info · query · market · forum
Mr Ouid was one of the top sellers on Silk Road from early 2011 until the end. He is one of the longest standing and trusted cannabis vendors on the darknet. A lot of money was lost when hostile parties shutdown the Silk Road and kidnapped it's operator in October 2013. The Silk Road bust highlighted the inherent insecurity of any publicly hosted hidden service.
It became evident that doing business on the darknet would require a radicaly different approach. Mr Ouid spent the next several months learning about programming and cryptography and designing plans for his own site which would evolve into the Private Marketplace as you see it today.
The Private Marketplace functions very differently from any typical darknet market. Since publicly hosted sites are always vulnerable to being spied on, hijacked or shut down at any time, it was decided that any private information should only be accessible from a secure offline computer. The public site which is accessible through tor does not store any information about users or about transactions except information that is deliberately made public.
Private information such as deposits and withdrawals, payments made between accounts, orders, messages, etc all must be encrypted using pgp/gpg on the user's computer before being submited. The encrypted data is downloaded and processed on a secure offline computer before being re-encrypted and uploaded back to the public site. To make your information even more secure, this process is done manually and therefore syncs can only occur a few times per day.
The above mentionned precautions do not prevent anyone with physical access to the server from stealing the private key to the .onion address and hijack the site. This could be done by authorities aiming to shut down the site or by hackers attempting to scam users by impersonating the original site. Therefore it was decided to seperate the functionality of the site between multiple servers hosted in different localities. You will see links to different sections at the top of each page. All these links are going to different physical servers which have no knowledge of each other's location. To prevent hijacking, all important messages and all account information is pgp signed by Mr Ouid's key which is also kept securely on his offline computer. It is important to verify the validity and age of any signed messages every time you access the site. It is especially important to verify the signature on your account information before making a deposit!
This is the server hosting the page you are seeing right now. Self-explanatory.
Please note that the listings server is no longer available. Please read your account info for information on listings.
This is where products are listed for sale. Shows the fiat prices and the bitcoin prices of listings based on the current market rates. Bitcoin rates are only estimates. They should be sync'd with the Query Server rates but in case of any discrepency the rate listed on the submit query server is the one that will be used for any bitcoin price calculations. Shipping information is also shown on the Listings Server.
The Query Server is where you submit messages, orders or any other actions. All queries submited to the Query Server must be signed and encrypted. This way the Query server does not know anything about you. The Query Server does not know who you are or what information you are submiting. This helps prevent timing attacks where the adversary would try to correlate your real life identity by analyzing the time and frequency of your online activity.
Sorry but the accounts server is currently not functioning. For now you will have to log in through the "Old Market Server" to obtain your account information. We are working on setting up a new accounts server in the near future.
The Account Server is where you can access your account information anonymously. Account information is saved in obfuscated pgp messages where the headers containing the recipient's fingerprint is blanked out. The length of the information is also obfuscated by padding the message with a random number of random characters. You can find your account information listed by id of your most recent submited query or based on a list of pre-generated account ids listed in your previous account information messages.
Account information messages include all data associated to your account! All messages sent or received (last 30 days), all orders (last 120 days), account balance, deposit address, and any other important information is in your encrypted account information message. If you cannot find your account info simply send a new query to the Query Server containing a short message such as "Hello!" and take note of the query number. This query number should show up on the account page whenever the next sync occurs (in the next 24 hours).
All account information messages are publicly listed with many different accounts shown on the same page. This is so that the Account Server cannot tell which account info is being accessed when someone loads the page. Fake account infos are also added to hide the true volume of activity.
This is the original site that is being kept for legacy purposes. It serves the same function as the Query Server and Account Server. However it is less secure as it requires "logging in" which facilitates possible timing attacks and correlation analysis by third parties. If you can use the Query Server and Account Server without any problem then you are discouraged from using the Old Market Server. It may be removed eventually once I see that everythign is running smoothly.
This is a very rudimentary forum that allows you to post feedback, questions, concerns or engage in discussions. Currently there are no logins or accounts and anyone can post anything so you should also be skeptical about any information you read there. And obviously I do not take responsibility for any content posted on the forum.
The only rules are to remain civil and not post offensive content or information that could endanger your own or anyone's safety. You are welcome to post off-topic or promotional information as long as it is not spam (the same information posted repeatedly would be removed). Please do post feedback about products you have bought and the service you have experienced. I don't get a lot of feedback because most clients have been buying for years and I'm sure they do not feel compelled to write a new review every month. Critical reviews are more than welcome as well and I will not censor anyone simply because they are disagreeable as long as the content is not highly offensive or dangerous.
If you do not have an account already, you can create one by including your PGP Key in a signed and encrypted message on the Query Server. You may include it as part of a query or on it's own. The message (including your key) must be signed for your account to be created. You will be able to access your account information from the Account Server (after the next sync) using the query number that was generated when you submited your key on the Query Server.
All messages, orders, payments and withdrawals must be made by submiting an encrypted query in a specific format. It is important to write out the query in the exact format shown in the following sections. When a sync occurs (1-3 times per day) your queries will be downloaded to Mr Ouid's offline computer where they are decrypted and processed automatically by a script.
The script will split the queries up into subqueries (individual messages, orders, etc) and process them according to the header of each subquery. You may write out as many subqueries as you'd like and include them in the same query. The completed query must be signed (with your key) and encrypted (with Mr Ouid's key
(4EACB162262E5690756862B092E8DF2D50217DFF) in a single pgp/gpg message and submited on the submit query site.
Each subquery must start with "
>>" at the beginning of a new line. The first line of each subquery is the header. This line identifies how the subquery will be processed. Each type of subquery is described below:
"This is the subject.")