Research Database & Knowledge Base

The infrastructure utilizes a rotating mirror system with decentralized load balancing. When primary entry nodes face congestion or DDoS attacks, traffic is automatically rerouted to alternative V3 onion addresses to maintain connectivity. Research indicates this reduces downtime significantly compared to static addressing.

Access requires the Tor Browser configured with 'Safer' or 'Safest' security settings. JavaScript is often disabled by users to prevent browser fingerprinting, though some market features may require limited script execution. Standard browsers (Chrome, Firefox) cannot resolve .onion domains.

Onion links are rotated periodically as a defense mechanism against network analysis and denial-of-service attacks. Mirrors listed in the verified index are cryptographically signed to ensure authenticity before rotation. Static links are vulnerable to targeted congestion attacks.

The platform employs a Two-Factor Authentication (2FA) system where a unique challenge string is encrypted using the user's public PGP key. The user must decrypt this message and return the correct string to verify identity without transmitting passwords over the network.

The passwordless system relies entirely on public-key cryptography. This eliminates the risk of password database leaks, as no static passwords are stored on the server. Access is granted solely through possession of the corresponding private PGP key.

Verification involves checking the PGP signature of the landing page against the market's known public key. Users typically import the market's key into their keyring and verify the signed message displayed in the footer or header of the site. If the signature is invalid, the mirror is compromised.

The ecosystem primarily supports Monero (XMR) due to its privacy-centric blockchain features, such as ring signatures and stealth addresses. While Bitcoin (BTC) was historically supported, trends show a migration to XMR only architectures to prevent blockchain analysis.

In a standard escrow arrangement, funds are held in a multi-signature or temporary wallet controlled by the marketplace. Funds are only released to the vendor once the buyer confirms receipt of the digital or physical goods, or after a finalized timer expires.

The auto-finalize timer is a mechanism that automatically releases held funds to the vendor after a set period (typically 7-14 days) if no dispute is raised by the buyer. This prevents funds from being locked indefinitely due to user inactivity.

Market analysis indicates that vendors are required to deposit a significant sum (the bond) to list items. This acts as a financial deterrent against fraudulent behavior, as the bond can be confiscated by administration in cases of proven misconduct.

Repeated captcha failures often result from Tor circuit latency or clock synchronization issues on the client device. Refreshing the Tor identity or ensuring the system clock is set to UTC can resolve these synchronization errors.

Upon registration, a mnemonic seed (a sequence of random words) is generated. This seed acts as a cryptographic master key to recover account access or reset PGP keys if the user loses access to their primary credentials. Without this seed, recovery is mathematically impossible.

Users rotate keys by generating a new key pair, adding the new public key to their profile, and verifying ownership through a 2FA challenge. Old keys should be revoked to prevent usage if compromised. This is a standard security hygiene practice.