Research & Knowledge Base

The network operates exclusively on the Tor (The Onion Router) network, utilizing V3 onion services. This architecture ensures end-to-end encryption and hides the server's physical location through decentralized routing nodes. Unlike standard web traffic, connections are routed through three encrypted hops, providing anonymity for both the host and the client.

The infrastructure employs a rotating mirror system and a proof-of-work (PoW) CAPTCHA challenge at the entry node. This filters automated traffic before it reaches the core application servers. During high-traffic events, specific mirrors may be designated as "private" or rotated out of the public pool to maintain stability.

Tor network latency depends on the specific circuit (path of 3 nodes) chosen by the client. Additionally, specific mirrors may be under heavier load or experiencing targeted DDoS attacks, while others remain uncongested. Users are advised to rotate mirrors if they experience timeouts.

Security researchers recommend disabling Javascript in the Tor Browser to prevent browser fingerprinting and mitigate cross-site scripting (XSS) vulnerabilities. The WeTheNorth interface is intentionally designed to function without client-side scripts to maximize user anonymity.

Pretty Good Privacy (PGP) is used to verify the authenticity of mirrors and messages. Administrators sign announcements with a private key; users verify this against the public key to ensure the information has not been tampered with or spoofed by malicious actors. It is the gold standard for authentication in trustless environments.

Two-Factor Authentication (2FA) is implemented via PGP. When logging in, the server presents an encrypted message using the user's public key. The user must decrypt this message locally to reveal a verification code, proving ownership of the associated private key. This prevents access even if the password is compromised.

A phishing mirror is a replica site hosted by an adversary designed to capture login credentials. These sites often use similar onion addresses. Verifying the PGP signature of the landing page is the only cryptographic method to confirm authenticity. Users should never input credentials without verifying the mirror first.

The escrow system holds funds in a temporary holding wallet until transaction conditions are met. Funds are not directly transferred to the vendor upon purchase. Once the product is marked as received or the timer expires, the funds are released. This prevents fraud by ensuring neither party holds the funds directly during transit.

The platform primarily supports Bitcoin (BTC) and Monero (XMR). Monero is often preferred in research analysis due to its opaque blockchain (RingCT), which obfuscates sender, receiver, and amount data by default.

This is a hard-coded timer (usually 7-14 days depending on the product type) that automatically releases held escrow funds to the vendor if the buyer does not dispute the transaction or mark it as finalized within the timeframe. This prevents funds from being locked indefinitely if a buyer becomes unresponsive.

A vendor bond is a security deposit paid by accounts wishing to list items. This financial barrier to entry is designed to deter spammers and low-effort scammers from flooding the marketplace with fake listings. The bond is held by the market administration.

Deposits require a specific number of blockchain confirmations (typically 2-3 for Bitcoin, 10 for Monero) before being credited. Additionally, heavy network congestion on the Tor network can delay the synchronization of the backend wallet daemons.

Upon account creation, a unique mnemonic phrase is generated. This phrase is cryptographically linked to the account's private key. In the event of a lost password, the mnemonic is the only method to recover access, as the system does not store plaintext passwords. If the mnemonic is lost, the account cannot be recovered.

No. Both Bitcoin and Monero operate on immutable ledgers. Once a transaction is confirmed by the network miners, it cannot be reversed. This is why the internal escrow system is critical for transaction safety.