Protocol & Architecture FAQ

Torzon utilizes Tor (The Onion Router) hidden services to obscure server locations and encrypt traffic metadata. This architecture ensures that neither the hosting infrastructure nor the user's IP address is exposed to the clearnet, providing a layer of anonymity essential for the platform's operation.

The Tor network is susceptible to Distributed Denial of Service (DDoS) attacks. Torzon employs a rotational mirror strategy where multiple .onion links point to the same backend database. If one entry node is saturated, users can access the network via alternative verified mirrors, ensuring continuous uptime.

Access requires the Tor Browser, which routes traffic through three random nodes (Guard, Middle, Exit/Rendezvous) in the Tor network. Standard browsers like Chrome or Firefox cannot resolve .onion Top-Level Domains (TLDs) natively and compromise user anonymity.

JavaScript can be exploited to de-anonymize users by fingerprinting the browser or leaking real IP addresses through vulnerabilities. The Torzon interface is designed to function with JavaScript disabled (Safety Level: Safest) to minimize this attack surface.

PGP (Pretty Good Privacy) is used to verify the authenticity of mirrors and messages. The platform signs all official communications with a private key. Users can verify these signatures against the public key to ensure that the content has not been tampered with and truly originates from the Torzon infrastructure.

2FA on Torzon relies on PGP. Upon login, the server presents an encrypted message using the user's public key. The user must decrypt this message with their private key to reveal a verification code. This proves identity without relying on email or SMS.

Upon account creation, the system generates a mnemonic seed phrase. This string of words is the only cryptographic method to reset a password or PIN. Since the platform does not store personal email addresses, losing this seed results in the permanent loss of the account.

Phishing typically involves fake login pages hosted on similar-looking .onion URLs. These sites capture credentials and 2FA codes in real-time (Man-in-the-Middle). Research indicates verifying the PGP signature of the landing page is the only reliable defense against this vector.

Internal communications are protected via RSA-4096 encryption. Users are encouraged to encrypt sensitive data locally using PGP before pasting it into the messaging system, ensuring that even if the server is compromised, the message contents remain unreadable.

The escrow system acts as a neutral third-party holding mechanism. Funds are deposited into a temporary wallet controlled by the market code. The funds are only released to the vendor once the buyer confirms receipt of the goods, or returned to the buyer if a dispute is resolved in their favor.

Unlike Bitcoin, which has a transparent ledger, Monero uses ring signatures, ring confidential transactions (RingCT), and stealth addresses to obfuscate the sender, receiver, and amount. Torzon's architecture favors XMR for its fungibility and enhanced privacy properties.

To prevent spam and low-quality listings, the market architecture requires vendors to pay a non-refundable bond. This economic barrier to entry filters out casual scammers and ensures that only serious participants can list items on the platform.

To protect vendors from unresponsive buyers, the escrow system includes a timer (typically 7-14 days). If a buyer does not dispute or finalize an order within this window, the smart contract automatically releases the funds to the vendor.

CAPTCHA failures often result from clock synchronization issues between the user's client and the server, or aggressive exit node filtering. Ensuring the system clock is set to UTC and refreshing the Tor circuit usually resolves this synchronization error.

If a transaction is contested, the escrow funds are frozen. A moderator reviews the evidence (chat logs, tracking data) and uses a multi-signature key to direct the funds to the rightful party. This central mediation is a core component of trust in anonymous markets.