Author Topic: Good list of Marketplace features we should have.  (Read 102 times)

Vespco

  • Administrator
  • Newbie
  • *****
  • Posts: 13
    • View Profile
Good list of Marketplace features we should have.
« on: December 22, 2017, 06:44:01 PM »
I found this list and think it has provided some rather good suggestions for features of a privacy preserving marketplace. I've copied the feature list that I think apply to developing annularis.

https://www.reddit.com/r/DNMSuperlist/wiki/superlist/market-listing-criteria

  • You must implement 2-of-3 Multi-Signature.

  • No JavaScript on your market, except for warning users to disable JS if they have it enabled. If the user has enabled JavaScript while visiting your main page, he must be prompted a warning to set the security slider of the Tor browser to high along with a short description of how to do it.

  • Users have to set their public PGP key on their profile before they can make his first order.

  • You must offer all users 2FA with PGP. It has to be enforced for all vendors.

  • The PGP encrypted messages used for 2FA must contain a phrase similar to: 'Only valid for <all valid market addresses>' along with the default random passcode. If 2FA is set, the users should not be able to circumvent it and always be required to enter their password and the decrypted PGP passcode. Furthermore can the encrypted 2FA passcode only be valid for one login.

  • When a vendor wants to change his PGP key, he has to sign it with his old one. You can also display this signature publicly for users so they can check themselves that the vendor signed his new key with his old one.

  • Buyer and seller accounts are different. Buyer accounts cannot become vendor accounts.

  • The order notes, or whatever the message to the vendor is called on your market in which the customer sends his address to the vendor he is buying from, must be PGP encrypted by the user. If it is not, reject the message and tell the user that he has to encrypt his address as well as other sensitive data before sending it and link him to guides on how to properly do it. The checking can easily be done by looking at the beginning of the message and checking if it is the default string of PGP encrypted message (i.e. '-----BEGIN PGP MESSAGE-----').

  • Delete private messages and order details after a certain time period (not longer than 2 months).

  • Use of CSS to prevent reloading pages for small clicks. For example realize some functions like collapsing or expanding a box with CSS instead of reloading the entire page with every click.

  • For country drop-down lists: put the for example 3 most selected ones on top of the list and sort the rest to alphabetically. That way a good chunk of users do not have to scroll down to "United States" for example.

  • make page sizes as small as possible for quick loading.
« Last Edit: December 22, 2017, 06:48:19 PM by Vespco »