Security Center

Separate Identities: Never create a username that links to your real life, other forums, or clear-net social media. Your DrugHub identity must exist in a vacuum.

Metadata Leaks: Do not discuss your location, timezone, weather, or occupation in chats. Even small details can be pieced together to de-anonymize you.

Clean Hardware: Ideally, use a dedicated OS like Tails booted from a USB stick. Avoid using Windows for sensitive activities due to telemetry and logging.

Man-in-the-Middle (MITM): Malicious actors create fake mirrors that look identical to the real site to steal credentials. They proxy traffic, capturing your data in real-time.

Verify Signatures: DrugHub provides a PGP signed message on the login page. You must manually verify this signature using the market's public key. If the signature is invalid, do not login.

Bookmark Verified URLs: Once you have verified a mirror using PGP, bookmark it. Never click links from Reddit, Telegram, or unknown wikis.

Tor Security Levels: Set your Tor Browser Security Level to "Safest". This disables JavaScript completely, preventing many de-anonymization exploits and browser fingerprinting.

The Monero Flow: Never send XMR directly from a KYC exchange (like Binance or Coinbase) to the market.
Exchange → Your Private Wallet (GUI/Cake) → Market

Window Size: Do not maximize your Tor Browser window. Keep it at the default size to prevent screen resolution fingerprinting.

Encrypt Everything: Never send your address in plain text. Even if the market has "Auto-Encrypt", always encrypt manually on your local device before pasting.

2FA Login: Enable PGP Two-Factor Authentication immediately. This ensures that even if your password is stolen, your account remains secure.