Knowledge Base

TorZon operates as a hidden service within the Tor network, utilizing onion routing to obscure server location. Traffic is encrypted through multiple nodes, ensuring that neither the user nor the host can identify each other's physical IP address.

REF: ONION_ROUTING_PROTOCOL_V3

To mitigate Distributed Denial of Service (DDoS) attacks, the network rotates through a pool of mirrors. If one node becomes overwhelmed, traffic is rerouted. Researchers and users should always verify new links against a PGP-signed list found on established forums or info hubs like this one.

No. The TorZon interface is specifically designed to function with JavaScript disabled in the Tor Browser (Security Level: Safest). This minimizes the attack surface and prevents browser-based exploitation techniques.

PGP (Pretty Good Privacy) is used to cryptographically sign messages and verify mirror authenticity. It ensures that users are interacting with the genuine infrastructure and not a phishing site. It is also used for Two-Factor Authentication (2FA) and encrypting shipping data.

2FA on TorZon utilizes PGP encryption rather than SMS or email. The server presents an encrypted challenge message that the user must decrypt using their private key to reveal a one-time verification code/token.

Data is encrypted at rest within the database. The system typically employs an auto-purge policy where transaction details and messages are permanently deleted after a set retention period to minimize the digital footprint and liability.

Funds are held in a secure multi-signature wallet by the marketplace infrastructure until the transaction is finalized. This protects both the buyer and vendor from fraud, releasing funds only when the order is confirmed complete or the auto-finalize timer expires.

The platform architecture supports Bitcoin (BTC) for standard ledger operations and Monero (XMR) for enhanced privacy and fungibility. XMR is often preferred by users for its ring signature obfuscation which hides the sender, receiver, and amount.

A Vendor Bond is a security deposit required to activate selling privileges. It acts as a financial deterrent against malicious behavior and ensures that vendors have a stake in the platform's integrity. The bond is typically refundable upon retirement from the platform.

Finalize Early (FE) is a privilege granted to high-reputation vendors allowing them to access funds before the product is delivered. This carries higher risk for the buyer and is generally reserved for trusted entities with a long history of successful transactions.

Upon account creation, a unique mnemonic seed phrase is generated. This cryptographic seed is the only method to recover account access if passwords are lost, as the system does not store personal recovery emails or phone numbers.

If a transaction is contested, a moderator reviews the evidence provided in the encrypted order chat. The moderator then directs the escrow funds to the appropriate party based on the findings. Clear communication is essential during this process.

The platform employs a proof-of-work (PoW) captcha system to filter automated traffic and DDoS bots. During periods of high network stress, the difficulty or frequency of these challenges may increase to maintain service stability for human users.