Do. Not. Use. Or. Create. New. Sites. Without. Multi. Signature. Escrow.

Okay guys, time for some tough love.

Remember that Simpsons episode where Homer walks into the same wall five times and says ouch? That's you signing up for another site without Multi Signature Escrow (Multisig).

In case you haven't heard of it yet, Multisig means that you, the vendor and the market enter a three-party transaction where nobody can get the money without at least two approvals. Vendor approves on order, buyer approves on received, market approves/declines if there is a problem. Techies can verify the market transactions on the blockchain so a bad market would get caught.

Yup. It means it's pretty safe. Not perfect, but a lot better than attracting every script kiddie scammer. Right now, they're flocking to this community, because they think we're a bunch of idiots. Don't blame them, we've proven them right over and over again.

So fuck new sites. Seriously, fuck them. DO NOT sign up for sites because they (1) have pretty pirate graphics (2) claim to be competent (3) claim to be different (4) claim to be charitable (5) have a catchy name (6) Claim to be the fifth reincarnation of the Dalai Lama (7) use any other gimmick, branding or marketing technique. There is nothing wrong with marketing, but right now it should do only one thing: Demonstrate strong security.

ONLY sign up for sites that claim to use proven security techniques, such as Multi Signature escrow. DO NOT accept early finalization, it may be nice for vendor finances but it attracts scammers like flies on a pile of shit. Maybe later, when there is more trust again. Maybe later, when there are markets several years old again, and five star vendors with thousands of transactions. Then, maybe. Now, you are just waving money at scammers begging them to fuck you. I don't care that this is bad for you, you can do whatever you want with your money. But this is unhygienic for the community because it attracts scammers. If you get scammed, you are an asshole because you have proven to them that it is profitable. Don't get scammed, or YOU are a dickhead, a selfish antisocial prick whose stupidity is hurting everyone. You are slobbering a deadly virus in everybodies face if you do not ake securit seriously. Take precautions, DO NOT GET SCAMMED. Only use MultiSig escrow, and do not use wallets that know your secret keys.

DO NOT EVEN THINK ABOUT creating another market with some stupid gimmick if you will not get down and dirty and create multi sig escrow to ensure the safety of your customers. DO NOT EVEN THINK ABOUT holding the secret keys to your customers wallets. That is communicating to any intelligent person that you think they should be fucked. Hard. That is communicating to scammers that either you are scum like them, or you are a collecting a bunch of suckers in a convenient, easy to exploit trap, for their convenience. I don't care how good your intentions are, if you create another market without multisig escrow or see your customer's secret keys in any way, you are an asshole. Period. I don't care how good your intentions are, security is the name of the game. If you can't do that properly, don't play. Don't. Really, don't. REALLY, DON'T. SHUT DOWN YOUR STUPID DEATH TRAP BEFORE SOME SCUMBAG PROFITS EVEN MORE. I am part of the same community as you, and you are INSULTING ME with your incompetence. I take it personally. Shut down everything except your wallet withdrawal, and set up multisig escrow. THEN come back. Anything else is DOWNRIGHT IMMORAL.

GOT IT?

EDIT: Old version said three approvals are necessary for MultiSig, while it is only two.


Comments


[6 Points] InfinitelyOutThere:

Completely agreed. Any marketplace that wants trust needs multi sig. However, in truth, the vendor and market hold supreme power over the buyer. If the market is stable and doesn't go rogue, then the vendor is in the place of power if they have good feedback and they scam you. Always find vendors you can "trust" and build a relationship. Find reliable connects before flocking to the cheapest seller hocking his wares on a market.


[7 Points] Sanitarium-Market:

You are sorta right. We agree that MultiSig is the way to go, BUT what is difficult is the fact that there is no GUI right now that handles it, making it easier for the Buyer and Seller to use. For those users whom do not have the capacity to learn it, use or are just lazy then their demand is also valid. A market should provide both options. It is an attempt to make everyone happy. Yes not using MultiSig is a risk for the money owner, but if they do not have the understanding or the tech to use it, then they must have a fall back.

You are surely passionate about the security of your money and are absolutely correct in doing so. Your point is also valid and is good of you to make an attempt to convince others about the topic. Perhaps: (just a pointer) tone down the text fonts a bit as it does appear to be yelling. You are trying to convince them, not turn them off. You want them to read your whole post.

As a market creator we are swayed to the demands of the customers. A programmer can create all the security in the world in an effort to protect the users. Then tell the users that this is the best way and the only way to be secure. That is nice and all but if there is a huge majority of users who do not understand nor will understand, then that business is lost. Like it or not, it is all about capitalism.

Perhaps you could do another one better and create an instructional method for every user to use MultiSig so that they cannot get it wrong. It would add power to your argument.


[5 Points] theinsaneuniverse:

You know, you could have just said that Multi-sig escrow is the best and should be the only way to do these transactions, and gave us reasoning why without being a complete dickhead. I am an asshole if I got scammed? Even if I did my research on a vendor, read reviews and checked forums on a daily basis? I am a slobbering deadly virus?

Go fuck yourself.


[6 Points] Scimitar1:

Stop yelling orders at me. You haven't come up with any revelations. Multi-sig does not prevent even close to all the ills that can happen.


[4 Points] the_armory:

Your post tile makes us think you are yelling each word loudly with a brief pause between.
Also Multisig can be 2 or 3 factor.


[3 Points] None:

God damn, calm down dude


[5 Points] None:

[removed]


[3 Points] Anon352120:

But what are our options? TMP? It uses i2p and multisig, but while they're advanced technologies (and seem trustworthy), they're complex and need you to sit down and re-learn everything, which most vendors and buyers don't seem to be willing to do. I learned it myself hoping that LSD vendors would eventually get there but nothing.


[3 Points] freework:

Thanks. For. The. Tip.


[3 Points] Sanitarium-Market:

Another look into the issue should be this: Even if a market is hacked, why is the user maintaining a balance in the market, sitting there waiting to be hacked? Why is there a hackable data point associated with an account in that market in the first place?

There is no security protocol, there is not automation that a programmer can do to make the market secure. There is nothing that can be done to secure your account in a market. The market is highly vulnerable because both parties are anonymous, the market is anonymous. The market when hacked, will not go tell Interpol, FBI or any other entity. That is why the markets are a supreme target and always will be.

With those two problems identified, first do not maintain a balance in any market account. Use what you need to make the purchase you want and that is all. Then hacked or not, nothing is there.

The rest is up to the market.

Definitely use multisig, 2>3 where possible. In essence, every market already has the ability to use it as there are several tutorials on the topic. Bitcoin provides the ability by default. If a market is not using it, then they are not willing to give up the control of your money. That can be the only explanation and may or may not point to "other" intentions.


[3 Points] None:

[deleted]


[3 Points] None:

Sorry man, I like things to be very easy and simple when I'm committing multiple felonies.


[4 Points] rappercake:

You CAN NOT be trusted to manage your own money, the only person who should tell YOU how to spend YOUR money is OP.


[3 Points] sharpshooter789:

Amen


[2 Points] bewaretheintertubes:

Hey there.

First thanks for taking the time to type this all out. You have obviously thought this out and needed to say it. While I am no online security expert I can definity see the attraction to multi-sig transactions. That being said the method you seem to have conveyed this message may have come off a little too condescending/harsh to have it's inteded effect on the audience. This community is obviously a little raw after so many burns in such a short time. So naturally this will be a hot button issue on both sides of the fence.

I just hope this can get the ball rolling on the proper design and security protocol for future and existing darknet markets. We need more discussion, input and most importantly change to what we all know is an amazing innovation. If anybody has idea's then dear god take this mans example and POST THEM!

Again thanks for the post and I only hope we can pull together to restore the trust we had in markets and each other.


[2 Points] 13tom13:

what tor sites have multi sig i know TMP does


[2 Points] queryox1:

I understand what multi-sig entails etc, but what happens if the website is hacked? Are they able to just steal all the funds?

Whats stopping from site owners doing this?


[1 Points] the_armory:

Well, we should use this time to point out we do accept any .onion escrow including Bitsecs multisig escrow and torscrow (not multisig as we know of).


[1 Points] hateangrypeople:

Thank god for you, OP. Thank god.


[1 Points] None:

[deleted]


[1 Points] None:

[deleted]


[1 Points] gerundive:

I'm a member of the dick club too. I got scammed... If you get scammed, you are an asshole.

You are being too harsh on yourself.


[1 Points] phuckdolphins:

Leaving a comment so I can refer to this when sober.


[1 Points] Letsgoo19:

Can you explain to me in simple terms how to make a safe buy?

Beginning to end please because I've heard a lot of different things.


[1 Points] RosyPalm:

Q: Should I use a DNM that doesn't offer multi-sig?

A: http://m.imgur.com/j3cqYIh


[-3 Points] gerundive:

GOT IT?

No, I haven't got it. Neither do I accept that you are part of the same community as me. There are worse things than theft, and some of them are manifest in your post.