Knowledge Base

The marketplace operates as a hidden service within the Tor network. Onion routing encapsulates data in multiple layers of encryption, bouncing traffic through a randomized sequence of volunteer relays (guard, middle, and exit nodes). This architecture ensures that neither the user's IP address nor the server's physical location is exposed during the connection handshake.

Timeouts often occur due to network congestion within the Tor circuit, distributed denial of service (DDoS) attacks targeting the specific onion service, or localized clock skew on the user's device. Research suggests that requesting a "New Identity" in the Tor Browser or utilizing a verified mirror link from a rotational pool can resolve these latency issues.

JavaScript can potentially be exploited to de-anonymize users by revealing local system information, screen resolution, or browser fingerprints. The Torzon interface is architected to function without client-side scripts to minimize the attack surface and ensure maximum compatibility with the 'Safest' security setting in Tor Browser.

PGP (Pretty Good Privacy) verification acts as a cryptographic authentication layer. During login, the server presents a challenge message encrypted with the user's public key. The user must decrypt this message using their private key to reveal a verification code. This prevents phishing attacks and unauthorized access even if passwords are compromised.

Phishing involves malicious actors creating fake mirror sites to steal credentials. Torzon mitigates this via PGP-signed landing pages. Users should verify the PGP signature of the landing page against the known public key of the market administrator. If the signature matches, the mirror is genuine; otherwise, it is a fraudulent clone.

During account creation, a unique sequence of words (mnemonic) is generated. This seed phrase is the only cryptographic method to recover an account if the password or PGP key is lost. Due to the decentralized and anonymous nature of the platform, no central administrator can reset passwords without this specific phrase.

The escrow system holds cryptocurrency funds in a neutral multi-signature wallet state until a transaction is completed. Funds are only released to the vendor once the buyer confirms receipt or the auto-finalize timer expires. In the event of a dispute, a moderator uses the third key in the 2-of-3 multisig arrangement to adjudicate.

While Bitcoin utilizes a public ledger where transaction histories are traceable via blockchain analysis, Monero uses ring signatures, ring confidential transactions (RingCT), and stealth addresses to obfuscate the sender, receiver, and amount. Torzon's architecture supports both, though XMR is standard for high-security operations.

A vendor bond is a substantial security deposit required for new merchant accounts. This financial barrier serves as a spam deterrent and a commitment mechanism, ensuring that only serious entities establish presence on the platform. The bond is retained by the protocol to incentivize long-term honest behavior.

The auto-finalize timer is a programmatic fail-safe that automatically releases escrowed funds to the vendor after a set period (typically 7 to 14 days) if the buyer takes no action. This prevents funds from being indefinitely locked if a buyer becomes unresponsive after receiving their product.