This Amazing Guide was posted on reddit by the username: moonsh00t All The Credit goes to him! – As
It was listed on the Guide that the License is BSD we believe it would
be a great service to give this guide more publicity outside
Themarketplace.i2p subreddit and that the hard to follow formatting
should be fixed, so its our pleasure to reformat it (a bit) and post it
here – The OP and updates can be found On This link
Contents
- Legal Disclaimer
- Versioning
- Terminology & Abbreviations
- Prerequisites
- Concepts
- Installation & Configuration
- Refunds
- Selling on The Marketplace
- Finalising transactions outside of The Marketplace
- Transaction String Formatting
Legal Disclaimer
This guide is intended to outline the functional aspects of The Marketplace site. It should only be used to assist in the acquisition or resale of goods and services which you are lawfully permitted to purchase or engage in. Basically; don’t do anything naughty and if you do and Santa finds out, it’s on you. License: BSD – do whatever you want with it.Versioning
Version | Comments |
---|---|
0.1 | Basic guide. Needs expansion on what to do when things go wrong and finalization etc |
0.2 | Improved guide with end-to-end Seller tutorial. Needs expansion on what to do when things go wrong; disputes and refunds |
0.3 | Full tutorial on how to claim a Refund. Improved the buyers guide slightly. |
0.4 | End-to-end detail on how to claim a payment without TMP’s involvement. Other miscellaneous corrections. |
0.5 | Tutorial on installing and configuring TAILS with persistent storage, Electrum and TMP’s Electrum plugin. Other miscellaneous corrections. |
0.6 | New, more sane Tails setup |
Terminology & Abbreviations
Term | Meaning |
---|---|
TMP | The Marketplace |
BTC | Bitcoin |
Prerequisites
The following guide describes how to connect to and place your first order. Note: The Marketplace is on I2P which is slow compared to TOR, if you get timeouts, just refresh until it connects. The situation should improve as usage grows. This guide assumes you are configuring from scratch for a Windows system. The following software will be installed and used. You should download these pre-requisites to a folder on your hard-disk (E.g. C:\temp\tmpsetup\) before continuing.- Java Virtual Machine: Java software – prerequisite for I2P software to install
- Mozilla Firefox Browser: Browser for accessing I2P network
- Bitcoin QT client 0.8.6+: Default Bitcoin client – supports multi-signature transactions. You can also use Electrum (simple to swap in), but this guide only covers Bitcoin-QT
- GPG4Win 2.2.1: Provides communication encryption
- I2P 0.9.9 (or above) Windows Graphical Installer: Provides access to the I2P network
- Bit Address: Used for generating the public/private keys you need for signing each order. You need to generate a new address for each order (see below for usage details)
- TOR Browser Bundle: Provides a more secure browser to use when using TMP.
- Bitmessage: Provides a secure method for buyers and sellers to communicate outside of TMP – suggesd method for buyer-seller communication in section Finalising transactions outside of The Marketplace tutorial
- About: Bitmessage – Semi-technical video highlighting Bitmessage functionality. Not required, just for those interested.
- Tutorial: Installing and Configuring Bitmessage – Note: If you opt to connect over TOR, you may need to initially connect with Proxy of None otherwise the icon sits on red (unconnected) for hours. Once a successful connection has been established and the icon goes yellow, change the Network Settings to use the appropriate TOR proxy indicated in the tutorial link (127.0.0.1 Port 9150 or 127.0.0.1 Port 9050) and restart Bitmessage. The icon should be yellow or green and you’ll be connected over TOR.
- TAILS (Secure Linux): Provides a secure operating system to connect to TMP. Required as part of the Installation & Configuration – For TAILS (Linux) with Electrum” tutorial.
- Electrum – Lightweight Bitcoin Client: Provides a simple, flexible Bitcoin Wallet that supports The Marketplace specific plugins to make seller order management easier. Required as part of the Installation & Configuration – For TAILS (Linux) with Electrum tutorial
Concepts
The Marketplace is conceptually pretty different from the other markets out there. Other darknet markets are basically giant online wallets into which buyers transfer Bitcoins before they go shopping. Once the buyer has received their goods, they permit the darknet market to release the funds to the seller who must then withdraw them. Once of the biggest disadvantages of this approach is that both the seller and buyer need to trust the darknet market to not:- collapse; or
- walk away with all the money stored on the platform
An Order Overview
To accomplish this, the buyer, the seller and the darknet market agree on a single use Bitcoin Address (the Bitcoin Deposit Address) into which the buyer will deposit the Bitcoins necessary to pay for their order. This agreement is reached by the repurposing of Bitcoin Addresses (the ones you are normally familiar with using to deposit your Bitcoins too), to act as keys to the agreed Bitcoin Deposit Address. Each participant (that’s the buyer, the seller and the darknet market) generate a Bitcoin Address which they use as a key to the Bitcoin Deposit Address. For anyone to move any of the Bitcoins out of the Bitcoin Deposit Address, it requires that at least two of the key holders authorise it. Once a buyer has received their order, they will mark it as Finalized on the TMP website. TMP then effectively inserts their key (creates a transaction signed with their key) into the Bitcoin Deposit Address used for the order and asks the seller to do the same. Once the seller inserts their key (signs the transaction), the Bitcoins held in the Bitcoin Deposit Address can be moved to the sellers nominated Bitcoin Address (E.g. a blockchain.info wallet, a BTC exchange etc) by broadcasting the signed transaction to the Bitcoin network. And that’s the magic. Unlike traditional darknet markets (Pandora, BlueSky etc), if TMP staff turned bad and wanted to steal the Bitcoins in a Bitcoin Deposit Address, they would also need either the buyer or the seller for every in-progress order to also sign off. If none of the parties agree, the Bitcoins will just sit in the Bitcoin Deposit Address for eternity but it also means that a buyer and a seller can get together completely outside of TMP and release any Bitcoins stored in Bitcoin Deposit Addresses to which they both hold the keys.TMP Service Fees
Those who have been paying attention may be wondering where TMP receives its fee in all this? Well, when TMP creates the transaction that both it and the seller will sign to release the Bitcoins held in the Bitcoin Deposit Address, the transaction contains two output Bitcoin Addresses. One is the sellers nominated Bitcoin Address and a second is a Bitcoin Address owned by TMP which is where their fee goes. The transaction that TMP creates and asks the seller to sign can be decoded and inspected to check the proportion of Bitcoins they’ve allocated to themselves from the Bitcoins held in the Bitcoin Deposit Address before sign-off. Once the seller is happy, signs off and broadcasts the transaction to the Bitcoin network, everything is final and each party gets their share of the Bitcoins stored in the Bitcoin Deposit Address.Declined Orders & Order Cancellations
When a buyer cancels an order that’s in progress or an order is declined by a seller (E.g. no stock etc), the process is the same as that of a seller signing off except that in this instance it is the buyer who signs-off to release the Bitcoins stored in the Bitcoin Deposit Address. TMP will ask the buyer to provide a Bitcoin Address they want their refund sent too, and then automatically create and sign the transaction (insert their key). The transaction is then passed to the buyer, who then signs off (inserts their key) and broadcasts the transaction to the Bitcoin network.Order Disputes
Finally, in the unfortunate scenario where a buyer and a seller enter into a dispute (all toys out of the pram), TMP will propose a solution (For example; 50% of the Bitcoins held in the Bitcoin Deposit Address to the buyer, and 50% to the seller). Provided at least the buyer *or* the seller agree to this, TMP will then sign the transaction and submit it to either the buyer or the seller for sign-off and broadcasting to the Bitcoin network. The Bitcoins will then be distributed as agreed.What if The Marketplace disappears?
The beauty of TMP is that they are not required to release Bitcoins stored in Bitcoin Deposit Addresses provided the buyer and the seller can get in contact with each other and agree on a transaction. It may therefore be a good idea for buyers and sellers participating in regular or large transactions to provide alternative contact details for each other so that in the event of a service outage, any outstanding orders can be finalized and the Bitcoins released. Note: In this instance either the buyer or the seller would need to create and sign a transaction which the opposite party (buyer or seller) would also need to sign-off on. Either party could then broadcast the signed transaction to the Bitcoin network. Creating a raw transaction to finalize without TMP is covered in this section of the guide: Finalising transactions outside of The Marketplace. You may also (if you are technically minded) want to read up on raw transactions and that information can be found here: Raw Transactions.Installation and Configuration
For Windows
- Double click the I2P software installer (i2pinstall_0.9.9_windows.exe)
- Press [Next] until you reach the pack installation choice window
- The default option Base will be checked, but you also have the option of installing I2P as a Windows Service.
This means it will automatically run in the background whenever you
start your computer and you will always be participating in the I2P
network. If you intend to be a frequent user, you may wish to consider
this option for two reasons:
- A) Everyone who uses I2P provides routing services and bandwidth for everyone else – e.g. in the same was as you upload a torrent when you’re not downloading to help others, if you are always connected to I2P you help make the network faster for everyone else.
- B) Plausible deniability. If you are always connected to I2P, regardless of whether you are using it, your traffic cannot be so easily categorised as unique by malicious entities. For example, in the recent Harvard Bombscare the perpetrator was caught because Law Enforcement worked out how many unique users were on the TOR network at the time, and paid each one of them a visit. The perpetrator had only logged on to TOR briefly during the period identified by LE, and therefore stuck a huge red flag on himself. If you are always connected to I2P, it would be significantly more difficult to accuse you of using it for less than legal purposes…assuming you did, which of course you wouldn’t.
- Press [Next] through all the remaining steps and [Done] once the software has installed
- If you have opted to install I2P as a Windows Service you will stop the service for the purposes of this tutorial. This ensures you can check for errors. If you have not opted to install as a Windows Service, skip to the next step.
- A) Start->Run->type: services.msc and press [Enter]
- B) Scroll down until you find I2P Service
- C) Right click and select Stop
- D) Close the Services window
- Click Start and navigate to I2P shortcuts menu and click Start I2P (restartable). The I2P software will now start.
- You will be presented with the I2P command box:
- followed shortly by your default browser opening with the I2P web interface:
Once the management bar is visible look down and once you see Network: OK
(in the green box in the above screenshot), you are connected to the
I2P network. The lower box that says “Rejecting tunnels: starting up”
will eventually change to “Accepting tunnels”. You can optionally wait
for this stage if you want to ensure you are a full participant in the
I2P network. It can take about 30 minutes. 8. Now that I2P has loaded,
you need to configure your browser in order to access the marketplace.
As indicated in the pre-requisites, we’ll be using Mozilla Firefox. The next stage is therefore to install Mozilla Firefox and the QuickJS and FoxyProxy extensions. 9. Once you have installed Mozilla Firefox and the extensions, you should see two new icons in the browser:
Click the URL Patterns tab and click Add New Pattern. Choose a Pattern Name of I2P and in the URL pattern box enter *.i2p*. Click OK
Click [Close].
You will be automatically directed to save the address to your router configuration (see screenshot below), when this window displays choose Save themarketplace.i2p to router address book and continue to eepsite. It may take several attempts to get this process to happen. You only need to do this once though, when you navigate to http://themarketplace.i2p in future, it should route you directly.
10. Click the FoxyProxy icon to bring up the configuration window:
Ensure the window looks like the screenshot above and select Add New Proxy from the menu on the left side. When the Proxy Settings window is displayed, choose the Proxy Details tab and enter 127.0.0.1 in the Host or IP Address box and 4444 in the Port box:
Click [Close].
- You are now configured to connect your Mozilla Firefox browser to I2P. The penultimate stage is to check that JavaScript is disabled. The QuickJS icon should be clicked until it represents a broken wheel (hovering over will show that this is JavaScript disabled mode):
- In the address bar of Mozilla Firefox enter http://themarketplace.i2p – The I2P network will then wander off to try and route your connection. It is likely that you will receive a window saying Warning Eepsite Not Found in Addressbook. When this appears, click the stats.i2p jump service link.
You will be automatically directed to save the address to your router configuration (see screenshot below), when this window displays choose Save themarketplace.i2p to router address book and continue to eepsite. It may take several attempts to get this process to happen. You only need to do this once though, when you navigate to http://themarketplace.i2p in future, it should route you directly.
Finally, you will reach your goal – The Market Place…
Your order will now be created and require payment. The Marketplace
is unique in that it requires multi-signature transactions, which
basically means that you, the vendor and TMP Staff all have keys to your
transaction, but in order for any one person to claim it, two of
you have to agree. This ensures that the TMP staff can’t walk away with
your (or the vendors) money. It would require either collusion between
the TMP staff and the vendor, or yourself – either way, the potential
damage is limited. On the screen under Order requires payment choose Please click here to create the escrow address
You will now be requested to enter the Public Key that will be
used to create the new wallet to which you will send funds. The
terminology says “wallet”, but what it actually means is: “create a new
Bitcoin Deposit Address that is unique to this order and to which you
will pay your Bitcoins”. Each order will involve creating a different
Bitcoin Address, unique to that order into which you will deposit your
cash to pay for your order.
When you are presented with the Create escrow address window, you
need to create a Public Key which is used – along with the vendor and
TMP Staff’s public keys – to create a unique Bitcoin Address into which
you will deposit your money to pay for your goods. This sounds
confusing, but what you are basically doing is providing your part of
the key in this multi-signature transaction. So, to do this you need to
generate a public key. Navigate to https://www.bitaddress.org/ to generate a new Bitcoin Address (NOTE:
This Bitcoin Address is nothing to do with your order, it’s just an
easy way to generate a public and private key. So don’t accidentally
deposit funds to it). Once you generated your Bitcoin Address, it should
look something like this:
- The only bit you are interested in is the Private Key. Copy the Private key value into a text file somewhere and keep it safe DONT LOSE IT. You will need it to authorise or finalise the order or in the case of a dispute.
- Now you need to get the Public Key. On https://www.bitaddress.org/ copy the Private Key to your clipboard and click the Wallet Details tab. Here, enter the Private Key and click the [View Details] button.
- Highlight the Public Key (130 characters [0-9A-F]): value and copy it to your clipboard.
Your single use Bitcoin Deposit Address will now be created:
Send the exact amount required to this address using the Bitcoin QT
client (or Electrum if you are using it) and record the transaction ID.
To do this, open Bitcoin-QT and click the [Send] button. Copy the details carefully from The Marketplace order window and send the required funds. You can use the Label:
field if you are using Bicoin-QT to record the Private Key you
generated in Step 24 for your order (it’s only visible to you). This
makes it easier to find the key you need in the event of a refund you
need to claim. The format {FRIENDLY-LABEL} – PRIV KEY: {REPURPOSED-BTC-ADDRESS-PRIVATE-KEY} ADDRESS: {REPURPOSED-BTC-ADDRESS} works well.
- Once the funds have been sent, you need to retrieve the transaction id so that The Marketplace knows that you’ve paid. In Bitcoin-QT, click the [Transactions] button, simply highlight the recent transaction you’ve just made, right click and select Copy transaction id. The transaction will be copied to your clipboard.
- Return to The Marketplace and paste the transaction ID into the box and click [Record transaction]. Note: Ensure you strip off the “-000″ that Bitcoin-QT appends so for example: 8512e2728ca2153be0809d1252ecd8dfc6833a53fbfe1f8ba6f64ae19eaed663-000 you remove the -000 so it’s just 8512e2728ca2153be0809d1252ecd8dfc6833a53fbfe1f8ba6f64ae19eaed663 before clicking [Record transaction].
You now need to encrypt your delivery address, and send it to the vendor. In the top right hand of the screen, click the [View vendors PGP Key]
A new window will open and inside will be the vendors PGP public key,
which you use if you want to send them any correspondence. Copy the text
contents of this window to your clipboard, open Notepad (or your
favourite text editor), paste it in and save the file to somewhere on
your hard-disk, E.g. C:\temp\tmp\myvendorpubkey.txt
- You can close the browser tab once you’ve saved the key. Just keep the tab that requires your delivery address open.
- Now to import the vendors key into GPA. Click Start->GPA icon from your start-menu to start GNU Privacy Assistant.
- Click the [Import] button on the toolbar, and navigate to where you saved the vendors public key you just copied from your browser. The key will be imported and you should see it listed:
Each vendor will have their own key. This ensures that if The Marketplace is ever breached, any communications intercepted between vendors and buyers are effectively unreadable. Click the Clipboard button. The GNU Privacy Assistant – Clipboard
is where you encrypt any communications to vendors and decrypt any
communications in messages sent to you. Enter your delivery address in
the window
Once you have entered it, click the [Encrypt] button and choose
the vendors key. The text will be replaced by the encrypted version
which can only be decrypted by the intended recipient (your vendor in
this case).
Copy this encrypted text to your clipboard and paste it into The Marketplace Update address window and click [Submit].
That’s it, your order is now with the vendor. In due course you should
receive your order. When you do, you need to login to the site to
finalize
You will now be prompted to leave a review (which you should do for the
benefit of other potential customers) and the order life-cycle is
complete. If you were unfortunate enough not to receive your order, or
have another issue with the buyer, you can open a Dispute. This is covered elsewhere in this guide.
Order Refunds (Order Cancelled, Order Rejected)
Refunds are the mechanism used by TMP to return Bitcoins to a buyer who has:- paid for an order but decided to cancel it; or
- had a paid order cancelled by a seller
For any order that has been paid but that has not been Approved by
the seller, the buyer will be able to claim a refund. Lets cover the
process step-by-step from the buyers perspective. NOTE: If you
are experimenting to understand the refund process, you will need to use
some Bitcoins (the process isn’t risk free). If you are a seller, you
can create and purchase one of your own products (See Selling for more information). If you are just an average, curious buyer – find a suitable cheap product from a listed vendor and just [Cancel] the transaction as soon as you have paid for it. Create an order on TMP by following Steps 21 to 35 inclusive
of the buyers guide. Immediately after making payment and recording the
transaction ID, your order screen should look something like this: You
will now be prompted to leave a review (which you should do for the
benefit of other potential customers) and the order life-cycle is
complete. If you were unfortunate enough not to receive your order, or
have another issue with the buyer, you can open a Dispute. This is covered elsewhere in this guide.
0 comments:
Post a Comment