This article aims to provide a Cliff’s Notes version of the actual DNM Bible, which is an extensive guide for darknet market buyers on how to maximize their privacy when accessing markets. It is basically an overview of the principal points of knowledge expressed within the DNM Bible and is not meant to be a substitution for its wealth of technical guidance.
At its core, the DNM Bible preaches a general philosophy of “don’t be lazy” when it comes to employing the OpSec practices it carefully outlines, stressing the importance of understanding what one is doing before attempting to actually do it. After all, one’s money, health, and possibly even freedom is on the line when using a darknet market, so it is important to fully utilize the best practices that are currently known and available to the average buyer.
About the Original DNM Bible
The original DNM Bible was composed by Reddit and Dread user wombat2combat and co-authored by Seraphim_X of Reddit. It was published in its full form in 2017 on Reddit, where it remained as an integral part of r/darknetmarketsnoobs until the subreddit was removed for violating Reddit’s terms of service (along with r/darknetmarkets). The newest version – released in 2022 – is authored by Dread user Shakybeats and co-authored by Thotbot and WilliamGibson. Several other Dread members chipped into its creation as well, including some prominent darknet market admins.
Per Shakybeats, “This guide is written to help keep (buyers on darknet markets) safe and secure.” It contains just about everything there is to know when it comes to basic OpSec practices for accessing darknet markets and is highly praised by long-time members of the community. The DNB Bible is divided into nine chapters, which include Operating Systems, KeePassXC, PGP, Cryptocurrencies, Shipping, Harm Reduction, Darknet Markets, Alternative Communication Methods, and Miscellaneous Information. It also has an Appendix which contains a list of resources, a glossary of DNM terms, and a detailed FAQ.
In this summary, we’ll discuss the main gist of each of these sections, although the reader is reminded it is better to consult the DNM Bible itself before acting on any of the suggestions or knowledge provided herein. The DNM Bible reminds its readers that there is no surefire way to maintain anonymity when using a darknet market and encourages them to adopt a mindset of assuming the worst could happen when doing so.
Section 1. Operating Systems
This section goes over the importance in selecting which operating system is to be used when accessing a darknet market. For the safety of the buyer, the authors recommend never accessing a market via Windows or MacOS. The main rationale provided as to why Windows or MacOS should never be used is because if a user’s computer is ever confiscated by law enforcement, it will likely have traces of evidence that connections to darknet markets were made. Windows and MacOS also have backdoors built into them that can be used to reveal further evidence against a buyer if it is demanded by the government in a subpoena.
Instead, buyers should always use TailsOS, which is a privacy-focused operating system that can be booted from a DVD, USB stick or SD card. Some of the main ways in which TailsOS is different from other operating systems include:
- It forces all internet connections to go through the Tor network.
- It stores no data and leaves no trace of ever being run on a computer by default.
- It comes prepackaged with several advanced cryptography tools, including those for file encryption, email, and instant messaging.
Tails does not require the downloading of any other programs as far as accessing darknet markets is concerned. It contains everything one needs to get connected, browse, place orders, and communicate with others. The DNM Bible recommends not attempting to use a VPN in combination with Tails, not running it on a virtual machine, and waiting until the computer has turned off completely before removing the USB stick / SD card containing the TailsOS installation.
- To install Tails from Windows, click here.
- To install Tails from MacOS, click here.
- To install Tails from Linux, click here.
Tip: to maximize privacy, access these links and download any files contained therein using the Tor browser.
For Linux users who cannot get TailsOS to function, the DNM Bible also provides an overview of an alternative known as Whonix, which is similar to a Virtual Machine / sandbox that runs exclusively through Tor. Whonix should not be run on Windows or MacOS and used only as a last resort.
Section 2. KeePassXC
KeePassXC is a special password storage and encryption application that comes as part of the TailsOS installation package. It can be used to generate strong, individual passwords for each market a buyer is visiting, along with passwords for other applications. These are all encrypted using a master password which must be remembered by the user. The DNM Bible recommends coming up with a mnemonic of five words or more to be used as a master password. This will ensure that its creation is strong enough to never be broken by an adversary.
Using KeePassXC requires enabling persistence storage on Tails as described in the section above as this is how the password database is stored between sessions. When creating a database, the user must be sure that it is stored in the Persistent volume of Tails, or it will disappear upon restart. Previously-saved databases can be accessed via the “Open existing database” option found in KeePassXC. The DNM Bible recommends closing and reopening KeePassXC upon saving important entries – such as a seed phrase – to make sure that the data was properly saved.
Section 3. PGP
Knowing PGP – which is short for Pretty Good Privacy – is an integral part of the darknet market experience and a must for any market user, regardless of whether they are just a one-time buyer or a seasoned vendor. As of Tails 5.0, the PGP software included in the installation package is exceptionally straight-forward and about as simple as it gets. After a little bit of practice using PGP becomes a routine exercise that is not much more difficult than signing up and logging on to a darknet market itself.
The primary purpose of using PGP is sending and receiving encrypted communications that can only be unencrypted by the intended party. This is to prevent the darknet market operators or any adversary that gains control of the market or its logs from discovering sensitive information, such as the name and shipping address of a buyer. While some markets still allow for unencrypted messages to be sent from user to user, it is recommended that PGP be used in all market communications – especially when transmitting shipping information. The DNM Bible provides step-by-step instructions for the following:
- Creating a key pair (public and private PGP keys)
- Importing a public key (for the purpose of encrypting messages)
- Encrypting a message (to be sent to a vendor or other market user)
- Verifying a message (for the primary purpose of validating links to markets)
- Decrypting a message (to read a message encrypted with a provided PGP key)
- Signing a message (to provide proof of ownership of an account)
Mastery of the above processes is a must before attempting to place an order on any darknet market. The DNM Bible recommends destroying an account if a message is accidentally sent from it unencrypted. If the account cannot be destroyed, it should simply be logged out of and never returned to. Another rule of thumb is for buyers to always use separate PGP keys for each market of which they are a member to avoid the possibility of being linked across multiple markets.
Section 4. Cryptocurrencies
This section covers the basics of using the three most popular cryptocurrencies on darknet markets, which include Monero (XMR), Litecoin (LTC), and Bitcoin (BTC). They are even ordered this way in the DNM Bible from most private to least. Basically, the Bible states that XMR should be used whenever possible, and if for some reason a buyer needs to use BTC or LTC to pay for an order, they should start with XMR first. The reason for this is due to the opaque and nearly untraceable nature of the Monero blockchain, which hides transaction amounts, senders, and recipients from its blockchain data.
Using BTC for darknet market purchases, on the other hand, can be likened to doing a drug deal while standing in front of law enforcement, as all transactions on its blockchain are public and it is very easy to see where funds have been and where they are going. Thanks to a recent upgrade, Litecoin does have some privacy features, but most markets do not support it as deposit / payment option. Every major darknet market today supports XMR, which is another obvious reason for learning how to get and use it.
Today there are at least a few anonymous, Tor-based online exchangers or swapping services that have developed reputations of being trustworthy. Such services mentioned in the guide include Elude, Kilos, Xchange, flyp, and Godex. All allow swapping BTC for XMR and vice versa, and some also support LTC, as well. Using a Tor-based exchange offers a couple big advantages over a traditional cryptocurrency exchange in that they never ask for personally-identifying information and using them does not leave a trail of activity on the clearnet. Their main downside is they charge higher fees than regular exchanges.
The DNM Bible does say that its usually OK to buy XMR off a KYC exchange for market purchase purposes, but one should never send coins straight from an exchange to a market-related address. Instead, move the coins to a personal wallet first off the exchange, as the exchange (or anyone else) cannot track them after that. Some of the other important areas covered in this section include:
- What traditional exchanges / services carry BTC, LTC, and XMR
- How to install wallets in Tails
- The best ways to tumble/mix BTC
- The best ways to perform conversions among the three coins
The Bible also stresses the importance of using fresh wallets and addresses for each transaction. This includes XMR transactions as well. Address reuse can lead to loss of privacy and present potential problems for user OpSec. As the process is very easy, creating a new wallet for each transaction destined to a DNM is considered a must-do for all buyers.
Section 5. Shipping
This section goes over the basics of how the postal system works, clarifies the differences between domestic and international mail, lists which origin countries are more likely to be deemed “hot” by customs, what “stealth” is in packaging and why it’s important, and what to do if a package doesn’t arrive. Some great tips provided in this section for delivery of a physical order include:
- Always use a real name that has a prior association with the delivery address.
- Never placing more than one order at a time (wait to receive one before ordering another).
- Never using a workplace address for delivery of an order.
- Refrain from checking tracking numbers unless a package is very late, and never use Tor while checking a tracking number.
- Give vendors the benefit of the doubt and try to work with them if a package does not arrive or is not what was expected.
- Don’t throw away packaging materials in own trash but rather burn it or dispose of it elsewhere.
- Have a “clean house” when expecting an order in case law enforcement searches the property of the delivery address.
The Bible also explains the differences between a Controlled Delivery and a Monitored Delivery:
- Controlled Delivery = buyer receives a package and then is immediately approached by law enforcement, happens when bulk quantities of a substance are purchased from an overseas vendor
- Monitored Delivery = law enforcement intercepts a package and continues with delivery so the actions of the receiver can be monitored afterward, suggests a criminal case is being built against a buyer
Both of these events rarely occur for smaller orders placed domestically. Lastly, the Bible explains the meaning of the term “Love Letter,” which is a notice sent from a postal office which states they have seized a package found to contain illegal materials). It is more common to receive these letters from customs regarding an international order, after which the receiver’s address can be considered “burnt” and should not be used for the placement of additional DNM orders.
Section 6. Harm Reduction
“Harm reduction” refers to taking measures to minimize unnecessary health risks associated with the ingestion of substances ordered from a darknet market. This could refer to effects separate from the expected effects of the substances themselves, such as those introduced by impure or incorrectly-labeled orders. The DNM Bible recommends getting a test kit for any order and gives some suggestions on where they can be obtained. Also provided is a list of drug testing laboratories scattered across the globe to which buyers can send small amounts of substances to have them professionally analyzed.
In addition, the Bible provides a thorough reference chart for gauging the safety of combining two different substances, including everything from alcohol to amphetamines to SSRIs. Basically, it’s a good idea to have a background on the effects of a substance before consuming it for the first time. This can help establish a baseline for anticipated personal reactions and tolerance. To this end, the Bible provides a lengthy list of established resources for learning more about drugs and psychoactive substances which includes Erowid, the PsychonautWiki, Tripsit, and DanceSafe, among others.
Finally, the Bible provides an international list of suicide hotlines in this section for those in need of real help or who just need someone they can talk to.
Section 7. Darknet Markets
This is perhaps one of the most important sections of the DNM Bible — albeit all sections are of actual importance and basically required reading for a first-time buyer. It goes over basic darknet market dos and don’ts, the different types of market payment methods (multisig, escrow, direct deal), how to choose a market, how to find products, how to choose a vendor, how to verify onion links, the most common types of darknet market scams, and how to be a good buyer.
Some of the most important pieces of advice offered in this section include the following:
- Never use the market’s auto-encrypt option as the market could retain unencrypted messages (along with buyer names and addresses). Only submit encrypted text in the shipping info box during the checkout process and encrypt all communications.
- Use 2FA when available as it will make it much harder for unauthorized parties to access an account.
- Don’t leave more funds on a market than is absolutely necessary.
- Never use the same login credentials or PGP key on multiple markets.
- Don’t use market links found outside of official, trusted & verifiable sources like Dread, Darknetlive, or darkfail. They are nearly always phishing sites created to steal credentials and funds.
- Never reveal to real-life friends & family purchases made on a darknet market.
This section also contains a lot of advice on how to avoid legal problems. Such problems can largely be mitigated by selecting the right market(s), the right vendor(s), and never cutting corners when it comes to OpSec. In case a buyer does get into potential trouble with law enforcement, this section provides advice on how to handle it, which can be summarized by remembering two things:
- It is good to have researched a lawyer beforehand and written their number down on paper, so it is readily available in the event of an arrest.
- If arrested, it is wise to remain silent until in the presence of a lawyer. Avoid answering questions or giving up incriminating information and exercise the right to remain silent.
Also included in this section are some valuable tips on how to increase the chances of making a successful purchase, which include performing proper research on the substance being purchased and on the vendor it is being purchased from, double- and triple-check shipping information before encrypting and sending it, and using standard escrow or multisig over Finalize Early (FE) to avoid the chances of being exit scammed by a vendor. The guide also explains how to leave meaningful feedback after completion of an order, and what to do if threatened by a vendor.
Section 8. Alternative Communication Methods
As the title says, this section describes how to communicate with a vendor or other market user in the case that communication cannot be done over the market itself. This should only ever occur if a market is temporarily offline, has exit scammed, or has otherwise been taken down. According to the Bible, there are really only two reasonable ways to do this:
- Use a privacy-focused email service that is unlikely to respond to government requests. Such services can be found on the Dread darknet forum.
- Use an end-to-end encrypted messaging service like Jabber / XMPP.
Section 9. Miscellaneous Information
This section contains guides on subjects not necessarily pertinent to the core darknet market buyer experience but that may come in handy for more advanced DNM users. They include breakdowns of the following topics:
- Offline Version (how to download the DNM Bible to read it offline)
- Removing Exif Data (how to remove potentially-identifying metadata from images)
- OpenBazaar (the basics about a decentralized, downloadable marketplace and how to use it)
- I2P (what the I2P network is and how to get connected)
In summation, having read the entire contents of the DNM Bible in its full form is a great way for any darknet market buyer to increase their chances of not just placing successful orders but also avoiding the prominent risks associated with this activity. There is no way to 100% guarantee a successful buying experience, but by arming oneself with the knowledge provided within the DNM Bible they enter the process as prepared as possible.
Per DNM Bible author Shakybeats in the Bible’s closing words segment:
“Now you know how to greatly minimize the risk of ordering drugs using DNMs. You will never completely erase the risk of getting caught, but you can make it damn hard for law enforcement to catch and prosecute you by simply doing what is written in the DNM Bible.”
For those seeking additional information related to darknet markets, Monero, and the dark web in general, the DNM Bible references Dread, dark.fail, XMR Guide, Darknet Live, Tor Taxi, Tails, and the Tor Project as legitimate resources.