Technical FAQ

The infrastructure utilizes Tor V3 onion services to obfuscate server location. Traffic is routed through three random nodes (Guard, Middle, Exit) before reaching the hidden service, ensuring end-to-end encryption and anonymity for both the host and the client. The V3 protocol specifically provides longer addresses (56 characters) and improved elliptic-curve cryptography compared to legacy V2 services.

Downtime is often a result of Distributed Denial of Service (DDoS) attacks common in the darknet ecosystem, or scheduled maintenance to rotate cryptographic keys. The decentralized mirror system is designed to maintain access via alternative links when the main node is unreachable. Researchers should check the Links Database for active fallbacks.

Access requires a Tor-enabled browser configured to handle .onion top-level domains. JavaScript is typically disabled (Security Level: Safest) to prevent browser fingerprinting and XSS vulnerabilities. Standard clearnet browsers cannot resolve these addresses.

Instead of a static password, the system generates a random string encrypted with the user's public PGP key. The user must decrypt this string using their private key and return the token to verify identity. This eliminates password theft via phishing or database leaks, as the private key never leaves the user's local machine.

Every valid mirror is cryptographically signed by the market's primary PGP key. Users verify the signature block on the landing page against the known public key to ensure the site is not a phishing proxy acting as a "Man-in-the-Middle" (MitM).

PGP Auth is often the primary login method on this architecture, whereas 2FA usually refers to a secondary check. However, in passwordless systems, PGP Auth serves as both authentication and authorization, providing higher security than traditional password+2FA models.

Monero (XMR) funds are held in a multi-signature or temporary wallet controlled by the market code. Funds are released to the vendor only after the buyer confirms receipt (finalize) or the auto-finalization timer expires.

Monero uses ring signatures, stealth addresses, and RingCT to hide transaction details. Unlike Bitcoin, where the ledger is transparent, XMR ensures sender, receiver, and amount privacy, which is critical for the security model of the marketplace.

The auto-finalize timer is a smart contract-like script that automatically releases held escrow funds to the vendor if the buyer does not dispute the order within a set timeframe (typically 7-14 days depending on shipping type).

Historical data indicates that vendor accounts require a non-refundable bond paid in XMR. This acts as a sybil resistance mechanism to prevent spam accounts and increase the financial stake for market participants.

No. The interface is built to function entirely without JavaScript to maximize security. All interactive elements are handled via server-side processing and standard HTML forms.

Tor network latency often causes session timeouts or clock drift, invalidating the CAPTCHA token before submission. Users are advised to synchronize their system clock and refresh the identity circuit if issues persist.

Account recovery relies entirely on the mnemonic seed phrase provided during registration or the PGP key associated with the account. Without these cryptographic proofs, access cannot be restored by administrators.

Monero blockchains require 10 confirmations before funds are unlocked. If the market node is out of sync or under heavy load, detection may be delayed. Users typically verify the transaction hash on a public XMR explorer before troubleshooting further.

When a dispute is opened, the escrow funds are frozen. A moderator reviews the evidence (chat logs, shipping data) and broadcasts a decision to either refund the buyer or release funds to the vendor. This requires moderator intervention in the transaction flow.