TorTaught(1) Tor Browser is current; the installer was signature-verified. (2) The mirror was copied from the canonical box, not retyped. (3) The security slider is on Safest before any login content loads. (4) The login page's PGP timestamp block verifies cleanly against fingerprint 0x7F2A0A9D. (5) The password is unique to this account and pulled from an offline manager; PGP 2FA is enrolled.
Five checks, roughly thirty seconds for a return visitor. Skipping any one of them is what enables every recurring credential-loss pattern documented in the public phishing-clone catalogue. The OpSec section on the homepage explains why each check matters.
Verified working Nexus Market mirrors
Three v3 onion addresses currently serving the production market, signed under PGP fingerprint 0x7F2A0A9D. Use the Copy button; never retype an address.