Research Database & FAQ

The platform utilizes the Tor network's onion routing protocols. Latency is often higher than standard web traffic due to the data bouncing through multiple relays to obfuscate the server's physical location. During periods of high traffic or DDoS attempts, the market's load balancers may introduce additional delays to verify cryptographic challenges before allowing a connection request to proceed.

Darknet infrastructure is frequently subjected to Distributed Denial of Service (DDoS) attacks. To mitigate this, WeTheNorth rotates through various V3 onion addresses. If a specific mirror is unreachable, it typically indicates the node is under stress or has been retired in favor of a fresh address. Researchers are advised to check the verified mirrors page for the latest signed links.

Access requires a Tor-enabled browser capable of resolving .onion top-level domains. Standard browsers (Chrome, Firefox, Safari) cannot resolve these addresses without specific routing configurations usually provided by the Tor Browser Bundle. Javascript is often disabled by security-conscious users, though the market interface may require limited script execution for captchas.

WeTheNorth implements a standard 2FA (Two-Factor Authentication) login system using PGP (Pretty Good Privacy). The server generates a unique message string encrypted with the user's public key. The user must decrypt this message locally to reveal a verification code, proving ownership of the private key without transmitting it. This prevents unauthorized access even if password credentials are compromised.

The system utilizes a mnemonic seed phrase generated during account creation. This phrase is the only method to reset a password or PIN. Due to the platform's "no-logs" policy, administrative staff cannot restore access to accounts if the mnemonic is lost, ensuring a zero-knowledge architecture regarding user credentials.

Authentic mirrors are cryptographically signed. Researchers verify the PGP signature of the landing page against the market's known public key. Phishing sites often fail this verification or use slightly altered URLs (typosquatting) to deceive users. Visual replication is common, making cryptographic verification the only reliable method.

The escrow system acts as a neutral holding area for cryptocurrency. Funds are locked in a multi-signature or temporary wallet until the transaction conditions are met. If a dispute arises, the market administration reviews the evidence (such as postage tracking or lack thereof). The funds are only released to the destination or refunded to the origin once the process is finalized.

The architecture primarily supports Bitcoin (BTC) and Monero (XMR). Monero is often preferred in the ecosystem due to its ring signature technology, which obfuscates the transaction history on the blockchain, providing a higher degree of privacy compared to Bitcoin's public ledger.

To prevent funds from being locked indefinitely, the system employs an auto-finalization timer. If the originating party does not dispute the transaction within a set timeframe (typically 7-14 days depending on the category), the escrow automatically releases the funds to the destination address.

Captcha failures are often due to clock synchronization issues. The Tor network requires precise timekeeping to maintain circuit stability. If the user's system clock drifts significantly from the server time, the session tokens may be considered invalid. Javascript settings (NoScript) can also interfere with certain visual captchas.