DrugHub Guide

Tor Browser is your gateway to the darknet. It routes your traffic through multiple servers, hiding your real IP address. Without Tor, you cannot access onion sites. Period.

Download Tor Browser

Go to torproject.org and download Tor Browser for your operating system. Choose the correct version for your platform. Windows, macOS, and Linux are all supported.

Verify Your Download

The Tor Project provides signatures for every download. Verifying ensures your download was not tampered with. Import the Tor Project signing key and check the signature matches. Instructions are on their website. This step is optional but recommended.

Installation Instructions

First Launch Configuration

When you first open Tor Browser, it will connect to the Tor network. This takes 30 to 60 seconds depending on your connection. Wait for it to complete. Once connected, you will see the Tor Browser homepage.

Now configure your security level. Click the shield icon next to the URL bar. Select "Safest" for maximum protection. This disables JavaScript on all sites. Some features may not work, but your security increases significantly.

Understanding Tor Bridges

Some countries block Tor connections. If you cannot connect normally, use bridges. Bridges are secret entry points to the Tor network. Request bridges from bridges.torproject.org or use the built-in bridge options. This helps if your ISP blocks Tor.

PGP encryption is mandatory on Drughub. No PGP key means no account. Your PGP key encrypts all messages and your shipping address. Only you can decrypt them. Even if servers are seized, your data stays protected.

What is PGP?

PGP stands for Pretty Good Privacy. It uses public-key cryptography. You create two keys: a public key and a private key. Share your public key with others. Keep your private key secret. Anyone can encrypt a message with your public key. Only your private key can decrypt it.

Choose Your Software

Generate Your Key Pair

Open your terminal or command prompt. Run the following command to generate a new key pair. Follow the prompts carefully.

Export Your Public Key

After generating your key, export the public key. You will paste this into Drughub during registration.

This outputs your public key as text starting with "-----BEGIN PGP PUBLIC KEY BLOCK-----". Copy everything including these header and footer lines. You will need this during registration.

Backup Your Private Key

Your private key is irreplaceable. Back it up securely. Export it and store on encrypted USB drive. Keep multiple copies in safe locations.

Encrypting and Decrypting Messages

To encrypt a message for someone, you need their public key. Import it first. Then encrypt your message to their key. Only they can decrypt it with their private key.

Drughub is XMR-only. No Bitcoin. No other cryptocurrencies. Only Monero. Why? Monero is private by default. Every transaction hides the sender, receiver, and amount. Bitcoin shows everything on a public ledger. Monero shows nothing.

Why Monero?

Bitcoin transactions are traceable. Chain analysis companies work with law enforcement to track funds. They can link your exchange account to your market transactions. Monero solves this problem completely. Ring signatures hide the sender. Stealth addresses hide the receiver. RingCT hides the amount. Mathematical privacy, not trust-based privacy.

Wallet Options

Choose a wallet that fits your needs. Each option has different trade-offs between security and convenience.

Setting Up Your Wallet

When you create a new wallet, you receive a 25-word seed phrase. This is your backup. Write it down on paper. Store it securely. Anyone with your seed phrase can access your funds. Never store it digitally on an internet-connected device.

Getting Monero

You have several options to acquire Monero. Each has different privacy implications.

Transaction Privacy: Breaking the Chain

Even with Monero's built-in privacy, taking additional steps provides defense in depth against advanced analysis attempts.

• Intermediate Wallet Hops: Don't send XMR directly from exchange to market. Send exchange → your wallet → market. This breaks timing correlation.
• Time Delays: Wait several hours or days between receiving XMR from exchange and sending to market. Timing analysis becomes harder.
• Amount Variations: Don't send round numbers. Instead of 1.0 XMR, send 0.9372 XMR. Obscures patterns.
• Running Your Own Node: For maximum privacy, run a full Monero node. This prevents even your wallet provider from knowing which transactions are yours.

With Tor, PGP, and Monero ready, you can now create your Drughub market account. Registration on the Drughub marketplace requires several security steps. Do not skip any of them. Each one protects your Drughub account and ensures safe market access.

Access via Tor Browser

Open Tor Browser. Make sure it is connected to the network. Navigate to a verified Drughub onion link from our mirrors page. Verify the URL character by character before proceeding.

Click Register Button

On the Drughub homepage, click the Register button. You will see the registration form. Fill in each field carefully. All fields are required.

Choose Username

Pick a username that does not identify you. Do not use your real name, nickname, email, or anything connected to your real identity. Completely random is best. This username is permanent and cannot be changed later.

Create Strong Password

Use a unique password at least 16 characters long. Mix uppercase, lowercase, numbers, and symbols. Never reuse passwords from other sites. Consider using a password manager like KeePassXC.

Add Your PGP Public Key

Paste your PGP public key into the field provided. Include the entire key, starting with "-----BEGIN PGP PUBLIC KEY BLOCK-----" and ending with "-----END PGP PUBLIC KEY BLOCK-----". This is mandatory. You cannot skip it.

Registration form: paste your entire PGP public key

Set Anti-Phishing Phrase

Choose a unique phrase that only you will recognize. This phrase displays on every page after you log in. If you ever log in and do not see your phrase, you are on a phishing site. Log out immediately.

Solve Captcha

Complete the captcha to prove you are human. If the captcha does not load, try refreshing the page. JavaScript may be required for some captchas.

CAPTCHA example: move the circle until it matches the background

Complete Registration

Click the submit button. If everything is correct, your account is created. You will be logged in automatically. Set up 2FA immediately before doing anything else on the site.

Two-factor authentication is mandatory on Drughub. It adds a second layer of security beyond your password. Even if someone steals your password, they cannot access your account without your second factor.

Choose Your 2FA Method

Drughub offers two methods. Both are secure. Pick the one that works best for you.

TOTP Authenticator

Time-based one-time passwords. Uses an authenticator app on your phone to generate 6-digit codes that change every 30 seconds.

Recommended Apps:

• Aegis Authenticator (Android, open source)
• andOTP (Android, open source)
• Raivo OTP (iOS, open source)
• Google Authenticator (Android/iOS)

Setup Steps:

1. Go to Account Settings in Drughub
2. Navigate to 2FA section
3. Select TOTP method
4. Scan QR code with your authenticator app
5. Enter the 6-digit code to confirm
6. Save backup codes securely

Recommended for most users. Easy to use.

PGP-Based 2FA

Uses your PGP key as the second factor. Each login requires decrypting a challenge message with your private key.

How It Works:

• Enter username and password
• System shows encrypted challenge
• Decrypt with your PGP key
• Enter decrypted response
• Access granted

PGP validation: decrypt the message and enter the code

Setup Steps:

1. Go to Account Settings in Drughub
2. Navigate to 2FA section
3. Select PGP method
4. Confirm by decrypting test challenge
5. 2FA is now active

Maximum security. Requires PGP software access for every login.

Operational security, or OPSEC, is about protecting yourself. Technical security like Tor and PGP is only part of the equation. Your behavior matters too. One mistake can undo all your technical precautions.

Physical Security Considerations

Your computer is only as secure as the physical space it occupies. Consider these physical security measures to protect against local threats.

• Full Disk Encryption: Encrypt your entire hard drive with VeraCrypt or LUKS. If your device is stolen or seized, encrypted data remains unreadable without your passphrase.
• Secure Boot Environment: Use Tails OS booted from USB. Leave no trace on the host computer. Everything runs in RAM and vanishes when you shut down.
• Camera Awareness: Cover your webcam. Disable microphone when not in use. Assume surveillance capability exists on all devices.
• Secure Disposal: Securely wipe drives before disposal using tools like DBAN. Physical destruction is even better - drill holes through the platters.

Network-Level Privacy

Beyond Tor, additional network privacy measures provide defense in depth against sophisticated adversaries monitoring your internet connection.

• VPN Before Tor: Optional but recommended in some threat models. Hides Tor usage from your ISP. Your ISP sees VPN traffic instead of Tor traffic. Choose a VPN provider with no-logs policy.
• Never Tor Through VPN: Connecting to VPN through Tor defeats Tor's anonymity. Always VPN first, then Tor, never the reverse.
• Public WiFi Precautions: Public networks have additional risks: man-in-the-middle attacks, packet sniffing, malicious hotspots. Use VPN plus Tor for maximum protection on public networks.
• MAC Address Randomization: Change your device MAC address to prevent tracking across different WiFi networks. Tails does this automatically.

Understanding Common Threats

With your Drughub account set up and funded, you are ready to make purchases on the Drughub marketplace. Follow this process for safe ordering on the market.

Pre-Purchase Research

Before placing any order, conduct thorough research. Rushing leads to mistakes. Take time to evaluate vendors, read reviews, and verify product details. Smart buyers do homework first.

• Check Vendor History: How long have they been selling? 100+ sales minimum recommended for first orders. Check their join date and sales volume.
• Read Recent Reviews: Old reviews matter less than recent ones. Check the last 20-30 reviews. Look for patterns: shipping speed, product quality, communication responsiveness.
• Verify Product Descriptions: Detailed listings indicate professional vendors. Vague listings are red flags. Check if photos look professional or stock images.
• Compare Prices: Significantly below-market prices often indicate scams. Compare with other vendors selling similar products. Middle-range pricing usually indicates legitimate vendors.

The Ordering Process

When to Open a Dispute

Disputes protect buyers from problems. Do not hesitate to use them when legitimate issues occur. Opening a dispute is your right when things go wrong.

• Product Never Arrived: Wait reasonable time for shipping. If tracking shows delivered but you received nothing, dispute immediately.
• Wrong Product Received: If vendor sent different item than ordered, take photos and open dispute with evidence.
• Quality Issues: Product significantly different from description? Document with photos and dispute.
• Vendor Non-Response: If vendor ignores messages for several days, dispute to get moderator attention.

To open dispute: Go to order page → Click "Open Dispute" → Upload evidence → Explain situation clearly → Wait for moderator review. Both parties submit evidence. Moderator decides based on facts.

After Delivery: Finalization

Only finalize after you physically receive the package and verify contents. Finalization releases escrow funds to vendor and completes the transaction.

• Verify Contents First: Open package. Check product matches description. Verify quantity. Only then finalize.
• Leave Honest Feedback: Your review helps future buyers. Rate vendor fairly. Describe shipping speed, stealth, product quality.
• Auto-Finalize Timer: Orders auto-finalize after set period (usually 14-30 days). Finalize manually when received to release funds faster.
• Never Finalize Early: Scammers request early finalization. Real vendors never pressure you. Wait for delivery. No exceptions.