Security & OPSEC Guide

Complete Operational Security Guide for Nexus Market Users

📊 Beginner ⏱️ 15 minutes 📅 Updated: 2025-11-06

📑 Table of Contents

1. Introduction to OPSEC 2. Tor Browser Setup & Configuration 3. PGP Encryption Basics 4. Nexus Market Mandatory 2FA 5. Device Security 6. Communication Security 7. Common Mistakes to Avoid
1

Introduction to OPSEC

Operational Security (OPSEC) is the practice of protecting sensitive information and activities from adversaries. On Nexus Market, your OPSEC determines your safety and privacy.

⚠️ Key Principle

You are only as secure as your weakest link. A single OPSEC failure can compromise your entire operation. Law enforcement looks for mistakes - don't give them any.

OPSEC Fundamentals

🔒 Assume You're Being Watched

Always operate under the assumption that your ISP, government, or malicious actors are monitoring your activities. This mindset prevents complacency.

🎭 Compartmentalization

Separate your darknet activities from your clearnet identity. Use dedicated devices, operating systems, and never cross-contaminate information.

🤐 Trust No One

Never share personal information with vendors, other buyers, or anyone on the market. Nexus admins will NEVER ask for personal details.

2

Tor Browser Setup & Configuration

Tor Browser is the only recommended browser for accessing Nexus Market. Regular browsers with VPNs are NOT secure enough.

Installation Steps

  1. 1 Download Tor Browser from the official website: torproject.org
  2. 2 Verify the signature of the downloaded file using GPG (advanced users only)
  3. 3 Install Tor Browser to a location you can easily access
  4. 4 Launch Tor Browser and configure your connection settings

Security Settings

RECOMMENDED

Set Security Level to "Safest" for maximum protection:

  • Click the shield icon in the top-right corner
  • Select "Settings" → "Privacy and Security"
  • Set Security Level to "Safest"
  • This disables JavaScript by default (important!)
3

PGP Encryption Basics

PGP (Pretty Good Privacy) is mandatory on Nexus Market for 2FA authentication and secure communications.

🔑 What is PGP?

PGP uses public-key cryptography to encrypt messages. You have a public key (shared with others) and a private key (kept secret). Only your private key can decrypt messages encrypted with your public key.

🛡️ Why Nexus Requires It

PGP 2FA ensures that even if your password is stolen, attackers cannot log into your account. It also protects against phishing sites since they cannot replicate PGP challenges.

⚠️ Read the Full PGP Guide

PGP setup requires its own comprehensive guide. Please read our Complete PGP Encryption Tutorial before continuing.

4

Nexus Market Mandatory 2FA

Unlike optional 2FA on other markets, Nexus Market requires PGP 2FA for all accounts. This is a major security advantage.

✅ Benefits of Mandatory 2FA

  • Prevents phishing attacks (fake sites can't decrypt PGP)
  • Protects against password theft
  • Eliminates TOTP vulnerabilities (no time-based codes)
  • Forces users to learn PGP (good for security culture)

🔐 How It Works

  1. You enter your username and password
  2. Nexus sends you an encrypted PGP challenge
  3. You decrypt the challenge using your private key
  4. You paste the decrypted code back into Nexus
  5. If correct, you're logged in
5

Device Security

Operating System Recommendations

Tails OS (Recommended)

The Amnesic Incognito Live System - a live OS that leaves no traces. Routes all traffic through Tor automatically.

Pros: Maximum anonymity, leaves no traces, built-in security tools

Whonix (Advanced)

Runs in a virtual machine with forced Tor routing. Better for long-term use than Tails.

Pros: Persistent storage, VM isolation, advanced security

⚠️ Windows/macOS (Not Recommended)

Can be used with Tor Browser, but provides minimal security. Full disk encryption is mandatory.

Cons: Potential backdoors, telemetry, forensic artifacts

Additional Device Security

  • Full Disk Encryption: Use LUKS (Linux), FileVault (macOS), or BitLocker (Windows)
  • Strong Passwords: Minimum 20 characters, use a password manager
  • Webcam/Microphone: Physically disable or cover when not in use
6

Communication Security

🚨 CRITICAL: Always Use PGP

NEVER send sensitive information (addresses, names, phone numbers) unencrypted. Always encrypt messages to vendors using their PGP public key. Nexus Market admins can see unencrypted messages.

Communication Best Practices

Only communicate through Nexus Market PM system

Never move to Telegram, Wickr, or email. Vendors asking to move off-platform are scammers.

Encrypt all shipping addresses with PGP

Use the vendor's public PGP key to encrypt your address. Never send plain text.

Use fake names for deliveries (if legal in your jurisdiction)

Some users prefer using names that sound plausible but aren't their real identity.

7

Common Mistakes to Avoid

❌ Using VPN with Tor

Tor → VPN is generally unnecessary and can reduce anonymity. Tor alone is sufficient. VPN → Tor can help in censored countries, but adds complexity.

❌ Reusing Passwords

Never reuse passwords from clearnet sites on Nexus Market. If that clearnet site gets breached, attackers will try your credentials on darknet markets.

❌ Keeping Funds on Market

Exit scams happen. Only deposit what you need for immediate purchases. Withdraw any remaining funds to your personal wallet immediately.

❌ Clicking Clearnet Links

Never click clearnet links from Nexus Market. This can deanonymize you. All legitimate market links are .onion addresses.

❌ Trusting "Finalize Early" Requests

Only FE for trusted vendors with hundreds of positive reviews. New vendors asking for FE are almost always scammers. Use escrow protection.

Next Steps

Now that you understand OPSEC fundamentals, continue to our specialized guides for detailed instructions.

PGP Encryption Tutorial → Mandatory 2FA Setup → ← Back to Wiki