Overall
- minimize the number of CAPTCHAs especially for vendors
- vendor's only URL
- shared accounts so vendors can give limited access to their own staff to deal with disputes, processing orders
- reliable connection over I2P and Tor
- internal tumbler
- referral system (give x percent of the buyer's / vendor's traffic to the user who invited them
- Bitmessage or encrypted email notifications (about orders, messages etc, especially useful in the beginning since the vendor will not login to often if there is no traffic on the market)
- no carding stuff (including tutorials, hacked / carded accounts), no guns
- Provide a signed backup of the vendor's feedback (in case the market goes down, the vendor can prove he's legit if he wants)
- Provide an easy way to migrate listings from other markets (so vendor's won't have to set everything up again)
- Timed holiday mode (vendor can set the next 13 days to holiday mode, so when he's back on the 14th day, 1 day worth of orders will be waiting for him.)
- partial refund / reship
- different handle / login name
- Option for the customer to post reviews to Reddit (using the API)
- Duress password (opens an alternate account with the same account name but with fake stats customizable from the main account)
- Remove EXIF data from uploaded images
PGP
- PGP pub key has to be verified by decrypting a message after the pub key is set.
- If the password can be reseted by signing a message with the PGP private key, include "this message will reset your password on XYZ marketplace at aaabbb.onion + nonce" otherwise it can be exploited or phished by a middleman
- 2FA (that works even if the key is expired - this might be a security concern but seen many problems where the user was closed out because of his key was expired)
Buyer's feedback
Example:
- Registered less then 3 days ( 1 week | 2 weeks | 4 weeks | 3 month | more than 3 months ago)
- 2 finalized transactions (0.003 BTC) - with 1 vendor
- 11 open transactions (2.4 BTC) - with 11 vendors
- 0 auto-finalized transactions
- 2 positive, 0 negative feedback (or show the contents of the feedback too)
Vendor's feedback
- Weighted feedback score (an 1000 USD dispute has to hurt the vendor's score more than a 1 USD transaction )
- Legacy sales (number of sales and maybe even the feedbacks from other markets)
Messaging
- the other party's PGP key should be only one click away from the page where the message is.
- the icon that leads to the other party's PGP key should indicate if he has a key set or not
- put PGP keys and encrypted messages in a read only textbox where the encrypted text can be selected with Ctrl+A.
- put new messages on the top instead of the bottom so the reader doesn't have to scroll down every time to see the new answer.
- no CAPTCHAs, or only ask for one in case there were x messages sent in the last hour.
- filter for customer's messages
- Flairs next to user names on the messaging and orders page.
- Staff
- Vendor
- Simple user
- Returning customer (so messages and orders from returning customers can be prioritized)
- Message can be sent straight from the order details page (NOT by click username -> click send message), and the recipient will have see which order is the message about (so there's no need to clarify it in the message itself)
Orders overview - Vendors
- list the amounts, not just the product (3 x 7g Shroomz)
- tickboxes for every order, mass actions (Mark shipped, Decline, Export, Wipe)
Payment system
- 2 of 3 multisig
- seamless option with 3rd party agent, where the 3rd key is generated with a 3rd party escrow agent's MPK instead of the buyers priv key.
- pub keys for the multisig transactions can be added as a list of pubkeys (the system will choose one) or as an MPK (Electrum or BIP32 HD)
- timelocked transactions with Ntimelock (a signed tx is provided by the market that can be broadcasted after 2 months)
- for vendors right after the order was shipped
- for buyers right after the order was placed
- Escrow agents
- can be chosen from trusted members of the community
- they should set a dead man's switch that releases their wallet seed after one month of inactivity (eg send it in an encrypted email to the market admin)
User interface
- Free shipping icon so it can be seen at a glance
- Show images on/off
- Sort by price + shipping fee
- Set the name of the pages uniquely, especially where a pin or a password is needed. This way people can use password managers more efficiently.
Any other ideas?
The money server separate from the webserver.
Full disk encryption
No images to keep it tiny
Mirrored to another server