Research Database

The infrastructure utilizes a rotating mirror system combined with End-of-Circuit proof-of-work (PoW) protections. Traffic is distributed across multiple verified nodes (mirrors) to prevent single-point congestion. When a primary node is under stress, the load balancer redirects user sessions to alternative verified mirrors listed in the PGP-signed index.

Access requires a Tor-enabled browser configured to route traffic through the onion network. Standard browsers (Chrome, Firefox, Safari) cannot resolve .onion TLDs. For maximum operational security, researchers recommend setting the security slider to "Safest," which disables JavaScript entirely, mitigating browser fingerprinting and script-based exploits.

Intermittent downtime is characteristic of the Tor network due to circuit path changes or server-side maintenance. Additionally, heavy network traffic or Distributed Denial of Service (DDoS) attempts may temporarily saturate specific entry guards. Users are advised to rotate through the verified mirror list provided on the Links Analysis page.

PGP (Pretty Good Privacy) relies on asymmetric encryption. The platform signs all administrative messages and mirror lists with its private key. Users verify this signature against the widely distributed public key. This process ensures that the content has not been tampered with and originates from the genuine infrastructure source, effectively neutralizing phishing attempts.

2FA on the network requires the user to decrypt a randomly generated message using their private PGP key before logging in. This ensures that even if a password is compromised via a phishing site, the account remains secure because the attacker cannot decrypt the challenge message without the user's local private key.

Phishing links typically mimic the visual interface of the platform but operate on a different V3 onion address. They often function as "Man-in-the-Middle" attacks, proxying traffic to steal credentials. Identification is achieved by verifying the URL against a PGP-signed list of mirrors. If the URL is not in a signed message from the official key, it is considered hostile.

Unlike Bitcoin, which maintains a transparent public ledger traceable by chain analysis, Monero uses ring signatures, RingCT, and stealth addresses. This cryptographic architecture obfuscates the sender, receiver, and transaction amount by default, providing the fungibility and privacy required for secure decentralized commerce.

The escrow system places funds into a temporary holding wallet controlled by the market code. Funds are not released to the counterparty until the transaction is finalized. This system often includes a dispute resolution layer where a moderator can intervene if the agreed-upon terms are not met. Multisignature (Multisig) escrow is an advanced variation where 2 of 3 keys are required to move funds.

The auto-finalize timer is a fail-safe mechanism. If an escrow transaction remains in a pending state without a dispute being filed for a set duration (typically 7-14 days), the system automatically releases the funds to the vendor. This prevents funds from being indefinitely locked if a buyer becomes unresponsive after receiving their order.

During account creation, a unique mnemonic phrase (seed) is generated. This sequence of words is the only method to recover an account if the password or PGP key is lost. Since the system does not store personal email addresses, administrative staff cannot reset passwords manually. Users must store this phrase offline securely.

Captcha failures on Tor networks are often due to session timing discrepancies or aggressive circuit switching. If a session expires or the circuit changes IP mid-request, the captcha token becomes invalid. Users are advised to refresh the identity (New Circuit) or ensure their system clock is synchronized to UTC to prevent timestamp errors.