White House Market is Retiring (article)
White House Market is a market with a high level of security and anonymity while maintaining a simple user interface
PGP Key Details
- admin1 key
- 4A37 316D 30CC FAB0 6DC4 0349 F75C 0B68 26BB 917C
- admin2 key
- E1CD 0F51 1665 D682 AFBA 4A6D 4A55 E017 DC69 FD34
- shop_master key
- 7384 F249 0795 BD86 B00E EFDC D3AE E04F C4C6 007E
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 3ffonw4wo7npl2rxld5dlhskesekyermcyickdtaa3ca3quindctnfqd.onion flkzk2qjqe2yo5etsb7klxjihgrj7bi54k3iscccvkk7xbkif6x5etad.onion auzbdiguv5qtp37xoma3n4xfch62duxtdiu4cfrrwbxgckipd4aktxid.onion 7yipwxdv5cfdjfpjztiz7sv2jlzzjuepmxy4mtlvuaojejwhg3zhliqd.onion cieprrpdgp7moka2ktlwy54ooymtgsre23enrf4dfzssap74zz45f6id.onion zefmozbmelwjc4elhoim2q3t3y4z3yoodczvqagtquvwzhx763f4jtyd.onion -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEc4TySQeVvYawDu/c067gT8TGAH4FAl5T5oMACgkQ067gT8TG AH6yTw//aZOt7SFGpNB2Lyz6vPjF3iZbeO7MGxKRtvfZTVSkjDx66yD8zSv3DYfk D2KG8rlizC3CRTVoKae9Qzwz5eFh5cArYVLtAsDDPfvxi/Wb4twn0c+A74JrvxCi R2RRlnxJuI+XxOspSdDOUccv+pXA/dmCcfTLbR0hC+UDaZNgnU6w+hVhYAtqo5A/ G0xlrmO+MGMrK/7WhoSHo353T3gNYy33iUzJvMBl3ycXmWIuHvS1sQ0dopE0udu0 yE3Ij+8YHZ0jEmFtBjJhW/WV/xSnIYeMbm0uHKKg33leNzv9XLOaA0CZIDESm7+f 1N5QCR3eRALS74uHTXnzuMN/xtbBVSoJ8rRy+0saH/zgaSxUTg9+gN+Xgcx8PM03 l0V3IRP2NifmpQC8mdvnCZWrUHLSPNm2i9Jdhjz7hL9h+mB6bpYGMnICnu0UeW48 tsN9J+KrRFZClihfs7U4drkBFBVwWhmhoHsRpjVYElbVm93ls4jks8xvr7sQVMeO 95Gm+vsxb/+Pq1E+Tz2ErgHJdZf7ozF1+zfvfNRTW3Mtb918/r9HvOWZHE1wJgqY qQ4EX/M/K1pF1UwL3ICSyV9Jqanies1FhHa0sAE4wczG7gYT+CWgN9RRUMPF9pWf i4MtkWomvTsK9M5Ij+v35HBMloJtYiOBGptHVgbtoDlRn6j2Ms0= =bzGn -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 #Dread http://dreadditevelidot.onion/d/WhiteHouseMarket #Envoy http://envoys5appps3bin.onion/index.php?board=136.0 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEc4TySQeVvYawDu/c067gT8TGAH4FAl25MYwACgkQ067gT8TG AH6kqw//Swfm5IJk01CCkpXvXC/Z79/eh7k5QMUouYukuneyK/rJ9wl9hO+SwtKL zF5J0t8PH65MCykfOQeSeuUK4HjDtFi+Ja3epf8VNQr4OBkDwhgwL9zod56kf1eW rcuDPbv2bRfCnDijzmQp97FUpf0HrYTMcjOLvA0cM0g5AwGABGvZOWTQ6BGB+Jlz CYA29xu+UHcol0r77xWcqv+9bSgKnol1Ucm2oOckWs4Y4Lcm+E68H2TuRHTMpv5q FxJdh+nCtcQBINvg3kCwyINMPT029RBid8J1bEGkXiZVRDbo/pS31kFMgUzVl4bF ZTTndVne1awiaCHOjd3VOeDwa1tcfW2kI2SidXczcwCmRUxMwORcBfljrwSPRgVE gbgkbbXz/JE5Ob1+PdpTzZcASRlTEPuMjZ2wVEO7+I0XxUwu+XiZp8J9EoSpyLg9 vt45js6A78ubyO3TFhbAXfvAHIBSPDT/GOD7wP7iP4yPvFQhZRd+HzYUByHynPir f14PrNQ+R+E3c2PR0CGrP7609av2DtUL8bQXZRSakmMcXtunzxNA0zEOSCaBzTVu Kcn6ie/TmFiYi1qhOSlkB8ml3rsVRzHslIO5XU8c2salpYe4EylmYbCinuht3CkE HqgG4i/iNm9WnnQVIRuF3inNcbNZXEn4ZapX78ivXiuPBcSWmeE= =xv2k -----END PGP SIGNATURE-----
White House Market is a market with a high level of security and anonymity while maintaining a simple user interface.
- Our goal is to create a simple user experience while maintaining a high level of security and anonymity.
- Everything is written from scratch. No public market script.
- Simple, intuitive design without unnecessary bells and whistles.
- Bug Bounty program.
- Fast customer service. If we get overloaded, we will suspend registration until we get more admins/moderators or until we clear our backlog.
- The official language is English. We may also offer limited support in Spanish or French.
- Both Tor and I2P mirrors.
- No vendor bond, open for everybody. We may consider adding a bond/registration fee at some point in the future.
- No withdrawal or deposit limits.
- 5% fee for sellers, no fee for buyers. This is a flat fee for finalized orders only. No hidden fees, no deposit fees, no withdrawal fees. For high volume sellers, fee can be negotiated.
- We only accept Monero for payment. Bitcoin lacks the required privacy and some users don’t know how or neglect cleaning their coins.
- Listing prices are in USD or EUR, and the exchange is calculated when ordering. XMR to EUR/USD rates are updated periodically.
- Up to 4 pictures per listing, up to 5M picture size.
- Up to 15000 characters per listing description.
- Private listings. Can be used for custom orders/discounts to specific buyers.
- Quick listing clone/duplicate.
- Idle timeout selected at login.
- Vendor selectable auto-finalize time (5-45 days).
- Detailed logging of failed sign in attempts. You will be able to see of someone tried to sign in to your account and what credentials were wrong (password or 2fa). Logs are kept for limited time.
- Simple image-based captcha, very easy to solve for humans yet hard for bots.
- Vacation mode.
- Partial refunds, can be issued by seller or by admins in case of a dispute.
- PGP signed mirror list / market statement / canary with proof of freshness, updated at least once every 72 hours.
- Configurable, PGP encrypted jabber/xmpp notifications, for both vendors and buyers.
- For now we only support escrow. We may add multisig if many users are requesting it, but for now we want to keep things simple.
- Except for some generic administration messages, no plaintext communication is allowed. You will not be able to use this market without a PGP key.
- Withdrawal requests have to be signed with PGP. This way even if someone bypasses both your password and 2fa, they can’t steal your money without your PGP private key.
- Mandatory two factor authentication based on a list of random words.
- All messages are truly end to end encrypted, so are the attached files. Nobody except the sender and the receiver will have access to your communication, not even us. Users have to encrypt the message/attachment with the receiver’s key before sending them.
- We assume that any server can be hacked or seized eventually, so we don’t want to keep more data our servers then we need to.
What is Kept in Plaintext
- Listing information (title, description, pictures, price, shipping).
- User names.
- Sign in logs (for limited time).
- Limited order information history, including vendor, buyer, order totals.
- Limited feedback information.
- Monero deposit and withdrawal addresses (for limited time).
- Generic admin messages (for limited time).
- Message subjects (both between users and support tickets,for limited time).
- Public PGP keys.
- Jabber/XMPP addresses used for notifications.
What is kept encrypted
- Messages between users (end to end encrypted, kept for a limited time).
- Messages between users and admins (end to end encrypted, kept for a limited time).
- Support tickets (end to end encrypted, kept for a limited time).
- Message attachments (end to end encrypted, kept for a limited time).
- Order details (shipping / delivery info or notes, kept for a limited time).
- User passwords.
- Two factor authentication word list
- If a user decides to close his account, all information related to that specific user/account will be purged.
- No PGP private keys are kept on the servers.
- No Monero private keys are kept on the servers.
- Main wallet is only kept offline. Because of this, we verify/process all withdrawals in batches, within 24 hours, usually much faster.
- We take periodic backups of databases, including wallets, orders, attached files.
These measures ensure that even in the event our servers are compromised/seized:
- No plaintext messages will be recovered.
- No coins will be seized.
- The attacker can only view the wallet balance, but he will not be able to transfer any funds.
- We can be up and running in no time, and no order information will be lost.
- Dedicated onions for active, large volume users.
- Messages will be deleted soon after an order is completed or support ticket is resolved, so if you need anything in those messages save them locally, as you will not be able to access them otherwise.
- Time zone is UTC, 24 hour time format.
This list is not complete. For more info visit one of our official mirrors. We are also open to suggestions from the community, if a requested feature is reasonable, we will implement it.