What is the primary function of this directory?

This site acts as a cryptographically verified entry point for DrugHub Market. We host PGP-signed onion mirrors and security documentation to prevent phishing attacks.

Explain the architecture of .onion links.

.onion addresses resolve within the Tor network, utilizing three layers of encryption to obscure the location of both the client and the server. They are inaccessible via standard clearweb browsers.

What is the procedure for accessing DrugHub?

Access requires the Tor Browser (v12.5+). Configure security settings to 'Safest', then navigate to a verified mirror from our Links page. Verification via PGP is mandatory for security.

What is the PGP verification protocol?

Users must import the market's public key into GPG software (Kleopatra/GPG4Win). Verify the signed message on the landing page. If the signature is invalid or the key ID does not match, the site is a phishing attempt.

Detail the security architecture of DrugHub.

DrugHub utilizes Monero-only settlements, 2/3 multisig escrow, and non-custodial wallets. The platform is Javascript-free to prevent browser fingerprinting and XSS attacks.

How is 2FA implemented during account creation?

Registration is strictly PGP-based. The server encrypts a unique challenge string to the user's public key. Decrypting this string proves ownership of the private key, authorizing account creation without passwords.

Why is Monero (XMR) the only accepted currency?

Bitcoin ledgers are transparent and traceable. Monero utilizes ring signatures, RingCT, and stealth addresses to enforce mandatory privacy at the protocol level, ensuring transaction untraceability.

Explain the 2/3 Multi-Signature Escrow.

Funds are locked in a contract requiring 2 of 3 keys to release. Keys are held by Buyer, Vendor, and Market. This prevents exit scams by the market and ensures fair dispute mediation.

What is the 'Individual Mirror' mechanism?

To mitigate DDoS, verified users are assigned a private, rotating onion URL. This isolates traffic, ensuring 99.9% uptime even during attacks on public gateways.

drughub-market FAQ | Frequently Asked Questions

This domain functions as a cryptographically verified entry node for the DrugHub Marketplace. We host signed .onion mirrors, PGP keys, and security documentation. The primary objective is to mitigate phishing attacks by providing a static, verifiable reference point for market URLs. We do not host market operations or process transactions.

Onion services utilize the Tor network's rendezvous points to obscure the IP address of the server. Traffic is routed through three distinct nodes (Guard, Middle, Exit/Rendezvous), with layers of encryption peeled at each hop. This architecture provides anonymity for both the provider (DrugHub) and the client (You). Standard browsers (Chrome/Safari) cannot resolve these TLDs.

1. Install Tor Browser (ver 12.5+).
2. Set Security Level to 'Safest' (disables JS/JIT).
3. Obtain a verified mirror from our Mirrors Database.
4. Verify the PGP signature of the landing page before entering credentials.
FAILURE TO VERIFY SIGNATURES WILL RESULT IN CREDENTIAL THEFT.

Verification confirms that the page was generated by the market server and not a man-in-the-middle (MITM) proxy. Import the DrugHub Public Key (available on /about) into your keychain (GPG/Kleopatra). Copy the signed message from the login page. Use 'Decrypt/Verify'. The output must confirm a "Good Signature" from the official key ID.

DrugHub implements industry-standard OpSec protocols: No Javascript, forced PGP 2FA, Monero-only settlement, and auto-encrypt messaging. However, security is a shared responsibility. User-side OpSec failures (using Windows, enabling JS, reusing usernames) cannot be mitigated by server-side code. Use Tails OS.

DrugHub utilizes passwordless authentication. During registration, you provide a Public PGP Key. To log in, the server presents a challenge string encrypted with that key. You must decrypt it locally using your Private Key and return the plaintext token. This proves identity without transmitting secrets.

Bitcoin (BTC) has a transparent, immutable ledger susceptible to Chainalysis. Monero enforces privacy at the protocol level via Ring Signatures, Stealth Addresses, and RingCT. This obfuscates sender, receiver, and amount, ensuring financial privacy is default, not optional. BTC support will not be added.

Transactions utilize a 2-of-3 Multi-Signature setup. Keys are distributed to: 1. Buyer, 2. Vendor, 3. Market. Funds can only move if 2 parties sign.
- Normal Flow: Buyer + Vendor sign (Release funds).
- Dispute: Market + Buyer (Refund) OR Market + Vendor (Force Finalize).
This prevents unilateral theft by any single party.

Tor services are subject to DDoS attacks. If a mirror times out, consult the Mirrors Page for alternatives. Verified users should rely on their Private Mirror URL (issued upon registration) which operates on isolated infrastructure. Check Canary updates for scheduled maintenance.

Active users: Use internal ticket system (Support Tab).
Locked out users: Use PGP-signed messages on Dread (/d/DrugHub) or Pitch.
WARNING: Admins will NEVER ask for private keys or mnemonic seeds. Any such request is a scam.

Upon account verification, the Link Directory Nodes generate a unique .onion address linked to your user hash. This URL is not public. It bypasses the main load balancers, offering superior speed and DDoS immunity. Bookmark this immediately. Do not share your private mirror.

Javascript (JS) introduces massive attack vectors including fingerprinting, XSS, and potential IP leaks via WebRTC or other APIs. DrugHub is architected to function on pure HTML/CSS. Enabling JS in Tor Browser compromises your anonymity set.

Authentication is cryptographic. There is no email database or administrative "reset" capability. Loss of your Private PGP Key equates to permanent, irreversible loss of account access and wallet funds. We recommend cold storage backups of your keypair.

Vendor bonds (1-5 XMR) are mandatory to prevent spam and low-effort scams. Bonds are held in escrow and refunded upon voluntary shop closure, provided no unresolved disputes exist. Established vendors from other markets may apply for bond waivers via the Dread thread.

Unregistered users possess read-only access to listings, vendor stats, and feedback. Interactions requiring state changes (Orders, Messages, Support Tickets, Cart) require a verified PGP account.

MARKET KNOWLEDGE BASE

PROTOCOL UNCERTAINTY?