White House Market
White House Market is a market with a high level of security and anonymity while maintaining a simple user interface.
WhiteHouse Market Links and Mirrors
Payment Methods: Centralized Escrow
Payment Accepted: XMR Only
Market PGP Keys
|Admin||Key Fingerprint||Public key|
Brief Market Description
- Our goal is to create a simple user experience while maintaining a high level of security and anonymity.
- Everything is written from scratch. No public market script.
- Simple, intuitive design without unnecessary bells and whistles.
- Bug Bounty program.
- Fast customer service. If we get overloaded, we will suspend registration until we get more admins/moderators or until we clear our backlog.
- The official language is English. We may also offer limited support in Spanish or French.
- Both Tor and I2P mirrors.
- No vendor bond, open for everybody. We may consider adding a bond/registration fee at some point in the future.
- No withdrawal or deposit limits.
- 5% fee for sellers, no fee for buyers. This is a flat fee for finalized orders only. No hidden fees, no deposit fees, no withdrawal fees. For high volume sellers, fee can be negotiated.
- We only accept Monero for payment. Bitcoin lacks the required privacy and some users don't know how or neglect cleaning their coins.
- Listing prices are in USD or EUR, and the exchange is calculated when ordering. XMR to EUR/USD rates are updated periodically.
- Up to 4 pictures per listing, up to 5M picture size.
- Up to 15000 characters per listing description.
- Private listings. Can be used for custom orders/discounts to specific buyers.
- Quick listing clone/duplicate.
- Idle timeout selected at login.
- Vendor selectable auto-finalize time (5-45 days).
- Detailed logging of failed sign in attempts. You will be able to see of someone tried to sign in to your account and what credentials were wrong (password or 2fa). Logs are kept for limited time.
- Simple image-based captcha, very easy to solve for humans yet hard for bots.
- Vacation mode.
- Partial refunds, can be issued by seller or by admins in case of a dispute.
- PGP signed mirror list / market statement / canary with proof of freshness, updated at least once every 72 hours.
- Configurable, PGP encrypted jabber/xmpp notifications, for both vendors and buyers.
- For now we only support escrow. We may add multisig if many users are requesting it, but for now we want to keep things simple.
- Except for some generic administration messages, no plaintext communication is allowed. You will not be able to use this market without a PGP key.
- Withdrawal requests have to be signed with PGP. This way even if someone bypasses both your password and 2fa, they can't steal your money without your PGP private key.
- Mandatory two factor authentication based on a list of random words.
- All messages are truly end to end encrypted, so are the attached files. Nobody except the sender and the receiver will have access to your communication, not even us. Users have to encrypt the message/attachment with the receiver's key before sending them.
- We assume that any server can be hacked or seized eventually, so we don't want to keep more data our servers then we need to.
What is kept in plaintext:
- Listing information (title, description, pictures, price, shipping).
- User names.
- Sign in logs (for limited time).
- Limited order information history, including vendor, buyer, order totals.
- Limited feedback information.
- Monero deposit and withdrawal addresses (for limited time).
- Generic admin messages (for limited time).
- Message subjects (both between users and support tickets,for limited time).
- Public PGP keys.
- Jabber/XMPP addresses used for notifications.
What is kept encrypted:
- Messages between users (end to end encrypted, kept for a limited time).
- Messages between users and admins (end to end encrypted, kept for a limited time).
- Support tickets (end to end encrypted, kept for a limited time).
- Message attachments (end to end encrypted, kept for a limited time).
- Order details (shipping / delivery info or notes, kept for a limited time).
- User passwords.
- Two factor authentication word list
- If a user decides to close his account, all information related to that specific user/account will be purged.
- No PGP private keys are kept on the servers.
- No Monero private keys are kept on the servers.
- Main wallet is only kept offline. Because of this, we verify/process all withdrawals in batches, within 24 hours, usually much faster.
- We take periodic backups of databases, including wallets, orders, attached files.
These measures ensure that even in the event our servers are compromised/seized:
- No plaintext messages will be recovered.
- No coins will be seized.
- The attacker can only view the wallet balance, but he will not be able to transfer any funds.
- We can be up and running in no time, and no order information will be lost.
- Dedicated onions for active, large volume users.
- Messages will be deleted soon after an order is completed or support ticket is resolved, so if you need anything in those messages save them locally, as you will not be able to access them otherwise.
- Time zone is UTC, 24 hour time format.
This list is not complete. For more info visit one of our official mirrors. We are also open to suggestions from the community, if a requested feature is reasonable, we will implement it.
Since we are in beta, there will be no fees until September 22 2019 23:59 UTC. If you encounter any bugs, please report them.
* Important changes to the order flow:
As recommended by several users, we totally overhauled the ordering process by moving to a “pay per order” system. This way customers do not have to deposit money to their market wallet prior to ordering something.
* The new order flow works like this:
Find something you like.
Check listing description, vendor feedback, terms and all that.
Download and import vendor's PGP public key.
Select desired quantity and shipping method.
Important: Enter a Monero refund address. This way you will get your money back if something goes wrong with the order.
Write a message to the vendor. Messages have to be locally encrypted (and preferably signed) before sending.
Click “Place order”. You will be presented with an “Order Status” page, where you will find the order details and a Monero address unique to this order. The address is encrypted and signed.
Send the exact XMR amount to that address within 60 minutes. That's all. When the payment is unlocked (10 confirmations) your order will be sent to the vendor. After you sent the payment, you can refresh the “Order Status” page for updates. If you log out or close the browser, you can find the order under “Your Orders” page, “Orders waiting for payment” section.
** Send the exact order amount to that address.
** The payment requires at least 1 confirmation within 60 minutes.
** Address is unique to the order. By re-using that address and you may lose your coin.
** If you place multiple orders, you need to send multiple payments to multiple order addresses. Do not try to combine payments, it will not work.
** If you send less then the required amount, the order will be canceled and a refund will be issued.
** If you send more then the required amount, the difference will be refunded.
** If, by the time the payment is confirmed, something goes wrong with the listing (out of stock, vendor deleted listing) your order will be canceled and you will be refunded.
** If you don't send any payment, your order will be canceled.
** The vendor will not “see” the order until payment is unlocked (after 10 network confirmations).
** Do not include a payment ID.
** Do not send the payment from an exchange. While that may work, it is very bad for your OPSEC, the amount may be different or payment may be delayed.
** Make sure the refund address belongs to a wallet you control. Lose access to the refund address and if something goes wrong with your order, your coin is gone.
** Just like withdrawals, refunds will be processed within 24 hours, usually much faster.
** Refunds are visible under your Wallet - Withdrawals and refunds.
** Vendors are not affected at all by this change.
Short version: Do not reuse XMR addresses, do not send the payment too late and everything will be fine.
Legacy deposit system has been disabled. Refunds for orders placed before this update will still go to your “classic” wallet and you will need to withdraw them like before. We ask all customers who have funds in their market wallets to withdraw, as those funds will not be able to be used for ordering. There are no withdrawal limits so you can do that for any amount, at your earliest convenience.
Vendors will not be able to place orders anymore. If you also need to buy stuff you can always create a new account.
* We added a V2 mirror: whitehouvwq2xssf.onion
* We have added a private jabber server for market users. The server is only reachable via Tor or i2p and s2s is not enabled, so you can only communicate to other market users and market admins. End to end enncryption is enforced, so please use either OMEMO (recommended), OTR or PGP encryption. Plaintext communication is forbidden.
When you register and add your PGP key, a jabber user is automatically created for you. To activate your jabber user, go to your account and click “Change jabber password”. You can choose any password you want, but we strongly recommend using different passwords for different tasks.
You do not have to use your jabber account if you do not want to, but jabber alerts to outside servers will be phased out for both security and usability issues.
The server has been successfully tested with Gajim, Pidgin (Linux) and Conversations (Android).
Jabber id: firstname.lastname@example.org
Password: The password chosen at the previous step.
* Certain vendors will have their private listings instantly approved without going to moderation.
* Lots of bugfixes.
* At the time of this writing we have ~ 450 vendors on board, ~ 2300 customers and ~1100 listings.
* Some bugs may be found here and there. Feel free to report any bugs by using the support form or by contacting us on Dread.
* As always: Verify links, verify our public key from multiple sources (Dread, darknetlive, dark.fail, in no particular order), verify deposit addresses, think before you click. Also remember forums are not under our control, and what you post on forums (private messages included) are to be considered public. Always encrypt communication that should not be public.
* Established vendors can now apply for Finalize Early (FE). To apply, log in and click “FE Application” under the user drop-down menu. Some vendors may already have FE enabled, to see your FE status check admin messages or go to your account page. Customers will see FE vendors while checking out a listing or a vendor profile.
* Not everybody will be accepted. We won't publish the exact requirements for approval, however you have to be an established vendor with FE on at least one active market. More details about FE on the “Info” page.
* Finalized orders will be deleted after 15 days.
* Withdrawals can be deleted by user after they are processed or declined.
* Users who register and do not add a PGP key are considered inactive and will be deleted after 48 hours. They can always register in the future if they wish to.
* Added “Report User” and “Report Listing” options on the “Listings” page.
* Some UI and backend improvements.
* Reminder: Verify links, verify our public key from multiple sources (Dread, darknetlive, dark.fail). Also remember that forums are not under our control, and what you post on forums (private messages included) are to be considered public. Always encrypt communication that should not be public.
We already have ~100 vendors and ~400 listings.
Having considered feedback from the community, we implemented some changes:
- Changed the two factor authentication word list to PGP challenge-repose. Since everyone needs PGP to use
the market, there is no reason for users having to save/remember a word list. When you login, withdraw or place
an order you will be presented with a message encrypted with your key. Input the decrypted message and you are
good to go. You can safely discard the 25 word list as it is not needed anymore.
- Added the option for a customer to extend auto-finalize time by 5 to 15 days, 24 hours before it is
triggered. Afterwards a dispute can be started.
- Added the option for every user to wipe his account without contacting support. This action is irreversible
and will destroy all your data except for the feedback you may have left. The user you did business with will
see your account as [deleted user]. Keep in mind that after you do this, everybody can register your user name.
You cannot remove your account if you have pending orders, pending disputes or money in your wallet.
- Added some requested categories.
- Minor UI and backend improvements.
Notice to vendors: If you want your feedback imported from other markets, please contact support.
- Established vendors can now apply for Finalize Early (FE). To apply, log in
and click “FE Application” under the user drop-down menu. Some vendors may
already have FE enabled, to see your FE status check admin messages or go to
your account page. Customers will see FE vendors while checking out a listing
or a vendor profile.
- Not everybody will be accepted. We won't publish the exact requirements for
approval, however you have to be an established vendor with FE on at least one
active market. More details about FE on the “Info” page.
- Finalized orders will be deleted after 15 days.
- Withdrawals can be deleted by user after they are processed or declined.
- Users who register and do not add a PGP key are considered inactive and
will be deleted after 48 hours. They can always register in the future if
they wish to.
- Added “Report User” and “Report Listing” options on the “Listings” page.
- Some UI and backend improvements.
- Reminder: Verify links, verify our public key from multiple sources (Dread,
darknetlive, dark.fail). Also remember that forums are not under our control,
and what you post on forums (private messages included) are to be considered
public. Always encrypt communication that should not be public.
You can now pay by Bitcoin if you insist. However:
Bitcoin payments are processed via a 3rd party exchange service. We do not have
a BTC wallet and we are still XMR only. The order flow is like this:
- You place your order and you get to the payment page.
- You will be given the option to pay by Bitcoin.
- If you choose to, you will be taken to an Exchange page.
- You send BTC to the exchange.
- The exchange sends XMR to your order address.
- Once everything is confirmed, your order is sent to vendor and the
This option is highly experimental and support for it is limited.
You will be introducing a 3rd party into your transaction (the exchange). The exchange
will know the BTC origin and the XMR destination.
This will be more expensive, as the exchange fees and rate fluctuation
need to be covered. However, the extra amount will be refunded either to
your XMR refund address or to your market wallet.
Refunds are only sent out via XMR. We don't have a BTC wallet. So you will need
to learn how to use XMR, eventually. It's not hard at all.
Use a decent Bitcoin transaction fee. Everything has to happen within
1 hour. If you send the payment too late your coins can be recovered but
you may lose money due to rate fluctuation.
Save your exchange ID until your transaction is complete. If things go
wrong you may need it.
Bitcoin payments are not under our control. If we do get the XMR for
your order we can help you, otherwise we can't.
Clarification for vendors:
There is no vendor bond, so don't ask us for “Vendor bond waiver”.
Not logging in for more then 5 days AND not having active
notifications (Jabber or Email): You will be placed on vacation mode and your
Not logging in for more then 30 days AND not setting yourself to
vacation mode: your account including listings will be removed.
The following exceptions apply:
- Vendors with coin in their wallets. We do not remove any user who has a
non zero wallet balance. Who ever claims that is an idiot.
- Vendors who have set themselves to vacation mode.
- Some vendors who don't have any listings up and were never active.
- Vendors with coin in their wallets. We do not remove any user who has a
Those rules have been put in place mostly for vendors who had active listings,
did not log in for some time and had canceled orders. It reflects bad both on
you and us.
Ignoring admin messages may also get your account removed.
Example: You send a listing to moderation, we reject it asking for certain
things and yet you keep sending the listing exactly the same way. It won't work.
Removed vendors who do decide do come back may not get FE privileges anymore,
even if they did have them before.
There will be no fee negotiation for vendors without sales. Do your work, have
some transactions and we'll see about it. Otherwise, don't even ask.
FE is a privilege, not a right. Some vendors were given FE without even asking
for it, some were denied. If you are denied, do not insist. Applying for FE 10 times
in a row and being rejected won't help. Threatening to take your business somewhere
else if you don't get FE won't help either. To be given FE you need to meet certain
conditions that we won't fully disclose. Feedback and having FE on other markets
are just two of them.
Thank you for your business.Originally published: