Knowledge Base & FAQ

The TorZon infrastructure utilizes the Tor network's onion routing protocol, which encapsulates traffic in layers of encryption. Data passes through three random relays (Guard, Middle, Exit) before reaching the hidden service, ensuring that neither the user's IP address nor the server's location is exposed. Traffic analysis is mitigated by this multi-hop architecture.

A V3 Onion Address is a 56-character string utilizing Ed25519 cryptography for enhanced security over the deprecated V2 standard. This longer address length prevents brute-force enumeration and provides authentication assurance that the address belongs to the intended hidden service. All legitimate TorZon mirrors currently employ V3 standards.

JavaScript is often disabled in the "Safest" security tier of the Tor Browser to prevent browser fingerprinting and the execution of malicious scripts that could theoretically de-anonymize the user. TorZon's frontend interface is architected to function without client-side scripts, ensuring full usability even when maximum security settings are applied.

PGP (Pretty Good Privacy) creates a cryptographic trust layer. It is used for two-factor authentication (2FA) where users must decrypt a challenge message signed by the market's private key to prove ownership of their public key. This prevents account hijacking even if passwords are compromised. It is also used to encrypt sensitive communication between parties.

TorZon employs a dedicated "Anti-Phishing" landing page that displays the user's private PGP login message. Users are advised to verify this message against their own private keys. Additionally, the market digitally signs all official mirror links with the admin open-source PGP key, allowing for independent verification of the URL's authenticity before login.

The mnemonic recovery phrase is a cryptographically generated sequence of words provided only once during account creation. It serves as the sole method for resetting access credentials, as the system architecture intentionally does not store email addresses or personal identifiable information (PII) to maintain user anonymity.

The escrow system functions as an automated intermediary. Cryptocurrency funds are held in a neutral multi-signature wallet upon initiation. The funds are locked and cannot be accessed by the sender or the receiver until specific conditions are met: either the recipient confirms receipt of the digital good, or the auto-finalize timer expires.

The system currently supports Bitcoin (BTC) and Monero (XMR). Monero is often preferred in research settings due to its obfuscated ledger, which uses ring signatures and stealth addresses to break the link between the sender, receiver, and amount sent, offering superior privacy over Bitcoin's transparent blockchain.

The Auto-Finalize timer is a failsafe mechanism within the escrow logic. If a recipient does not dispute a transaction or confirm receipt within a preset timeframe (typically 7-14 days depending on the item category), the escrow script automatically releases the funds to the sender, assuming the transaction was successful but unconfirmed.

Deposits require a specific number of blockchain confirmations (usually 2 for Bitcoin and 10 for Monero) before being credited to the account balance. This delay ensures the transaction is irreversible and prevents "double-spend" attacks. High network congestion can extend these confirmation times.

The complex visual CAPTCHA system is designed to thwart automated botnets from scraping market data or launching Denial of Service attacks on the login infrastructure. It requires human interaction to solve, thereby rate-limiting requests and preserving server resources for legitimate traffic.