Security is not a feature on TorZon Market — it is the foundational architecture from which everything else is built. Understanding how the platform's security layers interact helps users make better decisions about how they engage with the marketplace and what additional precautions they should take on their end.
V3 Onion Hosting
TorZon Market operates exclusively as a Tor hidden service using V3 onion addresses. V3 addresses use Ed25519 cryptography and derive the address directly from the full public key, providing stronger authentication than the older V2 format. Running as a hidden service means the server's IP address is never exposed to network observers, protecting the infrastructure from direct targeting.
JavaScript-Free Interface
The TorZon Market interface is designed to function without JavaScript enabled. This is a significant security decision. JavaScript running in a browser creates a large attack surface: it can be used to fingerprint the browser, probe the local network, access clipboard contents, or in worst-case scenarios serve as a vector for browser exploits. By supporting a no-JS experience, the platform reduces the risk that users who follow best practices (disabling JavaScript on .onion sites) are disadvantaged.
End-to-End Encrypted Communications
All sensitive communications on the platform use PGP encryption. The platform's own public key is published and signed, allowing users to verify the authenticity of official communications. Vendor-to-buyer messaging in sensitive contexts requires encryption, and the platform's backend does not store the plaintext of encrypted messages.
Multi-Signature Escrow
Standard escrow holds funds until a transaction is confirmed. Multi-signature escrow goes further by distributing control across multiple parties. In TorZon's 2-of-3 multisig implementation, the platform never has unilateral control over user funds. This eliminates exit scam risk for transactions conducted through multisig, since the platform cannot simply abscond with funds held in escrow.
DDoS Resilience
Distributed denial of service attacks targeting Tor hidden services are a persistent operational challenge. TorZon Market maintains multiple verified mirror addresses to ensure continuity of access when the primary address is under attack. The platform publishes and signs its mirror list through its official PGP key, allowing users to verify new addresses before connecting.
No security architecture is perfect, and the human layer — the decisions made by users and vendors — remains the most common point of failure. But TorZon Market's technical foundations provide a strong baseline upon which careful operational security practices can build meaningful protections.