Operational Security Protocols

If you do not encrypt, you do not care. PGP (Pretty Good Privacy) is the absolute baseline requirement for communication. Relying on market-based "Auto-Encrypt" checkboxes is a critical failure point. If the server is compromised or seized, plain text messages are readable by adversaries.

• Always encrypt sensitive data (shipping addresses, tracking numbers) locally on your own machine using tools like Kleopatra (Windows) or GPG Suite (macOS).
• Never paste unencrypted private data into a text box on the Tor network.
• Verify the market's public key against historical records before encrypting data for them.

Phishing is the primary vector of attack. Adversaries create identical replicas of WeTheNorth Market to capture credentials and deposit addresses. This is known as a "Man-in-the-Middle" (MitM) attack.

Defense Protocol:

1. Source Validation: Never trust links from Reddit, Wikipedia, or random forums. Only use links signed by the market's PGP key.
2. Rotational Verification: Markets rotate mirrors frequently to mitigate DDoS attacks. Before logging in, you must verify the PGP signature of the login page (often found at /verify or in the page footer).
3. 2FA Enforcement: Enable Two-Factor Authentication (2FA) immediately. This requires you to decrypt a PGP message to log in, preventing phishers from accessing your account even if they have your password.

Blockchain analysis firms actively monitor Bitcoin transactions. Sending funds directly from a KYC (Know Your Customer) exchange to a market wallet permanently links your real identity to the transaction.

We strongly recommend using Monero (XMR) over Bitcoin. Monero uses ring signatures and stealth addresses to obscure the sender, receiver, and amount. If you must use Bitcoin, coinjoining is mandatory, but still inferior to native Monero privacy.