White House Market
WhiteHouse Market Links and Mirrors
Market Forums url: http://dreadditevelidot.onion/d/WhiteHouseMarket
Market Sub url (Dread): http://dreadditevelidot.onion/d/WhiteHouseMarket
Market Rep (Dread): http://dreadditevelidot.onion/u/whitehousemarket
Payment Methods: Centralized Escrow
Payment Accepted: XMR Only
Market PGP Key
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFz1AZMBEADEuvo97ltUtP1F2FNTqomfbX8tUUSQf4xiUbN8kJvdjEVbKglr NNdVttzDVmMBDdp+dif1mGCTRSyBuga/H6LjDBnvsK0swYStfp5J0bqN82xGL1x8 w/lb2uqlYGFGaKGcX8/eHaLFmBETlx+gRM3eFyzzBwuUQykkZoRyp/DkbBSI+Lqs b+VtfiZvnDno/0NqHqjSzqvqQpzQmYY7D88JCczQMRQYJLimhySQhvNTntoAYkPz uWHQOwi9Xas1PdsbSH6vIsDoXdExR6uGSRMedRHS2kl6yCsJoloBMMhc8/Oi7l2L quJoBli8IOHgCAipCahU9ZnJaTSoZFhz+xjMOMdiKvTatXFFConN5/5Nm6+IEi1F jn8uelf43cqt2rS4vydrCvah5G4UnNw91QvRtIfqX0VpidUEYT/B4AiCLXsHOEdO ynbBn2LuXfbCohOO4TWuCwTotyvoC/32cGOVP8JC338jhPUImdOt/HYFx50sKrHp qF9h1FIRFH4gVP5hqQwllbGcsidtr/BvEbDA2uU3q8Nw8ciYPgglI6A7A7DbKuVM aFMY0uTk55xB9GX4DKHA4VIrV2EvQOzppfgQc7+jd17+KB7sieY/HSKEbqZW2ike 94nsgXwyZ2bZN0zOFx8eMGFnCqRAoo2Afu1lBQIWasEQw5lwLI6rKX2qdwARAQAB tAtzaG9wX21hc3RlcokCTgQTAQgAOBYhBHOE8kkHlb2GsA7v3NOu4E/ExgB+BQJc 9QGTAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJENOu4E/ExgB+r5UQALYy htCCJ00zlh1sOKEN7grH+Kp//Co3VEb9UvcnbKYQ+AnZq/JXvo8gZx51hYNF+uTD 7ZWnodoe5gKuuQWN4FsMHvraRWCJCXVexT5SAz2y/iSfqkSnnTydTb2c1LZFAI9f enh1FPVifqGOguochFo7G40OquUu8q4BYTUuCNCH/9vAYVVp5DFDH+MYefLJhjKc LHF4L3HvRu4duqRGg+ZQ9VBJlSrNMuUWJwCOEOWcEOxmH12A5b0s0Oyp4tF4+eCT eMaDj1rN/2rSivjqjeZhBsE9SJ1XZy/Nf9epPh8L371I56+sG/pMltOV21erinwA bXhjsnKCo9XCDC6JfPln28HBKBrO/HumBeg3z+TecEAgCDEt/7XtQFzG8eKwSwaY jC3CP8G3yj1K+hEq59D3vFdTIYJ903oBspIb0ZPpfj3f0m+rLkaSPC7qA9mo+4Ka KuHAue7CoV4fGEmal/1CdI2Ni1LM2IZSE9s3Jj+dM0UtWsV1TAZRQqEEIaGDwfey nTNxTeELdKjxMGjnPX7Zd7Au8KoSEoCgvKFQ5YGmwqe10Ojp5xZlSB/jylQXUO1F 2B2QuVOCQPBN+u+FP3Lin0OpNGqhqyAhJ3d5SjSsD7dBdWFHS0/IQaGtAp32xRa9 Y7VhK4Rc1t+PBLPj7GjcAarukZNR6QwGu5L2i1CSuQINBFz1AZMBEADHpn6LhXF0 lwCTMsYH3HlbGhJ4RHqDL/ZL1PlxAXeoND3nb8fAvvQ7R8BzoGIgUTlCX89lLqLp xSnFs8QU76BVALSBI+CpDMMQkZnq5Prl9iZGgDi0ks93IOLUftplLJd8Ah2OmALE pYQuZAQgZlZn+Z2z8Yncz0HtaKJSvXimkAn7zYLVJATFJCuxQmjxzYMSSofDftBP St28L7h2FDQD3C9tFoO6bL4LzDyv8JmrLuqUB7xD1g2DpwUIi7gosJ39r4vF2TJx 5bUc4xgQfiyBXCN3gRCbDmgUOcz4Fjcson/J1LfESgjjErIy46BrgrWTQ/u91M4Y KSdTcBAzUtmGQi3S7Ei1Q76Q9041qwCDrkhrKbqAdUTIyz7xHRaJwM/00dkfxFgV o9Svct7uLMjbIQtTwuAXwPQHBZ+HT+OewZR9zxt31rmq2W8SVLpFMbYocs3okAYY 6AvF3NycsVVXY0GGjgIzd6+LIxaZhVzaIw6AYICjHsNFWqXNTLqmYDMVbagiKt3j zuuz/k3rYzwdnx8xZNyqomgnTo0wQAKr0c7ESFc551KOj2noxoaRThxW+MppuXc3 XYteGmafe6blYGbolzqsQXSDyuIfmK1UV8Mp0W1vKR+IX2vUK6VhEvDMkwZUb1Rk KxLPKBRx08azOTbewccnSbtwQHnyr6L5EwARAQABiQI2BBgBCAAgFiEEc4TySQeV vYawDu/c067gT8TGAH4FAlz1AZMCGwwACgkQ067gT8TGAH4CAA//XQfqsRFD8g2M 3HLS01snBn05pjd7guwYr/TbIAjDy7pWsRkKHm7V+U7hq+IP+G5ojmJssz1/J+PW 0skqWBJyzfmD+GOH8YUqZ+BwijVw6BuNjIuLnj+QESXtmI+ZMoBZ/3snOCGaMNNy sLWqeWmCWrSH2H7FP89GVTjOVzDBTlXBr0vuI/YdVXfZhQfoFBmkgZr9IEbMcOYh 7Q7efyhOGx0u5NDFpRkkyFdb/ZtUdNl1gnX9Lm5hKCj+kScJuUYkObBc+bFCxs6z ODyeip6IIrDrThgLrkyPbPFtfryQLXc9x4+xQEctGY+SWEWln/2eH6/eZw+Gz/gE q9kMUutnUl+Ni2U/Ge2yuw0Q3z9uO1/OJJe9Q1RpVlR44L6c47p/5IlQVT7dueVD uRNvQ4msJhbd3bjP3Kjr5fttjzf12sclmHRFlnHqALI2BTrDixiJMzJWIsCE3uHj wjAsAx9QmVqQ82+2sO5mykBcN/UF0OZhgHxTw+uxx9bLiNDZ5nB1ZWGS68x6CK90 cAqdUsyJGUKJpBkz+7P4GViaGBuxHmhrzd04vT8/nZ1xKyzbZpKLk2HBEYP6diY8 y2udvFMDTj0wB4B2Is+vYjU/0qKaFy33FlOcvIrSmDvW2873/nkdfCpBtez+AWL5 aQqfEckE0kgaQ1dB8kV1JEhdEpVQpR0= =/fFZ -----END PGP PUBLIC KEY BLOCK-----
Brief Market Description
- Our goal is to create a simple user experience while maintaining a high level of security and anonymity.
- Everything is written from scratch. No public market script.
- Simple, intuitive design without unnecessary bells and whistles.
- Bug Bounty program.
- Fast customer service. If we get overloaded, we will suspend registration until we get more admins/moderators or until we clear our backlog.
- The official language is English. We may also offer limited support in Spanish or French.
- Both Tor and I2P mirrors.
- No vendor bond, open for everybody. We may consider adding a bond/registration fee at some point in the future.
- No withdrawal or deposit limits.
- 5% fee for sellers, no fee for buyers. This is a flat fee for finalized orders only. No hidden fees, no deposit fees, no withdrawal fees. For high volume sellers, fee can be negotiated.
- We only accept Monero for payment. Bitcoin lacks the required privacy and some users don’t know how or neglect cleaning their coins.
- Listing prices are in USD or EUR, and the exchange is calculated when ordering. XMR to EUR/USD rates are updated periodically.
- Up to 4 pictures per listing, up to 5M picture size.
- Up to 15000 characters per listing description.
- Private listings. Can be used for custom orders/discounts to specific buyers.
- Quick listing clone/duplicate.
- Idle timeout selected at login.
- Vendor selectable auto-finalize time (5-45 days).
- Detailed logging of failed sign in attempts. You will be able to see of someone tried to sign in to your account and what credentials were wrong (password or 2fa). Logs are kept for limited time.
- Simple image-based captcha, very easy to solve for humans yet hard for bots.
- Vacation mode.
- Partial refunds, can be issued by seller or by admins in case of a dispute.
- PGP signed mirror list / market statement / canary with proof of freshness, updated at least once every 72 hours.
- Configurable, PGP encrypted jabber/xmpp notifications, for both vendors and buyers.
- For now we only support escrow. We may add multisig if many users are requesting it, but for now we want to keep things simple.
- Except for some generic administration messages, no plaintext communication is allowed. You will not be able to use this market without a PGP key.
- Withdrawal requests have to be signed with PGP. This way even if someone bypasses both your password and 2fa, they can’t steal your money without your PGP private key.
- Mandatory two factor authentication based on a list of random words.
- All messages are truly end to end encrypted, so are the attached files. Nobody except the sender and the receiver will have access to your communication, not even us. Users have to encrypt the message/attachment with the receiver’s key before sending them.
- We assume that any server can be hacked or seized eventually, so we don’t want to keep more data our servers then we need to.
What is kept in plaintext:
- Listing information (title, description, pictures, price, shipping).
- User names.
- Sign in logs (for limited time).
- Limited order information history, including vendor, buyer, order totals.
- Limited feedback information.
- Monero deposit and withdrawal addresses (for limited time).
- Generic admin messages (for limited time).
- Message subjects (both between users and support tickets,for limited time).
- Public PGP keys.
- Jabber/XMPP addresses used for notifications.
What is kept encrypted:
- Messages between users (end to end encrypted, kept for a limited time).
- Messages between users and admins (end to end encrypted, kept for a limited time).
- Support tickets (end to end encrypted, kept for a limited time).
- Message attachments (end to end encrypted, kept for a limited time).
- Order details (shipping / delivery info or notes, kept for a limited time).
- User passwords.
- Two factor authentication word list
- If a user decides to close his account, all information related to that specific user/account will be purged.
- No PGP private keys are kept on the servers.
- No Monero private keys are kept on the servers.
- Main wallet is only kept offline. Because of this, we verify/process all withdrawals in batches, within 24 hours, usually much faster.
- We take periodic backups of databases, including wallets, orders, attached files.
These measures ensure that even in the event our servers are compromised/seized:
- No plaintext messages will be recovered.
- No coins will be seized.
- The attacker can only view the wallet balance, but he will not be able to transfer any funds.
- We can be up and running in no time, and no order information will be lost.
- Dedicated onions for active, large volume users.
- Messages will be deleted soon after an order is completed or support ticket is resolved, so if you need anything in those messages save them locally, as you will not be able to access them otherwise.
- Time zone is UTC, 24 hour time format.
This list is not complete. For more info visit one of our official mirrors. We are also open to suggestions from the community, if a requested feature is reasonable, we will implement it.
Since we are in beta, there will be no fees until September 22 2019 23:59 UTC. If you encounter any bugs, please report them.
We already have ~100 vendors and ~400 listings.
Having considered feedback from the community, we implemented some changes:
Changed the two factor authentication word list to PGP challenge-repose. Since everyone needs PGP to use
the market, there is no reason for users having to save/remember a word list. When you login, withdraw or place
an order you will be presented with a message encrypted with your key. Input the decrypted message and you are
good to go. You can safely discard the 25 word list as it is not needed anymore.
Added the option for a customer to extend auto-finalize time by 5 to 15 days, 24 hours before it is
triggered. Afterwards a dispute can be started.
Added the option for every user to wipe his account without contacting support. This action is irreversible
and will destroy all your data except for the feedback you may have left. The user you did business with will
see your account as [deleted user]. Keep in mind that after you do this, everybody can register your user name.
You cannot remove your account if you have pending orders, pending disputes or money in your wallet.
Added some requested categories.
Minor UI and backend improvements.
Notice to vendors: If you want your feedback imported from other markets, please contact support.