What features should a world-class marketplace have?

[boblishus]

Also automatic PGP Encryption for messaging on orders

 

[JankyCoyote]

Ew! No! This is a bad idea. It requires a third party to hold your private key which means if that third party is ever breached (law enforcement action, black hat hackers, turncoat employee, etc.) anyone and everyone who used the service has their private key compromised. Always ALWAYS encrypt your communications yourself on your own hardware and avoid anybody who does not (because if they get compromised, your communications with them are also compromised.

 

[Alpino [ B.H.M.]]

they can have acces to the server and encrypted message ,but with my private key and pass. i decrypt the message in my offline app .The message wich i decrypted it will never reach autorithies because only i can see the message in a simple text document and i never save in my perssistent storage .
Maybe i didn t understang very well and i appologize .
And i don t want to beleive the are people that decrypts their messages online and also i don t want to beleive that someone could create their PGP online .
Always use an Amnesia operating system , I'm not a professional in this case ,but i think if you search enough to make yourself a good OPSEC you will find a lot of details that can help you a lot . BE Safe bros!

 

[HEISENBERG]

What's the point of this? Law enforcement will still read everything they need to if they find the servers. The problem with encrypting data online is that encrypted data is transmitted to the server already encrypted. If you send unencrypted data to the server and encrypt it on the server, it means that anyone with physical access to the server can intercept the unencrypted packets.

 

[JankyCoyote]

Enabling auto-encription (like ProtonMail does) requires you to share your private key with the server. LE actually prefers this because it gives them a single target to gain access to numerous (anybody who used the auto-encrypt service) private keys and, by extention, access to anything sent or recived by, and even ability to pose as, the original owner of the keys. It's a horrible idea and should never be implemented. You should ALWAYS encrypt on your own hardware and avoid anybody who does not.

 

[HEISENBERG]

Then what is the point of encryption if the server owner owns all the private and public keys? Who is the data encrypted from?
The question is rhetorical. It is unequivocal that in any implementation of text encryption "on the fly" using PGP is not safe for anyone.

 

[JankyCoyote]

Precicely! It's the same reason having an email exchange with anyone who uses ProtonMail is so frowned upon. Since they offer auto-encryption, you can't tell if the other party is using proper opsec and encrypting on their own hardware, or if they are using auto-encryption, putting the entire conversation at risk of exposure if LE ever takes an interest in Proton's servers.

And, yes, I'm spelling that out for anyone else who's reading. I can't imagine it would be new information to you.

 

[idlewild]

Why would proton be a worse choice regardless of how you use it? I don't understand that type of technology well so I try to listen to those that do. Is it still an issue regardless of how thorough the opsec is on your end?

 

[HEISENBERG]

Proton cooperates with law enforcement agencies and makes no secret of the fact that it passes user data to them if they receive such a request. Who decided that this is a safe way to exchange messages?

 

[JankyCoyote]

Lets assume you (Agent1) have amazing op-sec on your end. Agent1 encrypts/decrypts using only their own hardware and are the only one who has access to their private key. Agent1 is talking to someone (Agent2) who uses Proton. Agent2 has decided to use the auto-encrypt feature that Proton offers. Agent2 comes to the attenttion of LE for possible illegal dealings, so LE files a legal request with Proton for any information they have on Agent2. Proton complies and sends them all stored information they have. This includes the private encryption key and any stored emails. Using Agent2's private key they can now read the entire conversation Agent2 had with Agent1. In fact, since LE now has Agent2's private key, they can pose as Agent2 to try and build a case against Agent1.

This gets even worse if LE decides to simply seize Proton's servers, giving them access to anobody's (who used the auto-encrypt feature) private keys and conversations. This has happened with a couple marketplaces already (LE seized the marketplace and continued to run it as an exit scam both to steal money and get as much user information as possible).

Because Proton encourages users to practice poor op-sec (use their auto-encrypt feature) it is simply a good idea to avoid exchanging emails with people who use Proton accounts, even if you don't use it yourself.

 

[Alpino [ B.H.M.]]

 

[PharmacopeiaLabs]

what about simply using services that allow you to create notes which self-destruct after opening once?
for sending shipping details of course

 

[Waverunner]

I think one that's not up there is constant testing of product. People whom buy want to know what exactly they're getting.

 

[Alpino [ B.H.M.]]

Yes of coursee that s why the sellers have reviews , you are from police theat you require infirmation about the product and vendor personal way of doing his works . This are not question people should ask (the way it s packed or hide or maybe worse some people want pictures of the lab they use (if the use)? Products have description and reviews . i don t beleive that if you have 10 reviews all that customers are stupid and you don t beleive them. Absolutely no vendor eith ecperience will ever do that ,because DEA is watching us remember because we don t sell Jordans )

 

[VeniuviusVespa]

Should at the very least be a requirement for trusted seller status

 

[Alpino [ B.H.M.]]

DEA or FBI ? ))))

 

[JankyCoyote]

For my "Other" vote:
Escrow. Buyer and seller ratings. Product testing.

edit:
My idea for product testing: the tester buys product from sellers on a random (but at least semi-regular) basis. If the product fails testing, seller loses their trusted status until three passed tests. Multiple failed tests means they are removed from the platform. This may also include stealth testing. Blatantly un-stealthy shipments should also be flagged unless the seller is explicitly not trying to be stealthy.

 

[miner21]

Maybe incentive product testing. Maybe if a vendor has their product tested randomly by unknown buyers they should get a badge or something if it always tests clean

 

[CrimPsy]

I like the idea of consistent supply/product testing in some way, whether it be a team made up of forum members who than leave a review (members would need a way to be recognized as testers and should have a spot on their profile showing which vendors they tested/reviewed so they can’t vouch for sellers they have not had any dealings with); or as a requirement to become a “vendor/trusted vendor”; or random checks by admins!
—Testers should have to leave a review or have a rating system for quality of product (including the route of administration used) quality of service, quality of packaging/stealth and should have to provide proof of reagent testing on the product either to an admin or as part of the review.
In my opinion lab reports are just a waste of time as Lab reports can be faked unless product was sent to the lab by “testers/admins”.
—But for any sellers reading this it does add an appeal over someone that doesn’t provide them.
Personally I like the escrow service and think I prefer the third party to taking my chances and think it should be a must for transactions unless the seller pays a standard fee to become a vendor or provides a refundable payment to cover the cost of scamming an average sale

love the work y’all are doing and the effort put in so far; also really appreciate all the information one can find here so thank you and keep it up!!!

 

[Waverunner]

Also I think I'd add a batch number basic system. That way if something happens to their client the batch that was prepared is isolated from purchases

 

[LeiTruth]

> No JS (Java Script)



^This

 

[DMTrott]

Harm reduction information.

A few months ago I wrote the article below. If you are a market admin, or if you own an onion directory, please read it. It can be as simple as adding a link to the PDF, but it makes a real difference out there. It saves lives. If you aren’t on board already please help. [Note: BB is already on board].

DRUGS, THE DARKNET & THE MEDIA [MY STORY]
The darknet drug markets now provide more harm reduction information to users than both the government and the established media. How did this situation arise, and why does it remain unreported?

—-

Furnishing individuals with safety information on their drug of choice reduces the risk of tragedy and death. This is a self-evident truth. Putting it another way, via a popular mantra: ignorance kills education saves lives.

This stark and somewhat obvious premise drove a project which began more in hope than expectation almost 15 years ago. It was during the summer of 2009 that I took the first steps in writing what eventually became The Drug Users Bible, a best-selling 638-page harm reduction tome.

This was always going to be a serious and lengthy undertaking. I resolved to not only document every drug in common use, both chemical and botanical, but to also experience them for myself. I felt that to have credibility amongst drug consumers this was an essential pre-requisite. As someone bluntly told me at the time, if I didn’t do this I would be like a nun offering sex education.

What I didn’t know at the start was that I would ultimately self-administer 182 different drugs, on a journey which would have tremendous highs, but far too many horrendous and traumatic lows. Despite the latter I got there in the end, and I was more than happy with final result. It is, without doubt, helping thousands to mitigate risk and to take more informed decisions regarding drug use.

However, there was always an element of dissatisfaction in the back of mind in the form of a question: what about the people who didn’t buy books or who couldn’t afford them? By the summer of 2023 my imagination was running riot as I sought to resolve this troubling and perplexing issue.

IMAGINE REACHING THOSE MOST IN NEED

Imagine vital harm reduction information being provided without charge at point of drug purchase, on a global basis. Imagine the potential impact this might have in terms of user safety.

Is this vision really so far fetched? On visiting a doctor or a pharmacy provision of safety information is routine, and this usually extends well beyond dose, frequency and duration.

Why can’t the same apply to recreational drugs? Is there a way to integrate harm reduction into the supply chain despite the unremitting brutality of the drug war?

The answer to the latter turned out to be yes, at least in part.

THE DARKNET & ITS MARKETS

The darknet, and in particular the darknet markets, play an increasingly important role in terms of the distribution of drugs. Consumers and vendors alike source from this hidden and anonymous alternative to the visible Internet which most people are familiar with.

With respect to this, my light-bulb moment regarding the above issues came in the form of a what-if.

What if I created a free-of-charge PDF version of The Drug Users Bible? What if I could actually communicate with the owners of the markets? What if they provided this PDF without charge to customers? Was this possible? Would they even listen?

I realised immediately that, although the prospects appeared to be slim, I had to go for it: even with limited success someone somewhere might pick something up from the PDF which would save their lives. But where would I start?

THE DARKNET HARM REDUCTION PROJECT IS BORN

Luckily, like the Internet, the darknet has a social media stratum. This is dominated by a Reddit-like platform called Dread. This was the obvious start-point.

I contacted the staff there, explained my vision, and simply asked for help. With the response, an enthusiastic yes, I knew that this had a chance. The project was on. Dread became the first darknet entity to host the PDF, and they launched it with vigour, such that even some of the markets would become aware of it. It was now obvious that I had to seize the moment.

I thus began to identify every significant market. I prepared my script and started the lengthy process of establishing a means of communication. One by one I approached them, explaining the mission and asking them to either host the PDF or to provide a link to it, so that customers (drug consumers) had the opportunity to obtain their own copy.

This took patience and persistence, and months of effort, but eventually I got there. Almost every market of any significance is now on board, thus adding to their innate regulatory functionality (such provision of an eBay-like vendor rating system, which helps to protect consumers against adulterated supply). In another unexpected turn, a growing number of individual vendors are also offering the PDF at point of sale.

THE (UNREPORTED) CONCRETE REALITY

The more drug consumers who are exposed to harm reduction information the more effective this project becomes. So by any measure the project has exceeded all expectations, and continues to do so. It is now making a difference in the real world.

The media though (with the honourable exception of the BBC World Service) never fails to disappoint. My Reddit quote, below, was perhaps borne of frustration, but is nonetheless a reasonable summary of the situation:

Fortunately, this abrogation does not change the concrete reality on the ground.

THE CAVALRY ISN’T GOING TO APPEAR

At the very beginning I framed the context for the book, and the project, with the following commentary:

Although the safety data I collated and researched over so many years is now literally at the fingertips of countless thousands, this remains the case. Further, no cavalry, in the form of a benevolent government or philanthropic authority, is going to appear and suddenly provide this form of education.

This, however, is a project with which anyone can help. Thus, if you know someone who may be at risk, or who may simply appreciate further information on drug safety; please feel free to forward to them. The download is available from all the major cloud networks, as listed on this page: https://www.drugusersbible.com/2018/01/pdf.html.

Despite the indifference of society at large and the many obstacles in situ, as a community we can reduce ignorance: we can educate. Collectively we can save more of those lives. Although this isn’t a sweeping all-encompassing solution to the misery and death inherently caused by the war on drugs, it is at least something. Let’s do it.

Dominic Milton Trott,

 

[ron_obvious]

As a propagator of correct spelling and grammar, I simply couldn’t help but swoon (in a fashion) at your writing. Thank you for delivering an incredibly important message and for doing so in a manner which serves well the language in which it was written.

 

[miner21]

I think 2fa is also important for us. I have seen markets that you input your public key then decrypt a message and get a pin to login. It doesnt have to be that but some type of 2fa

 

[hydroman1212]

BB should provide chart data of users on there platform "HOW MUCH USERS THEY HAVE FROM DIFFERENT COUNTRIES" it will help future seller to target specific country of interest.

Example:-

USER MARKET DATA BB

USA - 30%

Germany - 8%

United Kingdom - 25%

Poland - 6%

France - 9%

Sweden - 12%

Spain - 14%

Brazil - 16%

So here as a seller i will only select two countries to sell my product which have higher % of potential buyers or at least i know how much buyers i have from my country as a local seller of specific country.