketplaces do a pretty good job of making that very manual and tedious to do. In my experience if a Vendor has a lot of feedback over time then you can feel pretty good about them.
  213.  
  214. - How can you see how the Vendor's rank against eachother? Different marketplaces may have different ways of ranking vendors. This could be merley through feedback sentiment, a vendor ranking, number of completed sales, dispute statistics, etc.
  215.  
  216. - How can you manage your profile/account?
  217.  
  218. - Where would you go to see any messages that would be send to you from the vendor or marketplace staff?
  219.  
  220. - How would you transfer cypto currency into your marketplace account? I'll cover this in more detail later but many marketplaces offer an 'escrow' service. This will require you to transfer crypto currency into a wallet that is created for you marketplace user account but is controlled by the marketplace itself. You will make your purchases from this account vs sending coins directly to the vendor.
  221.  
  222. ## Leaving the dark web
  223. Once your satisfied just power down your computer and remove the Tails USB stick. You can now power your computer back up and rest assurded that no trace of any of your dark web activity has left a trace on your machine. Good work!
  224.  
  225. # Before we move on
  226. Lets take a second to appreciate what we have learned so far.
  227. - We now have access to, and a basic impression of, the tools needed to access and browse onion sites.
  228. - We have a personal bootable Tails USB drive which we can use at any time on any computer
  229. - We can conduct any online activity securley and ananomously through TOR (baring you don't do anything stupid)
  230. - We can rest assure that no trace of our activity will remain on either the computer or the Tails stick when we are done
  231. - We have had the chance to see that the "Dark Web" is not such a scary place
  232.  
  233. For many people this alone will satisfy their curiosity and they will walk away with valuable new skills and rare insight into a place behind the headlines. With nothing else you can continue to poke around at no risk as you have protected yourself from scammers and aren't doing anything illegal.
  234.  
  235. ## Going forward
  236. The rest of this guide assumes you want to buy something from a dark web marketplace. Each step we take will help midigate the risks that come with participating in a black market. The following sections include reasonable steps that are appropriote for indeviduals puchasing controlled substances for personal consumption. These are activities too under-the-radar for law enforcement to pay much attention too and the money at stake is too small to grab the attention of scamming organizaions. But participation will carry risks no matter what. I will try to help you understand and size up those risks so you can make appropriote decisions for youself.
  237.  
  238. But keep in mind that each step also brings new skills and insights that are worth having in their own right. The skills you will learn are the same skills used by journalist to protect sensitive sources. They are the same skills used by resistance groups trying to communicate under the weight of authortarian governments.
  239.  
  240. Whether you are following along out of curiosity or business I hope to take your time with each step.
  241.  
  242. # Prepping Tails for business
  243. Before we get down to business we are going to need to configure Tails a bit more. As much as I have made about Tails being 'amnesiac,' or wiping all trace of activity on shut-down, for practical reasons we are going to peal that back a bit. We will be dealing with cryptographic keys that you can't just write down on a post-it note. You are going to want to store persistant information on your Tails drive. This will be used for:
  244. - Software settings
  245. - Encryption keys
  246. - Personal files
  247.  
  248. 1. Boot into Tails as you did before.
  249. 2. Navigate to Applications ▸ Tails ▸ Configure persistent volume.
  250.  
  251. I recomend you only pick the options you know you will need.
  252. - Personal Data: Yes! Allows you to store files on the drive. I find this is handy as I like to write notes about my activity.
  253. - Browser Bookmarks: Hasn't been useful since the process of accessing popular marketplaces requires to rediscover a working onion url
  254. - Bitcoin Client: This guide is not covering managing a bitcoin wallet with Tails but you can enable this if you plan on needing more advanced crypto currency management
  255. - Pidgin: Yes! We will cover why later.
  256.  
  257. Network Connections, Additional Software, Printers, Thunderbird, SSH Client, Dotfiles can all be ignored
  258.  
  259. 3. Create a password for the storage volume and click create
  260.  
  261. From now on each time you boot up tails you will need to decide if you need to use your persistant storage and enter the password to unlock it. If you don't need the saved data for that session then you can use Tails without it.
  262.  
  263. 4. Restart your Tails session with the Volume unlocked
  264.  
  265. ### Followup Reading
  266. - [Encypted Persistent Storage](https://tails.boum.org/doc/first_steps/persistence/index.en.html)
  267.  
  268. # Setting up a usable marketplace account
  269.  
  270. Now that we have the basics out of the way we can secure the accounts we create on the marketplaces. Let's do this now.
  271. - Navigate to the dark web marketplace of your choice using the methods we discussed earlier
  272. - Get through the DDoS captcha gate
  273. - Click to register a new account
  274.  
  275. We will use the Empire marketplace as an example but expect this to work in a similar way for other marketplaces
  276. ![registration](https://i.imgur.com/r7pd0zN.png)
  277.  
  278. We are going to want to with _good_ credentials. This means a username that does not relate to your identity and a strong password.
  279.  
  280. *Where should I save my credentials?*
  281.  
  282. There is a password manager pre-installed on Tails called KeePassXC (Applications ▸ Accessories ▸ KeePassXC)
  283.  
  284. ![keepassxc](https://i.imgur.com/KXNqkEZ.png)
  285.  
  286. Tip: It also has has a handy password generator! Don't be lazy, keep your space tight and organized.
  287.  
  288.  
  289. ## Setting up PGP Two Factor Authentication
  290. A PGP Two Factor is similar to the SMS codes we sometimes get to verify our identities with normal clearnet websites. However as we mentioned near the beginning of this guide, one of the primary ways people get scammed is that they get phished by a fake version of the marketplace. With a PGP two-factor, no only does this ensure the marketplace know you are you in case your password is compromised but it also ensures you are logging into the right marketplace.
  291.  
  292. Before you ever send any cryptocurrency through to the marketplace you need to set this up. Any worthwile marketplace that handles transactions of any kind is going to support this.  
  293.  
  294. ### Creating your key
  295. You are going to need to generate a new PGP Key Pair, which you can do right from Tails. I will explain more about these keys in just a bit. For now lets set this up.
  296.  
  297. 1. Click on the clip board icon in the top left hand side of the screen (get familar with icon as we will need it for every session)
  298. 2. For now we will click Manage Keys to open up the Tails keys app
  299. ![Manage keys](https://i.imgur.com/bLQsVmK.png)
  300.  
  301. 3. Click the `+` icon
  302. 4. Select "PGP Key" and click 'Continue'
  303. ![create pgp key](https://i.imgur.com/QQtQgct.png)
  304.  
  305.  
  306. 5. Under full name, don't actaully put your name in there. You can just set it as your marketplace account username.
  307. 6. All the other settings are fine, click "create"
  308. ![naming key](https://i.imgur.com/eBNDeXw.png)
  309.  
  310. 7. You can set a password here or not.
  311. 8. Follow the instructions to finish off the creation of the key
  312.  
  313. ### Adding your public key to you marketplace account
  314. Again we will be using the Empire Marketplace as an example for how we configure PGP for our account.
  315.  
  316. Navigate over to Empire and login with your credentials
  317. ![empire landing](https://i.imgur.com/E0pqqaG.png)
  318.  
  319.  
  320. Now navigate over to your "Account Settings" page and scroll down untill you see a section called "PGP Information" and a "PGP Public Key" text box. This is where you will paste your public key.
  321.  
  322. To find your public key, go back to the key manager app
  323. ![Manage keys](https://i.imgur.com/bLQsVmK.png)
  324.  
  325. Click on "GnuPG Keys" and you should see the name of the key you just created
  326. ![copying public key](https://i.imgur.com/LPpF8PC.png)
  327. (I named mine "Empire" apparently)
  328.  
  329. Click on the key and just Ctrl+C (copy). You can then go back to the Empire website and Ctrl+V (Paste) into the PGP text box
  330. ![pasting public key in account settings](https://i.imgur.com/Wd8gVcS.png)
  331.  
  332. Scroll to the bottom of the page and submit the changes. That's it. The PGP key has been set so next we are going to try it out. Log out of the marketplace.
  333.  
  334. ### Logging into the markerplace with PGP Auth
  335. So now, just like logging into a bank, we will have a 2 step process to log into the marketplace. But unlike logging into a bank, this process is way more interesting.
  336.  
  337. First enter your username and password just like you did before, this part has not changed.
  338.  
  339. Then comes the fun part. You will be prompted with a new security message on the site.
  340. ![security code message 1](https://i.imgur.com/SWBT2rc.png)
  341.  
  342. As you can probably tell from the instructions, you now need to decode the encrypted message that they are displaying on the page. Inside that message is a "Security Code" that they randomly generated and expect you to submit it back to them.
  343.  
  344. This is a pretty quick process, just copy the encrypted message like so
  345. ![security code pgp msg copying](https://i.imgur.com/vgA87Un.png)
  346.  
  347. All that you have to do is go back to our helpful little clipboard icon. You can see the options have changed a bit. This menu is aware that you copied an encrypted message and gives you option to decrypt it. Go ahead and click "Decrypt/Verify Clipboard"
  348. ![decrypt message ](https://i.imgur.com/5fpiuIL.png)
  349.  
  350. You will see the decrypted message pop up in a new window. Empire gives you the opportunity to double check the domain being used in the message. If the domains match then you are safe. Copy the "Security Code" from the message and submit it on the form to log into the marketplace.
  351. ![decrypted message](https://i.imgur.com/1s1Mqqb.png)
  352.  
  353. That wasn't so hard! You know have stable relationship with a dark web marketplace. You two can trust eachother and go steady.
  354.  
  355. # A little more on encryption
  356. I want to spend a bit more time on this because it is going to come up a lot. You will be using encryption when logging into a marketplace, when making purchases and when interacting with vendors. You are going to be using that little clipboard icon a lot.
  357.  
  358. As you might have guessed, the encoded message that the marketplace showed you was generated by the "public key" that you pasted in the account settings. When you generate a new PGP Key you actually generate two keys that interact with eachother.
  359.  
  360. - public key: this can be freely shared with others
  361. - private key: which *must not* be shared with others
  362.  
  363. Only a private key can decrypt a message that was encrypted by the public key. So assuming that only you have the private key, then if someone writes a message to you and encrypts it with your public key than only you will be able to read it. That message can be passed around through as many hands as possible, though marketplaces, ISP's, governments, law enforcment, whatever, and no one will be able to read it.
  364.  
  365. This is what "end-to-end-encryption" (or E2EE) means. This is what's going on in the background in "secure" messaging apps like iChat or whatsapp. On the dark web we just need to do it manually.
  366.  
  367. There is more that these public and private keys can do but that's all we need to know for now. As you browse around the dark web take some time to notice where and when people, sites and services advertize their public keys.
  368.  
  369.  
  370.  
  371. # Apendix
  372. ![depositing coins](https://i.imgur.com/34zNtlk.png)
  373.  
  374. ![Vendor PGP block](https://i.imgur.com/Jps91Z2.png)
  375.  
  376.  
  377. Setting up jabber on tails
  378. https://www.youtube.com/watch?v=HsSssbs-Sso
  379.  
  380. Need to find a way to also do this on mobile
  381. https://www.xabber.com/prices/
  382. https://calyxinstitute.org/docs/howto-encrypted-instant-messaging-with-osx-adium-and-otr
  383.