Technical Research FAQ

The Mars Market ecosystem operates exclusively as a Tor hidden service. It utilizes the .onion top-level domain, which is only resolvable through the Tor network. The architecture employs a decentralized routing system to obscure the physical location of the servers, ensuring anonymity for both the host and the user. Standard web browsers (Chrome, Firefox, Edge) cannot resolve these addresses.

Tor hidden services are subject to Distributed Denial of Service (DDoS) attacks. To mitigate this, the network rotates through various 'mirror' links. These mirrors act as alternative entry points to the same backend database, ensuring uptime even if specific nodes are targeted. Researchers verify these mirrors using PGP signatures to ensure they connect to the authentic market infrastructure.

The Tor Browser is the only supported client. Security researchers recommend setting the security slider to 'Safest', which disables JavaScript on non-HTTPS sites. While the platform functions with JavaScript disabled to prevent fingerprinting, some interactive features (like CAPTCHA solving) may require specific configuration adjustments.

Pretty Good Privacy (PGP) serves as the primary cryptographic verification method within the market structure. It is used for:

• Two-Factor Authentication (2FA): Decrypting a challenge message to prove identity during login.
• Communication Encryption: Encrypting sensitive messages between parties so they are unreadable if intercepted.
• Mirror Verification: Verifying the authenticity of market URLs signed by the administration's private key.

The platform employs a rotating graphical CAPTCHA system at login and registration endpoints. This creates a Turing test barrier that prevents automated scripts and bots from brute-forcing accounts or scraping market data, thereby reducing server load and preventing denial-of-service conditions.

The platform utilizes a multi-signature escrow system. When a transaction is initiated, funds are held in a temporary, neutral wallet controlled by the market code. These funds are only released to the vendor once the buyer marks the order as finalized, or refunded if a dispute is resolved in the buyer's favor. This trustless system prevents direct theft during the transaction phase.

Monero (XMR) utilizes ring signatures, stealth addresses, and RingCT to obfuscate transaction details, making the sender, receiver, and amount untraceable on the blockchain. Bitcoin (BTC), conversely, operates on a transparent ledger where transaction histories can be traced using chain analysis tools, though it remains supported for legacy compatibility.

The Auto-Finalize timer is a smart contract-like feature that automatically releases escrowed funds to the vendor after a set period (typically 7-14 days) if the buyer does not actively dispute the order or extend the timer. This prevents funds from being locked indefinitely in the escrow wallet due to buyer inactivity.

Upon account creation, the system generates a unique mnemonic seed phrase. Since the platform operates on a zero-knowledge basis regarding user identity (no emails), this seed phrase is the only cryptographic method available to reset a password or recover a PIN. Loss of the mnemonic results in permanent loss of account access.

A Vendor Bond is a security deposit required by the market architecture for any account wishing to list items. This financial barrier to entry serves to deter spammers and low-effort malicious actors from flooding the marketplace with fraudulent listings. The bond is typically held by the market administration.