Technical Documentation
>> ACCESS PROTOCOLS // SECURITY STANDARDS // MARKET OPERATIONS
[01] NETWORK ACCESS
What is the primary function of this portal?
This portal operates as the authenticated entry point for Catharsis Market. Its sole purpose is to provide cryptographically signed mirror links, PGP public keys, and canary statements. It bridges the gap between the clearnet and the Tor network, ensuring users have a verifiable source for market addresses.
How do Onion Services operate?
Onion services (V3) utilize the Tor network to provide end-to-end encryption and conceal server location. Connection requests are routed through a series of virtual tunnels (Guard, Middle, Exit), stripping metadata at each hop. This architecture ensures that neither the ISP nor the website host can identify the counterparty.
How do I properly access the market?
- Download and install the Tor Browser from the official Tor Project.
- Retrieve a verified address (e.g., example.onion) from our Mirrors page.
- Import the Catharsis PGP key and verify the signed message to ensure link integrity.
- Configure Tor security settings to "Safest" (disabling JavaScript).
Why is a mirror unreachable?
Tor circuits are subject to high latency and occasional instability. Downtime may also result from DDoS mitigation rotation. If a specific mirror is unresponsive, consult the 'Mirrors' page for alternative routes. Always verify the PGP signature of new links before use.
[02] SECURITY & OPSEC
Is usage of the platform secure?
Platform security is maintained via strict protocols: Escrow, PGP 2FA, and XMR support. However, total anonymity depends on user OpSec. We strongly advise against using Windows. Recommended configuration: Tails OS booting from USB, persistent storage for PGP keys, and KeepassXC for credential management.
How is account recovery handled?
Catharsis employs a zero-knowledge recovery system. Upon registration, a mnemonic seed phrase is generated. This seed must be saved offline immediately. It is the only cryptographic proof of ownership accepted for password resets. Support staff cannot restore access without this seed.
Is PGP 2FA mandatory?
PGP Two-Factor Authentication (2FA) is mandatory for all Vendor accounts and highly recommended for Buyers. It requires the decryption of a random challenge token during login, neutralizing risks associated with password compromise or credential stuffing.
Does the market use JavaScript?
No. The platform adheres to a strict "No-JS" policy. This minimizes the attack surface against browser-based exploits and fingerprinting techniques. Users are encouraged to disable JavaScript globally within their Tor Browser settings.
[03] FINANCIAL & ORDERS
Supported Currencies & Recommendations
We accept Bitcoin (BTC) and Monero (XMR). We strongly advocate for the exclusive use of Monero. Unlike Bitcoin's transparent ledger, Monero utilizes ring signatures, stealth addresses, and RingCT to obfuscate sender, receiver, and transaction amounts.
Escrow Protocol Explained
Escrow holds user funds in a neutral market wallet. Upon order placement, funds are locked. The vendor ships the order. Funds are released to the vendor only when the buyer manually Finalizes the order upon receipt, or the Auto-Finalize timer expires. Disputes freeze this process for moderator review.
Auto-Finalize Timers
- Digital Goods: 48 Hours
- Physical Goods: 14 Days (Extendable)
Vendor Bond & Waivers
New vendor applications require a non-refundable bond payment to ensure listing quality. Bond waivers are available for established vendors migrating from recognized markets (e.g., Archetyp, Abacus) who can prove ownership of their PGP identity.
Account Deletion
Users retain the right to purge their data. The "Nuke Account" feature in settings permanently scrubs all user data, transaction history, and messages from the database. This action is irreversible and burns any remaining wallet balance.