What features should a world-class marketplace have?

[boblishus]

Also automatic PGP Encryption for messaging on orders

 

[JankyCoyote]

Also automatic PGP Encryption for messaging on orders

boblishusEw! No! This is a bad idea. It requires a third party to hold your private key which means if that third party is ever breached (law enforcement action, black hat hackers, turncoat employee, etc.) anyone and everyone who used the service has their private key compromised. Always ALWAYS encrypt your communications yourself on your own hardware and avoid anybody who does not (because if they get compromised, your communications with them are also compromised.

 

[HEISENBERG]

Also automatic PGP Encryption for messaging on orders

boblishusWhat's the point of this? Law enforcement will still read everything they need to if they find the servers. The problem with encrypting data online is that encrypted data is transmitted to the server already encrypted. If you send unencrypted data to the server and encrypt it on the server, it means that anyone with physical access to the server can intercept the unencrypted packets.

 

[JankyCoyote]

It is one more step the l*w e*force*ent has to go thru to get u. I think it is worth it since it is free.

goatsemnleyEnabling auto-encription (like ProtonMail does) requires you to share your private key with the server. LE actually prefers this because it gives them a single target to gain access to numerous (anybody who used the auto-encrypt service) private keys and, by extention, access to anything sent or recived by, and even ability to pose as, the original owner of the keys. It's a horrible idea and should never be implemented. You should ALWAYS encrypt on your own hardware and avoid anybody who does not.

 

[HEISENBERG]

Enabling auto-encription (like ProtonMail does) requires you to share your private key with the server. LE actually prefers this because it gives them a single target to gain access to numerous (anybody who used the auto-encrypt service) private keys and, by extention, access to anything sent or recived by, and even ability to pose as, the original owner of the keys. It's a horrible idea and should never be implemented. You should ALWAYS encrypt on your own hardware and avoid anybody who does not.

JankyCoyoteThen what is the point of encryption if the server owner owns all the private and public keys? Who is the data encrypted from?
The question is rhetorical. It is unequivocal that in any implementation of text encryption "on the fly" using PGP is not safe for anyone.

 

[JankyCoyote]

Then what is the point of encryption if the server owner owns all the private and public keys? Who is the data encrypted from?
The question is rhetorical. It is unequivocal that in any implementation of text encryption "on the fly" using PGP is not safe for anyone.

HEISENBERGPrecicely! It's the same reason having an email exchange with anyone who uses ProtonMail is so frowned upon. Since they offer auto-encryption, you can't tell if the other party is using proper opsec and encrypting on their own hardware, or if they are using auto-encryption, putting the entire conversation at risk of exposure if LE ever takes an interest in Proton's servers.

And, yes, I'm spelling that out for anyone else who's reading. I can't imagine it would be new information to you.

 

[idlewild]

Precicely! It's the same reason having an email exchange with anyone who uses ProtonMail is so frowned upon. Since they offer auto-encryption, you can't tell if the other party is using proper opsec and encrypting on their own hardware, or if they are using auto-encryption, putting the entire conversation at risk of exposure if LE ever takes an interest in Proton's servers.

And, yes, I'm spelling that out for anyone else who's reading. I can't imagine it would be new information to you.

JankyCoyoteWhy would proton be a worse choice regardless of how you use it? I don't understand that type of technology well so I try to listen to those that do. Is it still an issue regardless of how thorough the opsec is on your end?

 

[HEISENBERG]

Why would proton be a worse choice regardless of how you use it? I don't understand that type of technology well so I try to listen to those that do. Is it still an issue regardless of how thorough the opsec is on your end?

idlewildProton cooperates with law enforcement agencies and makes no secret of the fact that it passes user data to them if they receive such a request. Who decided that this is a safe way to exchange messages?

 

[JankyCoyote]

Why would proton be a worse choice regardless of how you use it? I don't understand that type of technology well so I try to listen to those that do. Is it still an issue regardless of how thorough the opsec is on your end?

idlewildLets assume you (Agent1) have amazing op-sec on your end. Agent1 encrypts/decrypts using only their own hardware and are the only one who has access to their private key. Agent1 is talking to someone (Agent2) who uses Proton. Agent2 has decided to use the auto-encrypt feature that Proton offers. Agent2 comes to the attenttion of LE for possible illegal dealings, so LE files a legal request with Proton for any information they have on Agent2. Proton complies and sends them all stored information they have. This includes the private encryption key and any stored emails. Using Agent2's private key they can now read the entire conversation Agent2 had with Agent1. In fact, since LE now has Agent2's private key, they can pose as Agent2 to try and build a case against Agent1.

This gets even worse if LE decides to simply seize Proton's servers, giving them access to anobody's (who used the auto-encrypt feature) private keys and conversations. This has happened with a couple marketplaces already (LE seized the marketplace and continued to run it as an exit scam both to steal money and get as much user information as possible).

Because Proton encourages users to practice poor op-sec (use their auto-encrypt feature) it is simply a good idea to avoid exchanging emails with people who use Proton accounts, even if you don't use it yourself.

 

[JankyCoyote]

For my "Other" vote:
Escrow. Buyer and seller ratings. Product testing.

edit:
My idea for product testing: the tester buys product from sellers on a random (but at least semi-regular) basis. If the product fails testing, seller loses their trusted status until three passed tests. Multiple failed tests means they are removed from the platform. This may also include stealth testing. Blatantly un-stealthy shipments should also be flagged unless the seller is explicitly not trying to be stealthy.

 

[miner21]

Maybe incentive product testing. Maybe if a vendor has their product tested randomly by unknown buyers they should get a badge or something if it always tests clean

 

[CrimPsy]

I like the idea of consistent supply/product testing in some way, whether it be a team made up of forum members who than leave a review (members would need a way to be recognized as testers and should have a spot on their profile showing which vendors they tested/reviewed so they can’t vouch for sellers they have not had any dealings with); or as a requirement to become a “vendor/trusted vendor”; or random checks by admins!
—Testers should have to leave a review or have a rating system for quality of product (including the route of administration used) quality of service, quality of packaging/stealth and should have to provide proof of reagent testing on the product either to an admin or as part of the review.
In my opinion lab reports are just a waste of time as Lab reports can be faked unless product was sent to the lab by “testers/admins”.
—But for any sellers reading this it does add an appeal over someone that doesn’t provide them.
Personally I like the escrow service and think I prefer the third party to taking my chances and think it should be a must for transactions unless the seller pays a standard fee to become a vendor or provides a refundable payment to cover the cost of scamming an average sale

love the work y’all are doing and the effort put in so far; also really appreciate all the information one can find here so thank you and keep it up!!!

 

[goodoleteddy]

Also I think I'd add a batch number basic system. That way if something happens to their client the batch that was prepared is isolated from purchases

 

[LeiTruth]

What is the most important features for you for you to choose a most suitable trading platform?
You can choose more than one answer or write your own option in the comments

HEISENBERG
> No JS (Java Script)



^This

 

[DMTrott]

Harm reduction information.

A few months ago I wrote the article below. If you are a market admin, or if you own an onion directory, please read it. It can be as simple as adding a link to the PDF, but it makes a real difference out there. It saves lives. If you aren’t on board already please help. [Note: BB is already on board].

DRUGS, THE DARKNET & THE MEDIA [MY STORY]
The darknet drug markets now provide more harm reduction information to users than both the government and the established media. How did this situation arise, and why does it remain unreported?

—-

Furnishing individuals with safety information on their drug of choice reduces the risk of tragedy and death. This is a self-evident truth. Putting it another way, via a popular mantra: ignorance kills education saves lives.

This stark and somewhat obvious premise drove a project which began more in hope than expectation almost 15 years ago. It was during the summer of 2009 that I took the first steps in writing what eventually became The Drug Users Bible, a best-selling 638-page harm reduction tome.

This was always going to be a serious and lengthy undertaking. I resolved to not only document every drug in common use, both chemical and botanical, but to also experience them for myself. I felt that to have credibility amongst drug consumers this was an essential pre-requisite. As someone bluntly told me at the time, if I didn’t do this I would be like a nun offering sex education.

What I didn’t know at the start was that I would ultimately self-administer 182 different drugs, on a journey which would have tremendous highs, but far too many horrendous and traumatic lows. Despite the latter I got there in the end, and I was more than happy with final result. It is, without doubt, helping thousands to mitigate risk and to take more informed decisions regarding drug use.

However, there was always an element of dissatisfaction in the back of mind in the form of a question: what about the people who didn’t buy books or who couldn’t afford them? By the summer of 2023 my imagination was running riot as I sought to resolve this troubling and perplexing issue.

IMAGINE REACHING THOSE MOST IN NEED

Imagine vital harm reduction information being provided without charge at point of drug purchase, on a global basis. Imagine the potential impact this might have in terms of user safety.

Is this vision really so far fetched? On visiting a doctor or a pharmacy provision of safety information is routine, and this usually extends well beyond dose, frequency and duration.

Why can’t the same apply to recreational drugs? Is there a way to integrate harm reduction into the supply chain despite the unremitting brutality of the drug war?

The answer to the latter turned out to be yes, at least in part.

THE DARKNET & ITS MARKETS

The darknet, and in particular the darknet markets, play an increasingly important role in terms of the distribution of drugs. Consumers and vendors alike source from this hidden and anonymous alternative to the visible Internet which most people are familiar with.

With respect to this, my light-bulb moment regarding the above issues came in the form of a what-if.

What if I created a free-of-charge PDF version of The Drug Users Bible? What if I could actually communicate with the owners of the markets? What if they provided this PDF without charge to customers? Was this possible? Would they even listen?

I realised immediately that, although the prospects appeared to be slim, I had to go for it: even with limited success someone somewhere might pick something up from the PDF which would save their lives. But where would I start?

THE DARKNET HARM REDUCTION PROJECT IS BORN

Luckily, like the Internet, the darknet has a social media stratum. This is dominated by a Reddit-like platform called Dread. This was the obvious start-point.

I contacted the staff there, explained my vision, and simply asked for help. With the response, an enthusiastic yes, I knew that this had a chance. The project was on. Dread became the first darknet entity to host the PDF, and they launched it with vigour, such that even some of the markets would become aware of it. It was now obvious that I had to seize the moment.

I thus began to identify every significant market. I prepared my script and started the lengthy process of establishing a means of communication. One by one I approached them, explaining the mission and asking them to either host the PDF or to provide a link to it, so that customers (drug consumers) had the opportunity to obtain their own copy.

This took patience and persistence, and months of effort, but eventually I got there. Almost every market of any significance is now on board, thus adding to their innate regulatory functionality (such provision of an eBay-like vendor rating system, which helps to protect consumers against adulterated supply). In another unexpected turn, a growing number of individual vendors are also offering the PDF at point of sale.

THE (UNREPORTED) CONCRETE REALITY

The more drug consumers who are exposed to harm reduction information the more effective this project becomes. So by any measure the project has exceeded all expectations, and continues to do so. It is now making a difference in the real world.

The media though (with the honourable exception of the BBC World Service) never fails to disappoint. My Reddit quote, below, was perhaps borne of frustration, but is nonetheless a reasonable summary of the situation:

“If an individual is caught selling drugs on a darknet market it is solemnly presented as a news-worthy story across much of the media landscape. If a market operator is caught it garners headlines across the world.
However, when those same markets evolve to provide life-critical harm reduction material directly at point of drug sale, this significant public health development remains unreported.”

Fortunately, this abrogation does not change the concrete reality on the ground.

THE CAVALRY ISN’T GOING TO APPEAR

At the very beginning I framed the context for the book, and the project, with the following commentary:

“People are dying because of ignorance.
They are dying because unremitting propaganda is denying them vital safety information.
They are dying because legislators and the media are censoring the science, and are ruthlessly pushing an ideological agenda instead.
They are dying because the first casualty of war is truth, and the war on drugs is no different.”

Although the safety data I collated and researched over so many years is now literally at the fingertips of countless thousands, this remains the case. Further, no cavalry, in the form of a benevolent government or philanthropic authority, is going to appear and suddenly provide this form of education.

This, however, is a project with which anyone can help. Thus, if you know someone who may be at risk, or who may simply appreciate further information on drug safety; please feel free to forward to them. The download is available from all the major cloud networks, as listed on this page: https://www.drugusersbible.com/2018/01/pdf.html.

Despite the indifference of society at large and the many obstacles in situ, as a community we can reduce ignorance: we can educate. Collectively we can save more of those lives. Although this isn’t a sweeping all-encompassing solution to the misery and death inherently caused by the war on drugs, it is at least something. Let’s do it.

Dominic Milton Trott,

 

[miner21]

I think 2fa is also important for us. I have seen markets that you input your public key then decrypt a message and get a pin to login. It doesnt have to be that but some type of 2fa