SECURITY PROTOCOLS
Your anonymity is your responsibility. Below are the mandatory protocols to operate safely on the Drughub network.
// CORE DEFENSES
Tails OS or Whonix
NEVER access Drughub from Windows 10/11. Microsoft telemetry logs app usage. Use Tails OS (boots from USB) or Whonix (Virtual Machine) to compartmentalize your identity.
Identity Isolation
Your "Drughub Identity" must be separate from your real life. Never use the same username, password, or PGP key that you use on the clearnet (Reddit, Discord, etc).
Metadata Scrubbing
Before uploading photos for disputes or reviews, scrub the EXIF data (GPS, Camera Model). Tails OS does this automatically, but double-check manually.
// PGP ENCRYPTION SUITE
Pretty Good Privacy (PGP) is the mathematical guarantee that only the intended recipient can read your message. It is mandatory for 2FA and address sharing.
HOW TO VERIFY A MIRROR (ANTI-PHISHING)
1. Import the Drughub Admin Public Key (Found below) into your keychain.
2. On the login page, copy the "Signed Message".
3. Decrypt/Verify in Kleopatra or GPG.
4. Green signature = Real site. Red/Error = Fake site.
HOW TO ENCRYPT YOUR ADDRESS
1. Get the Vendor's Public Key from their profile.
2. Write your address in a text editor: Name: John Doe
Street: 123 Main St...
3. Copy text -> Right Click Kleopatra icon -> Clipboard -> Encrypt.
4. Select the Vendor's key as the recipient.
5. Paste the resulting block (Begin PGP Message) into the order form.
OFFICIAL DRUGHUB ADMIN KEY
Version: GnuPG v2
mQINBFx... (THIS IS A PLACEHOLDER FOR THE REAL KEY) ...
...
...
=5z/a
-----END PGP PUBLIC KEY BLOCK-----
// WARRANT CANARY
A Warrant Canary is a regularly updated statement confirming that the administrators have NOT been contacted by law enforcement or served with a secret warrant. If this message is outdated, assume the site is compromised.