White House Market
White House Market is a market with a high level of security and anonymity while maintaining a simple user interface.
WhiteHouse Market Links and Mirrors
Market Forums url: http://dreadditevelidot.onion/d/WhiteHouseMarket
Market Sub url (Dread): http://dreadditevelidot.onion/d/WhiteHouseMarket
Market Rep (Dread): http://dreadditevelidot.onion/u/whitehousemarket
Payment Methods: Centralized Escrow
Payment Accepted: XMR Only
Market PGP Key
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFz1AZMBEADEuvo97ltUtP1F2FNTqomfbX8tUUSQf4xiUbN8kJvdjEVbKglr NNdVttzDVmMBDdp+dif1mGCTRSyBuga/H6LjDBnvsK0swYStfp5J0bqN82xGL1x8 w/lb2uqlYGFGaKGcX8/eHaLFmBETlx+gRM3eFyzzBwuUQykkZoRyp/DkbBSI+Lqs b+VtfiZvnDno/0NqHqjSzqvqQpzQmYY7D88JCczQMRQYJLimhySQhvNTntoAYkPz uWHQOwi9Xas1PdsbSH6vIsDoXdExR6uGSRMedRHS2kl6yCsJoloBMMhc8/Oi7l2L quJoBli8IOHgCAipCahU9ZnJaTSoZFhz+xjMOMdiKvTatXFFConN5/5Nm6+IEi1F jn8uelf43cqt2rS4vydrCvah5G4UnNw91QvRtIfqX0VpidUEYT/B4AiCLXsHOEdO ynbBn2LuXfbCohOO4TWuCwTotyvoC/32cGOVP8JC338jhPUImdOt/HYFx50sKrHp qF9h1FIRFH4gVP5hqQwllbGcsidtr/BvEbDA2uU3q8Nw8ciYPgglI6A7A7DbKuVM aFMY0uTk55xB9GX4DKHA4VIrV2EvQOzppfgQc7+jd17+KB7sieY/HSKEbqZW2ike 94nsgXwyZ2bZN0zOFx8eMGFnCqRAoo2Afu1lBQIWasEQw5lwLI6rKX2qdwARAQAB tAtzaG9wX21hc3RlcokCTgQTAQgAOBYhBHOE8kkHlb2GsA7v3NOu4E/ExgB+BQJc 9QGTAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJENOu4E/ExgB+r5UQALYy htCCJ00zlh1sOKEN7grH+Kp//Co3VEb9UvcnbKYQ+AnZq/JXvo8gZx51hYNF+uTD 7ZWnodoe5gKuuQWN4FsMHvraRWCJCXVexT5SAz2y/iSfqkSnnTydTb2c1LZFAI9f enh1FPVifqGOguochFo7G40OquUu8q4BYTUuCNCH/9vAYVVp5DFDH+MYefLJhjKc LHF4L3HvRu4duqRGg+ZQ9VBJlSrNMuUWJwCOEOWcEOxmH12A5b0s0Oyp4tF4+eCT eMaDj1rN/2rSivjqjeZhBsE9SJ1XZy/Nf9epPh8L371I56+sG/pMltOV21erinwA bXhjsnKCo9XCDC6JfPln28HBKBrO/HumBeg3z+TecEAgCDEt/7XtQFzG8eKwSwaY jC3CP8G3yj1K+hEq59D3vFdTIYJ903oBspIb0ZPpfj3f0m+rLkaSPC7qA9mo+4Ka KuHAue7CoV4fGEmal/1CdI2Ni1LM2IZSE9s3Jj+dM0UtWsV1TAZRQqEEIaGDwfey nTNxTeELdKjxMGjnPX7Zd7Au8KoSEoCgvKFQ5YGmwqe10Ojp5xZlSB/jylQXUO1F 2B2QuVOCQPBN+u+FP3Lin0OpNGqhqyAhJ3d5SjSsD7dBdWFHS0/IQaGtAp32xRa9 Y7VhK4Rc1t+PBLPj7GjcAarukZNR6QwGu5L2i1CSuQINBFz1AZMBEADHpn6LhXF0 lwCTMsYH3HlbGhJ4RHqDL/ZL1PlxAXeoND3nb8fAvvQ7R8BzoGIgUTlCX89lLqLp xSnFs8QU76BVALSBI+CpDMMQkZnq5Prl9iZGgDi0ks93IOLUftplLJd8Ah2OmALE pYQuZAQgZlZn+Z2z8Yncz0HtaKJSvXimkAn7zYLVJATFJCuxQmjxzYMSSofDftBP St28L7h2FDQD3C9tFoO6bL4LzDyv8JmrLuqUB7xD1g2DpwUIi7gosJ39r4vF2TJx 5bUc4xgQfiyBXCN3gRCbDmgUOcz4Fjcson/J1LfESgjjErIy46BrgrWTQ/u91M4Y KSdTcBAzUtmGQi3S7Ei1Q76Q9041qwCDrkhrKbqAdUTIyz7xHRaJwM/00dkfxFgV o9Svct7uLMjbIQtTwuAXwPQHBZ+HT+OewZR9zxt31rmq2W8SVLpFMbYocs3okAYY 6AvF3NycsVVXY0GGjgIzd6+LIxaZhVzaIw6AYICjHsNFWqXNTLqmYDMVbagiKt3j zuuz/k3rYzwdnx8xZNyqomgnTo0wQAKr0c7ESFc551KOj2noxoaRThxW+MppuXc3 XYteGmafe6blYGbolzqsQXSDyuIfmK1UV8Mp0W1vKR+IX2vUK6VhEvDMkwZUb1Rk KxLPKBRx08azOTbewccnSbtwQHnyr6L5EwARAQABiQI2BBgBCAAgFiEEc4TySQeV vYawDu/c067gT8TGAH4FAlz1AZMCGwwACgkQ067gT8TGAH4CAA//XQfqsRFD8g2M 3HLS01snBn05pjd7guwYr/TbIAjDy7pWsRkKHm7V+U7hq+IP+G5ojmJssz1/J+PW 0skqWBJyzfmD+GOH8YUqZ+BwijVw6BuNjIuLnj+QESXtmI+ZMoBZ/3snOCGaMNNy sLWqeWmCWrSH2H7FP89GVTjOVzDBTlXBr0vuI/YdVXfZhQfoFBmkgZr9IEbMcOYh 7Q7efyhOGx0u5NDFpRkkyFdb/ZtUdNl1gnX9Lm5hKCj+kScJuUYkObBc+bFCxs6z ODyeip6IIrDrThgLrkyPbPFtfryQLXc9x4+xQEctGY+SWEWln/2eH6/eZw+Gz/gE q9kMUutnUl+Ni2U/Ge2yuw0Q3z9uO1/OJJe9Q1RpVlR44L6c47p/5IlQVT7dueVD uRNvQ4msJhbd3bjP3Kjr5fttjzf12sclmHRFlnHqALI2BTrDixiJMzJWIsCE3uHj wjAsAx9QmVqQ82+2sO5mykBcN/UF0OZhgHxTw+uxx9bLiNDZ5nB1ZWGS68x6CK90 cAqdUsyJGUKJpBkz+7P4GViaGBuxHmhrzd04vT8/nZ1xKyzbZpKLk2HBEYP6diY8 y2udvFMDTj0wB4B2Is+vYjU/0qKaFy33FlOcvIrSmDvW2873/nkdfCpBtez+AWL5 aQqfEckE0kgaQ1dB8kV1JEhdEpVQpR0= =/fFZ -----END PGP PUBLIC KEY BLOCK-----
Brief Market Description
- Our goal is to create a simple user experience while maintaining a high level of security and anonymity.
- Everything is written from scratch. No public market script.
- Simple, intuitive design without unnecessary bells and whistles.
- Bug Bounty program.
- Fast customer service. If we get overloaded, we will suspend registration until we get more admins/moderators or until we clear our backlog.
- The official language is English. We may also offer limited support in Spanish or French.
- Both Tor and I2P mirrors.
- No vendor bond, open for everybody. We may consider adding a bond/registration fee at some point in the future.
- No withdrawal or deposit limits.
- 5% fee for sellers, no fee for buyers. This is a flat fee for finalized orders only. No hidden fees, no deposit fees, no withdrawal fees. For high volume sellers, fee can be negotiated.
- We only accept Monero for payment. Bitcoin lacks the required privacy and some users don’t know how or neglect cleaning their coins.
- Listing prices are in USD or EUR, and the exchange is calculated when ordering. XMR to EUR/USD rates are updated periodically.
- Up to 4 pictures per listing, up to 5M picture size.
- Up to 15000 characters per listing description.
- Private listings. Can be used for custom orders/discounts to specific buyers.
- Quick listing clone/duplicate.
- Idle timeout selected at login.
- Vendor selectable auto-finalize time (5-45 days).
- Detailed logging of failed sign in attempts. You will be able to see of someone tried to sign in to your account and what credentials were wrong (password or 2fa). Logs are kept for limited time.
- Simple image-based captcha, very easy to solve for humans yet hard for bots.
- Vacation mode.
- Partial refunds, can be issued by seller or by admins in case of a dispute.
- PGP signed mirror list / market statement / canary with proof of freshness, updated at least once every 72 hours.
- Configurable, PGP encrypted jabber/xmpp notifications, for both vendors and buyers.
- For now we only support escrow. We may add multisig if many users are requesting it, but for now we want to keep things simple.
- Except for some generic administration messages, no plaintext communication is allowed. You will not be able to use this market without a PGP key.
- Withdrawal requests have to be signed with PGP. This way even if someone bypasses both your password and 2fa, they can’t steal your money without your PGP private key.
- Mandatory two factor authentication based on a list of random words.
- All messages are truly end to end encrypted, so are the attached files. Nobody except the sender and the receiver will have access to your communication, not even us. Users have to encrypt the message/attachment with the receiver’s key before sending them.
- We assume that any server can be hacked or seized eventually, so we don’t want to keep more data our servers then we need to.
What is kept in plaintext:
- Listing information (title, description, pictures, price, shipping).
- User names.
- Sign in logs (for limited time).
- Limited order information history, including vendor, buyer, order totals.
- Limited feedback information.
- Monero deposit and withdrawal addresses (for limited time).
- Generic admin messages (for limited time).
- Message subjects (both between users and support tickets,for limited time).
- Public PGP keys.
- Jabber/XMPP addresses used for notifications.
What is kept encrypted:
- Messages between users (end to end encrypted, kept for a limited time).
- Messages between users and admins (end to end encrypted, kept for a limited time).
- Support tickets (end to end encrypted, kept for a limited time).
- Message attachments (end to end encrypted, kept for a limited time).
- Order details (shipping / delivery info or notes, kept for a limited time).
- User passwords.
- Two factor authentication word list
- If a user decides to close his account, all information related to that specific user/account will be purged.
- No PGP private keys are kept on the servers.
- No Monero private keys are kept on the servers.
- Main wallet is only kept offline. Because of this, we verify/process all withdrawals in batches, within 24 hours, usually much faster.
- We take periodic backups of databases, including wallets, orders, attached files.
These measures ensure that even in the event our servers are compromised/seized:
- No plaintext messages will be recovered.
- No coins will be seized.
- The attacker can only view the wallet balance, but he will not be able to transfer any funds.
- We can be up and running in no time, and no order information will be lost.
- Dedicated onions for active, large volume users.
- Messages will be deleted soon after an order is completed or support ticket is resolved, so if you need anything in those messages save them locally, as you will not be able to access them otherwise.
- Time zone is UTC, 24 hour time format.
This list is not complete. For more info visit one of our official mirrors. We are also open to suggestions from the community, if a requested feature is reasonable, we will implement it.
Since we are in beta, there will be no fees until September 22 2019 23:59 UTC. If you encounter any bugs, please report them.
* Important changes to the order flow:
As recommended by several users, we totally overhauled the ordering process by moving to a “pay per order” system. This way customers do not have to deposit money to their market wallet prior to ordering something.
* The new order flow works like this:
Find something you like.
Check listing description, vendor feedback, terms and all that.
Download and import vendor’s PGP public key.
Select desired quantity and shipping method.
Important: Enter a Monero refund address. This way you will get your money back if something goes wrong with the order.
Write a message to the vendor. Messages have to be locally encrypted (and preferably signed) before sending.
Click “Place order”. You will be presented with an “Order Status” page, where you will find the order details and a Monero address unique to this order. The address is encrypted and signed.
Send the exact XMR amount to that address within 60 minutes. That’s all. When the payment is unlocked (10 confirmations) your order will be sent to the vendor. After you sent the payment, you can refresh the “Order Status” page for updates. If you log out or close the browser, you can find the order under “Your Orders” page, “Orders waiting for payment” section.
** Send the exact order amount to that address.
** The payment requires at least 1 confirmation within 60 minutes.
** Address is unique to the order. By re-using that address and you may lose your coin.
** If you place multiple orders, you need to send multiple payments to multiple order addresses. Do not try to combine payments, it will not work.
** If you send less then the required amount, the order will be canceled and a refund will be issued.
** If you send more then the required amount, the difference will be refunded.
** If, by the time the payment is confirmed, something goes wrong with the listing (out of stock, vendor deleted listing) your order will be canceled and you will be refunded.
** If you don’t send any payment, your order will be canceled.
** The vendor will not “see” the order until payment is unlocked (after 10 network confirmations).
** Do not include a payment ID.
** Do not send the payment from an exchange. While that may work, it is very bad for your OPSEC, the amount may be different or payment may be delayed.
** Make sure the refund address belongs to a wallet you control. Lose access to the refund address and if something goes wrong with your order, your coin is gone.
** Just like withdrawals, refunds will be processed within 24 hours, usually much faster.
** Refunds are visible under your Wallet - Withdrawals and refunds.
** Vendors are not affected at all by this change.
Short version: Do not reuse XMR addresses, do not send the payment too late and everything will be fine.
Legacy deposit system has been disabled. Refunds for orders placed before this update will still go to your “classic” wallet and you will need to withdraw them like before. We ask all customers who have funds in their market wallets to withdraw, as those funds will not be able to be used for ordering. There are no withdrawal limits so you can do that for any amount, at your earliest convenience.
Vendors will not be able to place orders anymore. If you also need to buy stuff you can always create a new account.
* We added a V2 mirror: whitehouvwq2xssf.onion
* We have added a private jabber server for market users. The server is only reachable via Tor or i2p and s2s is not enabled, so you can only communicate to other market users and market admins. End to end enncryption is enforced, so please use either OMEMO (recommended), OTR or PGP encryption. Plaintext communication is forbidden.
When you register and add your PGP key, a jabber user is automatically created for you. To activate your jabber user, go to your account and click “Change jabber password”. You can choose any password you want, but we strongly recommend using different passwords for different tasks.
You do not have to use your jabber account if you do not want to, but jabber alerts to outside servers will be phased out for both security and usability issues.
The server has been successfully tested with Gajim, Pidgin (Linux) and Conversations (Android).
Jabber id: email@example.com
Password: The password chosen at the previous step.
* Certain vendors will have their private listings instantly approved without going to moderation.
* Lots of bugfixes.
* At the time of this writing we have ~ 450 vendors on board, ~ 2300 customers and ~1100 listings.
* Some bugs may be found here and there. Feel free to report any bugs by using the support form or by contacting us on Dread.
* As always: Verify links, verify our public key from multiple sources (Dread, darknetlive, dark.fail, in no particular order), verify deposit addresses, think before you click. Also remember forums are not under our control, and what you post on forums (private messages included) are to be considered public. Always encrypt communication that should not be public.
* Established vendors can now apply for Finalize Early (FE). To apply, log in and click “FE Application” under the user drop-down menu. Some vendors may already have FE enabled, to see your FE status check admin messages or go to your account page. Customers will see FE vendors while checking out a listing or a vendor profile.
* Not everybody will be accepted. We won’t publish the exact requirements for approval, however you have to be an established vendor with FE on at least one active market. More details about FE on the “Info” page.
* Finalized orders will be deleted after 15 days.
* Withdrawals can be deleted by user after they are processed or declined.
* Users who register and do not add a PGP key are considered inactive and will be deleted after 48 hours. They can always register in the future if they wish to.
* Added “Report User” and “Report Listing” options on the “Listings” page.
* Some UI and backend improvements.
* Reminder: Verify links, verify our public key from multiple sources (Dread, darknetlive, dark.fail). Also remember that forums are not under our control, and what you post on forums (private messages included) are to be considered public. Always encrypt communication that should not be public.
We already have ~100 vendors and ~400 listings.
Having considered feedback from the community, we implemented some changes:
- Changed the two factor authentication word list to PGP challenge-repose. Since everyone needs PGP to use
the market, there is no reason for users having to save/remember a word list. When you login, withdraw or place
an order you will be presented with a message encrypted with your key. Input the decrypted message and you are
good to go. You can safely discard the 25 word list as it is not needed anymore.
- Added the option for a customer to extend auto-finalize time by 5 to 15 days, 24 hours before it is
triggered. Afterwards a dispute can be started.
- Added the option for every user to wipe his account without contacting support. This action is irreversible
and will destroy all your data except for the feedback you may have left. The user you did business with will
see your account as [deleted user]. Keep in mind that after you do this, everybody can register your user name.
You cannot remove your account if you have pending orders, pending disputes or money in your wallet.
- Added some requested categories.
- Minor UI and backend improvements.
Notice to vendors: If you want your feedback imported from other markets, please contact support.
- Established vendors can now apply for Finalize Early (FE). To apply, log in
and click “FE Application” under the user drop-down menu. Some vendors may
already have FE enabled, to see your FE status check admin messages or go to
your account page. Customers will see FE vendors while checking out a listing
or a vendor profile.
- Not everybody will be accepted. We won’t publish the exact requirements for
approval, however you have to be an established vendor with FE on at least one
active market. More details about FE on the “Info” page.
- Finalized orders will be deleted after 15 days.
- Withdrawals can be deleted by user after they are processed or declined.
- Users who register and do not add a PGP key are considered inactive and
will be deleted after 48 hours. They can always register in the future if
they wish to.
- Added “Report User” and “Report Listing” options on the “Listings” page.
- Some UI and backend improvements.
- Reminder: Verify links, verify our public key from multiple sources (Dread,
darknetlive, dark.fail). Also remember that forums are not under our control,
and what you post on forums (private messages included) are to be considered
public. Always encrypt communication that should not be public.