Vendor Security Guide

Protect yourself as a Darkmatter vendor

⚠️ Vendors Face Higher Risk: Law enforcement targets vendors more aggressively than buyers. Your OPSEC must be flawless.

Critical Vendor OPSEC Rules

  • ✅ Use Tails OS or Whonix (mandatory)
  • ✅ Dedicated device ONLY for vending (never mix with personal use)
  • ✅ Encrypt all customer addresses immediately after reading
  • ✅ Delete customer data after shipping
  • ✅ Use VPN + Tor (layered anonymity)
  • ✅ Separate PGP keys for each market
  • ✅ Never photograph inventory with metadata (use burner camera)
  • ✅ Lawyer on retainer familiar with cybercrime

Shipping Security

Package Stealth:

  • Vacuum seal products (odor proof)
  • Use MBB (Mylar barrier bags)
  • Decoy packaging (fake business envelope, book, etc.)
  • No fingerprints on inner packaging (wear gloves)
  • Type labels (never handwrite)
  • Use public mailboxes (not post office counter)

Drop Location OPSEC:

  • Never ship from home address
  • Use public mailboxes far from residence
  • Rotate drop locations
  • Avoid security cameras at mailboxes
  • Drop packages during busy hours (blend in)

Data Management

Customer Address Handling:

  1. Receive PGP-encrypted address
  2. Decrypt, print shipping label immediately
  3. Shred printout after package ships
  4. Delete decrypted plaintext immediately
  5. NEVER store customer addresses long-term

Order Database:

  • Encrypt database with VeraCrypt
  • Store on encrypted USB (not main hard drive)
  • Wipe database after 90 days

Financial Security

  • Withdraw XMR to personal wallet frequently (don't let balance accumulate)
  • Use multiple XMR wallets (split risk)
  • Cash out via no-KYC exchanges only
  • Never link vendor XMR to personal bank account
  • Use LocalMonero to convert XMR to cash

Related Guides

Vendor Application

How to become a vendor

 Security & OPSEC

Complete operational security
← Back to Wiki Hub