# WeTheNorth Reading Room, full content > Verified 2026-07-17. All pages flattened to markdown for LLM ingestion. Site: https://wethenorth-market.site Language: English License: informational, cite with attribution Content signals: search=yes, ai-input=yes, ai-train=yes, use=reference --- # Current mirror set - `http://hn2paw7zrgujyhnt6mgxlt2q6uhgbke4itpqitxhyfbumq3wtnckbuyd.onion` - `http://hn2paw7zfvndw3dovycegeqmvvnf4pl67b3g2p7pohjlzavloosh73id.onion` - `http://hn2paw7zadwkcra3qzv5e4q547i7e5lvxm62cfxqftuqdu7moiu2ceyd.onion` --- # Topic: Access ## What WeTheNorth Market actually is *A short introduction to the Canadian Tor storefront, its history, and what makes it different from the larger markets.* (reading time: 5 min) WeTheNorth Market is a Canadian-focused Tor storefront that has been active since the second half of 2021. Unlike the larger international markets that dominate reader mail, WeTheNorth targets a specific national audience with a smaller and more specialised vendor pool. This reading covers what the storefront is, who it is for, and what distinguishes it from its larger peers. ## Canadian focus WeTheNorth was set up as a market for Canadian vendors and Canadian buyers. Most vendors ship domestically within Canada. Most buyers pay in Canadian-preferred coin flows. Shipping windows tend to be shorter than international because the majority of orders never cross a border. This is the single distinguishing feature. Buyers outside Canada can and do use the storefront, but most vendors either do not ship internationally or charge a substantial international premium. ## Size and pool Smaller than the international markets by an order of magnitude. Vendor count in the low hundreds. Category tree narrower than an international market like Nexus or Anubis. Buyer base concentrated in a handful of Canadian provinces with the most active reader mail from Ontario, Quebec and British Columbia. ## Escrow model Standard 2 of 3 multisig on every deposit. Three keys, two release. Platform holds one, buyer and vendor hold the others. Same architecture as the larger markets, same guarantees for the buyer against operator custody. ## Coin support Bitcoin at launch. Monero added later and now the default for new accounts. Litecoin has been discussed but not currently supported. ## Why the storefront exists Canadian buyers who want to shop with Canadian vendors were being pushed onto international storefronts where the vendor pool did not fit their needs. The domestic focus reduces shipping friction, reduces customs interaction risk, and gives Canadian vendors a market they can specialise in. --- ## Installing Tor Browser, correctly *One download source, one signature check, three settings that matter.* (reading time: 4 min) Reaching WeTheNorth requires Tor Browser. Reaching it safely requires installing Tor Browser correctly the first time. This reading is a short checklist to work through before you paste any onion address. ## Download only from torproject.org The official source is torproject.org. Any other download page is either a mirror you cannot verify or a fake distribution with modifications baked in. If you land on a Tor Browser download page that is not torproject.org or its onion counterpart, close the tab. ## Verify the signature on the bundle, first time The Tor Project publishes a GPG signature for every download. Verify it against the Tor Project signing key. The download page walks through the check for every operating system. Skipping this on the first install is the easiest way to end up with a modified browser that leaks your traffic outside Tor. ## Set the security level to Safest Open the shield icon next to the address bar. Set the security level to Safest. This disables JavaScript on all sites. WeTheNorth works fine on Safest because the login flow is HTML forms, not React apps. ## Do not resize the window Tor Browser opens at a fixed window size on purpose. Resizing makes your fingerprint unique and identifies you across sites that measure window size. If you accidentally maximize, close the window and open a fresh one. ## Do not install extensions Every extension changes your Tor Browser fingerprint. Ad blockers, dark themes, translation tools, all of them make you look different from a stock install. Leave the browser exactly as it came. ## What Tor Browser will not do for you Tor Browser is only the browser. It does not stop your host operating system from talking to Google, Apple or Microsoft in the background. For anything beyond casual use, run Tor Browser inside Tails on a USB stick or inside a Whonix workstation. This is beyond the scope of this reading but worth knowing. --- ## Picking a WeTheNorth mirror *Three current addresses. All equivalent. Pick whichever opens fast.* (reading time: 3 min) WeTheNorth publishes a handful of onion mirror addresses in a single signed rotation. Each address resolves to the same storefront. Account, balance, orders and messages are identical on any of them. Which one you pick is a matter of routing speed on your Tor circuit, not a matter of the market itself. ## How to choose Pick whichever opens fast. If one stalls on the anti-DDoS queue for more than a couple of minutes, try the next. Tor circuits vary across an evening. A slow first attempt does not predict a slow second attempt. ## Older mirrors tend to be faster Older addresses have accumulated Tor descriptor consensus and tend to route through known-good guards. Fresh mirrors sometimes bounce for the first week after introduction because descriptors are still propagating. If you have a stable bookmark that has worked for months, keep using it until the operator retires it. ## The captcha URL check Before typing your password on any mirror, read the small text at the bottom of the login captcha image. That string is the current onion address printed into the image server-side. It must match your URL bar. Match wins. Mismatch means you are on a phishing clone. ## What to do when nothing opens If every mirror stalls for more than five minutes across different Tor circuits, either the Tor network is under wider pressure (check other Tor sites), or the operator is rotating live. Wait an hour. Retry. If still nothing, wait for the next signed rotation announcement, which usually comes within a day. --- ## First login walkthrough *From paste to logged in, step by step, plus the check to run every session.* (reading time: 4 min) This reading walks through your first login on WeTheNorth from the moment you paste an onion address to the moment you land on the storefront home. ## Nine steps - Copy any onion address from the mirror reference page. - Paste it into the Tor Browser address bar. - Press return. - The anti-DDoS wait page appears. It holds you for 20 to 60 seconds while the counter decrements. - When the counter finishes, the captcha renders. - Read the small text at the bottom of the captcha image. Compare against your URL bar. Match wins. Mismatch means phishing clone, close the tab. - Solve the captcha. - The login form renders. Type username, password, submit. - The storefront home page loads. ## What to do if a step fails Wait page never decrements. Bad circuit. Close the tab, use New Identity from the browser menu, retry. Captcha never renders. Same fix as above. Address bar shows a different string than the captcha. Phishing clone. Close the tab. Open the mirror reference from your bookmark and try again from a fresh copy. Storefront home loads but looks off. Rare but possible if you are actually on a very good clone. Log out immediately, do not perform any transactions, verify against a signed rotation before logging back in. ## Do the captcha check every session Not just the first time. Every session. Bookmarks can be poisoned (rotation happens, old address survives briefly, phisher grabs the string, spins up a lookalike). The captcha check is the last line of defence at the point of login. --- ## Registering a WeTheNorth account *Fresh username, strong password, mnemonic on paper, PGP key uploaded.* (reading time: 4 min) Registration on WeTheNorth is a single form. Username, password, mnemonic seed. It takes about a minute. But every field matters. ## Username Pick a username you have never used elsewhere. Do not reuse any handle from a clearnet forum, chat, gaming account, email address, or reddit account. Cross-referencing usernames across platforms is exactly how deanonymisation happens. ## Password Generate a fresh strong password using a password manager. Do not reuse any password from any other account. Do not use anything you can remember from personal history (birthdays, pet names, addresses). Store the password in an encrypted local password manager (KeePassXC with the database on encrypted local storage). Do not save the password in a browser autofill or a cloud-synced password manager. ## Mnemonic seed The registration form issues a mnemonic seed for account recovery. This is the recovery path if you lose the password. Anyone with the mnemonic owns the account. Write the mnemonic on a piece of paper in your own handwriting. Do not screenshot it. Do not save it to a note that syncs to iCloud, Google Drive, Dropbox. Do not save it to any browser autofill. Store the paper in a physical location that only you access. ## PGP key After the first login, upload your own PGP public key to your profile. Every serious vendor requires PGP-encrypted shipping details, and having your key on file makes future vendor conversations smoother. ## The registration takes about a minute The whole flow is one form. Two minutes of careful work at registration saves months of headaches later. --- ## Placing a first order *Small, cheap, standard shipping, standard escrow.* (reading time: 4 min) Your first order with any new vendor should be structured to minimise what you lose if the vendor turns out to be worse than the page suggests. Small quantity, cheap product, standard shipping, standard escrow. ## Before ordering Read the vendor page. Dispute ratio under 5 percent. Finalisation ratio over 95 percent. Last twenty reviews consistent with older ones. PGP key published. Reasonable average shipping time. If any of those looks off, choose a different vendor. ## The order itself - Click the listing. Confirm the quantity and price. - At checkout, encrypt your shipping address to the vendor PGP key before pasting it into the order form. This is a two-minute habit that closes a permanent risk. - Standard shipping. Do not opt for expensive express unless you specifically need it. - Standard escrow. Do not select finalise-early even if the vendor asks. - Submit the order. The multisig deposit address appears. - Coin transfers automatically from your wallet balance to the multisig escrow. ## After the order is placed The vendor sees the order and ships. Watch the message thread for shipping notes. Wait patiently through the shipping window (check the vendor's advertised time). ## Message the vendor sparingly Ask questions if you have them, but do not spam. Vendors process many orders per day. A polite message every couple of days for updates is fine. A message every hour is not. ## When the package arrives Photo of the unopened package with a piece of paper showing the current date visible in the frame. Then open, check the item against the listing, and mark received in the storefront if everything is correct. --- ## Accessing WeTheNorth from mobile *Tor Browser for Android works, but desktop is preferred for anything credential-heavy.* (reading time: 3 min) Tor Browser for Android exists and works against WeTheNorth. This reading covers what changes on mobile and when to prefer desktop. ## What works Login. Anti-DDoS queue. Captcha with embedded address. Registration. Deposit. Order placement. Messaging. Dispute opening. Finalisation. ## What is more friction Copying 56-character onion strings is fiddlier because mobile browsers do not always handle long-string selection cleanly. Use long-press to select carefully. Fingerprint uniqueness is worse on mobile because there are fewer mobile Tor Browser users and mobile screen sizes vary more. The anonymity set is smaller. ## When to use desktop instead Registration (mnemonic handling is easier). PGP verification (gpg or Kleopatra are desktop tools). Any high-value transaction. Anything where a mistake costs you money. ## iOS caveat There is no official Tor Browser for iOS. Third-party apps like Onion Browser are available but the anonymity guarantees are weaker because iOS forces all browsers onto the same WebKit engine. Prefer Android or desktop if you have a choice. --- ## Using Tor bridges when the network is blocked *Bridges hide that you are on Tor. Useful in specific ISP or country contexts.* (reading time: 3 min) Some ISPs and some countries block Tor entry. Bridges route your Tor connection through a relay that is not publicly listed as a Tor node, which hides the fact that you are using Tor. ## When bridges are worth it Your ISP blocks Tor entirely, or you are in a country where Tor entry is logged or blocked. Signs: Tor Browser cannot connect at all, or connects very slowly, or the Tor Project download page is blocked. ## When bridges are not worth it Ordinary browsing in a jurisdiction where Tor is not blocked. Adding a bridge in that scenario only adds latency without changing your privacy. ## How to configure - Open Tor Browser. - Settings → Connection. - Tick Use a bridge. - Pick obfs4 from the built-in list, or request a bridge from bridges.torproject.org. - Restart Tor Browser. ## What bridges do not hide They hide that you are on Tor. They do not hide what you do on Tor. Every guarantee inside Tor still applies. Every reader defence inside the storefront still applies (captcha check, PGP verification, everything). --- # Topic: Verification ## What PGP signatures actually prove *Two guarantees, one anchor. Why the check matters at all.* (reading time: 4 min) PGP verification underpins every trust decision on WeTheNorth. Understanding what the check actually proves matters before running it as a habit. ## Two guarantees A PGP signature over a message proves two things simultaneously. First. The message was signed by the holder of the private key corresponding to the public key you have. In other words, the message came from a specific identity. Second. The message has not been altered since signing. If a single byte in the envelope changes after the signature is applied, the signature fails to verify. ## Why this matters for a mirror address A mirror address on its own is a 56-character string. There is no way to know from the string alone whether it points at the real WeTheNorth or at a phishing clone. But if the address is inside a signed rotation from the operator, and that signature verifies against the operator public key you already have on your keyring, then the address is provably from the operator. ## Why the check needs a trust anchor The verification is only as trustworthy as the public key you use to verify against. If you imported a phishing operator's key at the beginning, every phishing rotation from that operator will verify successfully. The anchor is the operator public key, fetched once from at least two independent sources (the pinned Dread profile and the /pgp path on a mirror you already trust), cross-checked, and then never re-fetched. Everything downstream is anchored to that first import. ## Why the operator private key matters If the operator's private key is ever leaked or seized, the attacker can sign anything under it including a fake rotation, and it will verify. This is the one attack the PGP model does not defend against on its own. The operator's operational security around the private key is a separate concern. --- ## Importing the operator PGP key *One command, once per keyring. Then never again.* (reading time: 3 min) You import the operator public key once. After that, every future rotation verifies against the same key on your keyring. This reading covers the one-time import. ## Where to fetch the key from Two independent sources. The pinned Dread profile of the operator carries the public key. Every current WeTheNorth mirror serves the same public key from the /pgp path (accessed after login). Fetch from both. Cross-check the fingerprint. If they agree, the key is genuine. If they do not agree, at least one source is compromised, and you should not import either key until the situation clarifies. ## The import command Save the operator public key block into a text file called wtn.asc. Run: gpg --import wtn.asc The output confirms the import and shows the key ID. ## Save the fingerprint List keys with fingerprint: gpg --list-keys --with-fingerprint Copy the fingerprint (40 hex chars in 10 groups of 4). Write it on paper or store it in an encrypted local note. Use it to verify future keyring state (if you ever switch machines, you can confirm the operator key on the new machine matches your stored fingerprint). ## Never re-fetch The whole point of the model is that trust rests on the first key you imported. Re-fetching the key gives an attacker another chance to poison your trust anchor. If you have the key on your keyring, use it. Do not import a new copy. --- ## Verifying a rotation message *Two commands. Look for Good signature. Compare the address inside.* (reading time: 3 min) Once you have the operator key imported, verifying a rotation is two commands and one comparison. ## Save the signed message Copy the whole signed rotation from the operator announcement, including the envelope headers. Save into a file called rotation.txt. Do not strip anything. The signature covers every byte between -----BEGIN PGP SIGNED MESSAGE----- and -----END PGP SIGNATURE-----. Extra whitespace, missing newlines, or stray copy-paste artefacts break the check. ## Run the verify gpg --verify rotation.txt The output tells you whether the signature is good. Look for a line that reads: gpg: Good signature from "WeTheNorth " That is success. ## Ignore the trust warning You will almost always also see a line like: gpg: WARNING: This key is not certified with a trusted signature This is expected. It only means you have not personally signed the operator key with your own PGP key. Ignore. ## Compare the address inside Open rotation.txt in a text editor. Find the onion address in the message body. Compare it to the current mirror reference on this site. Match means the address is trustworthy. Mismatch means either the reference is out of date (unlikely on this site) or you copied the wrong rotation message. --- ## Reading gpg output like a normal person *The lines that matter, the lines to ignore.* (reading time: 3 min) The gpg output is dense and half of it is technical noise. This reading picks out the lines a reader actually cares about. ## The line that matters gpg: Good signature from "..." This is the whole verification result. Everything else is metadata around it. ## The line that means trouble gpg: BAD signature from "..." The message was altered after signing, or the signature was made with a different key. Do not trust the address inside. Report the bad post so other readers see the warning. ## The line that means you need to import gpg: Can't check signature: No public key The operator key is not on your keyring. Import it (see the previous reading), then re-run gpg --verify. ## The line that means the message is from someone else gpg: Signature made ... using RSA key ID SOMETHING If the key ID is not the operator's key ID, the message was signed by someone else. Do not import that key. Do not trust the address inside. ## The trust warning gpg: WARNING: This key is not certified with a trusted signature. Normal and expected. Ignore. It only means you have not signed the operator key with your own key, which most readers never do. ## The expired key warning gpg: Signature made ... (expired) Rare. The signing key has expired. Either the operator has to publish a rotation under a fresh signing key (a big event), or the situation is broken. Do not use the address inside until clarified. --- ## Kleopatra on Windows *The GUI version of the verification workflow.* (reading time: 3 min) Kleopatra ships with Gpg4win on Windows and gives you a GUI for the same checks the gpg command line does. This reading covers the Kleopatra path. ## Install Gpg4win From gpg4win.org. Verify the installer signature per their instructions. First install requires signature check like any security software. ## Import the operator key Save the operator public key file as wtn.asc. Open Kleopatra. File → Import. Select the file. The key appears in your key list. ## Verify a rotation Save the signed rotation as rotation.txt. Right-click the file in File Explorer. Pick More GpgEX options → Verify. A window pops up with the result. Either the signature is valid (green) or the file has been modified (red). Same principle as gpg on the command line, different button. ## Reading the Kleopatra result window Green tick and "Good signature": trust the address inside. Red cross and "BAD signature": do not trust. Alert the community. Yellow warning and "unknown signer": you did not import the operator key yet. ## Compare the address Open rotation.txt in Notepad. Find the onion address. Compare to the current mirror reference. --- ## The captcha URL check, per session *A five-second check that catches most phishing clones on the first attempt.* (reading time: 3 min) The captcha URL check is the fast per-session defence against phishing clones. The PGP verification is the slower per-rotation defence. You do both. ## How it works The WeTheNorth login page renders a captcha image server-side with two things baked in: the puzzle you have to solve, and the current onion address printed in small text along one edge of the image. Both are generated in the same file that the browser downloads. ## Reader instruction Every session, before typing the password: glance at the small text at the bottom (or wherever) of the captcha image. Compare to your URL bar. If they match, proceed. If they do not, close the tab. ## Why this defends against clones A phishing clone that scrapes the WeTheNorth login page gets a captcha image with the real WeTheNorth address baked in. If the clone displays that image unchanged, the address in the image does not match the address in the URL bar, and the reader can spot the difference in under five seconds. The clone could regenerate the image with its own address baked in, but that requires implementing captcha generation server-side, which is more work than most clones do. ## Why every session Because bookmarks can be poisoned. A bookmark you saved months ago may point at an address that has since been rotated out. If a phishing clone happens to notice the retirement, they can spin up a clone on the retired address. The captcha check catches this pattern on the first attempt. ## The check is not optional It takes five seconds. It catches the median phishing attempt. Every session, before typing the password. Make it a habit. --- ## Common verify errors and what they mean *A short reference table for the errors you might hit and how to fix each.* (reading time: 3 min) A short reference table for gpg verify errors on a WeTheNorth rotation. ## BAD signature Meaning. The file has been altered after signing, or was signed by a different key. Action. Do not use the address inside. Report the message to the pinned Dread thread so other readers see the warning. ## Can't check signature: No public key Meaning. The operator key is not on your keyring yet. Action. Import the operator key first (see the importing reading), then re-run gpg --verify. ## Signature made ... by different key ID Meaning. The message is signed by a key other than the operator. Action. Do not import the mystery key. Do not use the address inside. ## Signature made ... (expired) Meaning. The signing key expired. Action. Do not trust until the operator publishes a fresh signing key under the outgoing one. Wait for clarification. ## WARNING: This key is not certified with a trusted signature Meaning. You have not personally signed the operator key with your own key. Action. Ignore. This is expected. What matters is the Good signature line above. ## gpg: no valid OpenPGP data found Meaning. The file you passed is not a valid PGP signed message. Usually because you copied only part of the envelope. Action. Re-copy the whole envelope from -----BEGIN PGP SIGNED MESSAGE----- to -----END PGP SIGNATURE----- including headers and blank lines. Retry. --- # Topic: Wallet ## Depositing Bitcoin, first time *The workflow for a first Bitcoin deposit if that is the coin you already hold.* (reading time: 5 min) If Bitcoin is the coin you already hold, depositing it to WeTheNorth is straightforward. The workflow below assumes you are new to depositing onto a Tor storefront. ## Wallet software before the deposit Do not deposit directly from a KYC exchange withdrawal to the market address. The exchange withdrawal record ties your identity to the market account through their compliance logs. Route through a fresh wallet first. The Bureau recommends Sparrow Wallet for privacy-aware Bitcoin. It supports coin control, PSBT, hardware wallet integration, and connects to your own Bitcoin node if you have one. ## The deposit itself - Log into WeTheNorth. Open the Wallet panel. - Select Bitcoin as the deposit coin. - Copy the deposit address shown on the panel. - Open your Sparrow wallet. Send exactly the amount you want to deposit to the copied address. Ten confirmations minimum for the market to credit. - Come back to the wallet panel roughly two hours later. Balance should be credited. ## Two hours is a rough estimate Bitcoin confirmation times vary with mempool congestion. Ten confirmations at typical block time is about ninety minutes, but at times of congestion this can double or triple. Check mempool.space if you want to gauge current wait times. ## Fee awareness Bitcoin fees at typical congestion run one to ten dollars per transaction. Pick a fee that gets you into the next few blocks without overpaying. Sparrow suggests a fee that fits comfortably. ## After the deposit clears The market credits the balance. You can now place an order. Do not leave a large balance sitting on the market between orders. Size deposits to the order plus a small buffer for the network fee on release. Withdraw remainders after each order releases. --- ## Coins accepted at WeTheNorth *Bitcoin at launch. Monero later. What each is good for.* (reading time: 3 min) WeTheNorth accepts Bitcoin and Monero. Bitcoin was supported at launch. Monero was added later and is now the default for new accounts. This reading covers the practical differences. ## Monero, the default Monero transactions hide the sender, the receiver and the amount by default. From the market side, the operator sees only that a deposit landed at your account. From the chain side, an observer sees the transfer happened but cannot see who sent it, who received it, or how much. This is the whole reason WeTheNorth defaults to Monero. ## Bitcoin, the fallback Bitcoin works for every order but leaves the strongest public chain trace. Use Bitcoin only for legacy balances (coin you already hold), or for vendors who price in BTC for category reasons. Do not deposit Bitcoin directly from a KYC exchange withdrawal. The exchange record ties your identity to the market account. Route through a fresh wallet or a Monero swap first. ## Confirmation times Monero: two confirmations minimum, roughly four minutes. Bitcoin: ten confirmations minimum, roughly ninety minutes at typical block time. ## Fees Monero: fraction of a cent per transaction. Bitcoin: one to ten dollars per transaction at typical mempool congestion, higher at peak. ## Which to choose If you are starting fresh, Monero. Easier privacy story, faster confirmations, cheaper fees. The setup effort for acquiring Monero non-KYC is real (a couple of hours), but worth it if you plan to use the storefront more than once. If you already hold Bitcoin from before you knew about Monero, use Bitcoin. Route through a fresh wallet or a Cake swap first if you can. --- ## Bitcoin deposit workflow *From wallet to storefront, plus the fee awareness that saves money.* (reading time: 4 min) Bitcoin deposits to WeTheNorth follow the standard Bitcoin flow with two important additions: routing through a fresh wallet first, and fee awareness at the send step. ## Wallet Use Sparrow (privacy-aware) or Electrum (lightweight). Do not use custodial exchange wallets, browser extensions, or mobile hot wallets for deposits above small amounts. ## Non-KYC routing If your Bitcoin came from a KYC exchange withdrawal, do not send directly to the market address. Route through a fresh wallet first. Ideally, swap to Monero via Cake Wallet's built-in swap and deposit Monero instead. The chain trace from your KYC withdrawal to the market address is the single most common privacy mistake on Tor storefronts. ## The deposit itself - Log into WeTheNorth. Open the wallet panel. - Select Bitcoin, copy the deposit address. - Open your wallet. Paste the address. Enter the amount. - Pick a fee that gets you into the next few blocks. Sparrow's suggestions are reasonable. - Send. Wait ten confirmations. Refresh the market wallet panel. Balance appears. ## Fee awareness Overpaying fees is expensive. Underpaying gets your transaction stuck for hours or days. Check mempool.space for current fee guidance. Aim for the low-fee tier that still confirms within an hour at typical times, higher if you need it done fast. ## After the deposit clears Balance credited. Place an order. Do not leave the balance on the market between orders. Deposit sized to the current order plus a small fee buffer. --- ## Monero adoption in Canadian Tor markets *Why WeTheNorth defaulted to Monero and how the shift played out.* (reading time: 4 min) Canadian Tor markets, WeTheNorth included, shifted from Bitcoin-default to Monero-default over the two years spanning 2023-2025. This reading covers what the shift looked like from the reader side. ## Bitcoin-default launch WeTheNorth launched with Bitcoin as the primary supported coin. Most Canadian buyers already held Bitcoin from clearnet exchanges, and Monero was less well known outside a small group of privacy-focused users. ## Reader mail shift Through 2024, reader mail to community forums about WeTheNorth increasingly asked about Monero: how to source it without KYC, which wallet to use, how to swap Bitcoin into Monero without an exchange. The demand for Monero-related coverage grew before the operator moved the default. ## UI change The operator eventually reworked the wallet panel to default new accounts to Monero. Bitcoin remained available but required an explicit switch. This is a small UI change with a big behavioural effect: most new buyers now deposit Monero without thinking about it. ## Cake Wallet as onboarding path Cake Wallet's built-in Bitcoin-to-Monero swap became the standard onboarding path for Canadians who held Bitcoin from before and wanted to shift to Monero without an exchange in the middle. The swap provider sees the incoming BTC address and outgoing XMR address but not user identity. ## Present state Most new deposits are now Monero. Bitcoin usage has concentrated in specific vendor categories where the vendor prices in BTC, and in existing balances held by long-term users. The shift is roughly complete. --- ## Wallet software shortlist *The wallets the Reading Room recommends per coin.* (reading time: 3 min) ## Bitcoin, desktop Sparrow Wallet. Privacy-aware, coin control, PSBT, hardware wallet integration. Best default. Electrum. Lightweight, reliable, less privacy focus. Fine for basic needs. ## Monero, desktop Feather Wallet. Lightweight, no full node needed, actively maintained. Current default. Monero GUI. Reference wallet from the Monero core team. Requires either a full node or a remote node. Best privacy for readers running their own infrastructure. ## Monero, mobile Cake Wallet. Mobile-friendly. Built-in Bitcoin-to-Monero swap through integrated providers. Good default for readers who use their phone. ## Hardware wallets Trezor and Ledger both work for Bitcoin. Trezor has better Monero support of the two. Hardware wallets protect your private keys from software compromise on your host operating system. Worth the cost if you hold coin for extended periods. Not worth the friction for coin you plan to spend within a week. ## What to avoid Custodial exchange wallets. Browser extensions like MetaMask. Mobile-only Bitcoin apps that do not publish the private key. Any wallet that requires an email address at setup. Any wallet that syncs to a cloud account by default. Any wallet that does not let you export the seed phrase. --- ## Non-KYC funding paths for Canadians *How to get coin without an exchange in the middle.* (reading time: 5 min) The privacy of a market deposit is only as good as the coin that funded it. Buying coin from a KYC exchange and sending straight to the market ties your identity to the account through the exchange records. This reading covers non-KYC funding paths that work for Canadians in 2026. ## RoboSats over Lightning Peer-to-peer Bitcoin trading with a random robot avatar as your identity. Fees around 0.2 percent. Payment methods include Interac e-transfer, cash by mail, gift cards. Best for small-to-medium amounts. Works fine from Canada. ## Cake Wallet built-in swap If you already hold Bitcoin, install Cake Wallet, send BTC in, swap to Monero inside the wallet through one of the integrated providers (ChangeNow, SimpleSwap). Provider sees the addresses but not your identity. ## Bisq Desktop peer-to-peer market with more payment methods (bank transfers, cash in person, Interac). Requires a security bond in Bitcoin, so you need some Bitcoin to start. More friction than RoboSats but more flexibility. ## Bitcoin ATMs in Canada Bitcoin ATMs exist in most Canadian cities, mostly operated by BitAccess, Localcoin and CoinTrader. Since Canadian FINTRAC regulations tightened in 2019-2020, most ATMs require ID above small amounts (currently around 1000 CAD per day). Below the ID threshold, ATMs are a viable non-KYC path for small purchases, but the fees are steep (typically 8-15 percent). ## Cash by mail Send cash in an envelope to a seller on RoboSats or Bisq. They send Bitcoin. Payment methods within those platforms often include this as an option. Postal risk is real but low for reasonable amounts. ## What to avoid Any Canadian exchange (Newton, Bitbuy, NDAX, etc.) if you want privacy. All are KYC and share data with FINTRAC. Coin from these exchanges leaves a permanent link between your ID and your deposit address. --- ## Coin swaps inside Cake Wallet *The Bitcoin-to-Monero swap that most Canadians end up using.* (reading time: 3 min) Cake Wallet's built-in swap is the most common non-KYC path from Bitcoin to Monero for Canadian buyers. This reading covers how the swap works and what each party sees. ## How to swap - Open Cake Wallet. You need a Monero wallet inside Cake and either a Bitcoin balance in Cake or a plan to send Bitcoin into it. - Tap the exchange/swap button. - Pick a provider from the list (ChangeNow, SimpleSwap, Trocador, SideShift). - Enter the amount of Monero you want. - The provider gives you a Bitcoin address to send to. - Send from wherever you hold Bitcoin. Wait for confirmations. Monero arrives in your Cake wallet. ## What the provider sees The incoming Bitcoin address (where the BTC came from). The outgoing Monero address (which is a Cake Wallet address you control). The provider does not see your identity. They do not ask. ## What Cake sees The transaction happened in your wallet. Cake does not phone home with any identifying information about you. ## Fees Provider fees vary. ChangeNow and SimpleSwap typically charge 0.5 to 1 percent above the market rate. Trocador aggregates multiple providers and often finds cheaper rates. The exchange rate is fixed at the moment of the swap. ## Practical note If your Bitcoin came from a KYC exchange, the provider still sees the address, and the chain trace from the exchange to the provider is visible. To break this link, first move the BTC through a fresh wallet you control, then use the swap. --- ## Withdrawing promptly *Do not leave a balance on the storefront after orders release.* (reading time: 2 min) Every deposit on WeTheNorth sits behind 2 of 3 multisig, so buyer coin is not held custodially by the operator while it is in escrow. But after an order releases, the coin appears on the wallet panel as regular buyer balance, not as multisig-locked. That balance is custodially held by the operator until the buyer withdraws. ## The rule Withdraw promptly after each order releases. The wallet balance you should keep is either zero (nothing pending) or exactly the amount for your next order plus a small buffer for network fees. ## Why prompt withdrawal matters A balance you can only recover from the storefront is a balance you lose if anything happens to the storefront. Seizure, exit scam, prolonged outage, key compromise. Any of these leaves you holding coin that is no longer yours in practice. Withdrawing promptly limits your exposure to the current-order size, not the year-of-orders size. This is defence-in-depth beyond the multisig guarantee that already protects your escrowed coin. ## Where to withdraw to A wallet under your own keys. Feather Wallet or Cake Wallet for Monero. Sparrow or Electrum for Bitcoin. Not another custodial service. The whole point of withdrawing is to move the coin under your exclusive control. --- # Topic: Vendors ## Reading a WeTheNorth vendor page *The specific numbers to check, the ones to ignore.* (reading time: 4 min) A WeTheNorth vendor page shows several numbers. Not all of them are equally useful. This is the two-minute read. ## Dispute ratio Dispute count divided by total orders. A vendor with 400 orders and 3 disputes runs at 0.75 percent. A vendor with 400 orders and 40 disputes runs at 10 percent. Below 5 percent is healthy. 5 to 10 percent is a yellow flag (read recent reviews before ordering). Above 10 percent is a red flag except for categories where higher baselines are normal. ## Finalisation ratio Orders that closed cleanly divided by all completed orders. Above 95 percent is healthy. Below 90 percent means one in ten orders required moderator arbitration, worth investigating. ## The last twenty reviews Scroll to the bottom of the reviews. Read the last twenty. If they are noticeably worse than the older reviews, the vendor is going through something. Read the review text, not just the star rating. Look for consistent complaint patterns (stealth quality, shipping delays, weight, potency). ## PGP key Every vendor should have a published PGP key. If they do not, skip them. If they do, import it before placing an order so you can encrypt your shipping address to it. ## Average shipping time Calculated from recent orders. If the vendor's baseline is 2-3 days and current orders are running at 5-7 days, something changed. Read the recent reviews to see why. ## What to ignore Lifetime star average. Individual glowing five-star reviews from unknown accounts. Vendor's own text about how careful their packaging is. None tell you anything. ## Two minutes total Dispute ratio, finalisation ratio, recent reviews, PGP key, shipping time. Two minutes on a vendor page saves a week of dispute mail. --- ## Dispute ratio thresholds explained *Where the lines are and why they are drawn there.* (reading time: 3 min) The Reading Room recommends dispute-ratio thresholds of 5 percent (healthy), 10 percent (red flag), and category-specific exceptions above that. This reading explains why those numbers. ## Below 5 percent Historically stable vendors on both WeTheNorth and larger international markets cluster below 5 percent. This is not because vendors below 5 percent are perfect, it is because vendors above 5 percent tend to accumulate more disputes over time, so the healthy population converges to a lower steady state. A vendor with 400 orders and 3 disputes running at 0.75 percent is not the exception, it is the default for a working vendor with a normal customer base. ## 5 to 10 percent The uncertain zone. Might be a vendor going through a temporary bad patch. Might be a vendor with a naturally higher baseline because of product category. Might be a vendor sliding toward exit. Read the recent reviews to work out which. ## Above 10 percent Red flag. Whatever the cause, one in ten orders opening a dispute is not a healthy pattern. Either the product is inconsistent, the packaging fails often, the vendor ignores messages, or something structurally does not work. ## Category exceptions Some categories have naturally higher dispute baselines: fragile items that arrive damaged, products where quality metrics are ambiguous, orders that require complex customer configuration. In these categories, up to 12-15 percent can be healthy. Above 15 percent is bad in every category. ## How to use the number Together with the finalisation ratio and the recent-reviews pattern. All three should agree. A vendor with 3 percent disputes and 98 percent finalisation and consistent recent reviews is healthy. A vendor with 3 percent disputes but 85 percent finalisation and dropping recent reviews is going through something. --- ## Finalisation ratio, what the number tells you *Above 95 percent is healthy. Below 90 percent is a warning.* (reading time: 3 min) Finalisation ratio is the number of orders that closed cleanly (both buyer and vendor signed the release without a dispute) divided by all completed orders. This reading covers what the number tells you as a buyer. ## Above 95 percent Healthy. This is where working vendors sit. Ninety-five out of a hundred orders close without any moderator intervention. Buyers were satisfied enough to sign the release. Vendors delivered what they promised. ## 90 to 95 percent Slightly elevated but not necessarily bad. A vendor with a high volume of orders and a moderate rate of small disputes can sit here without any single failure being severe. Read the dispute record to see whether the disputes were minor (small refunds, missing items in a package) or major (undelivered orders, wrong products). ## Below 90 percent One in ten orders required a moderator to arbitrate. This is a warning sign. Something is happening that is not being resolved between the parties. Read the recent reviews and the dispute pattern before ordering. ## What the number does not measure Whether the vendor won the disputes they had. A vendor with 90 percent finalisation could be a vendor where 10 percent of orders had a dispute but the moderator ruled in favour of the vendor every time. This is not visible in the ratio alone. ## Read alongside dispute ratio The two numbers together tell the story. High dispute ratio (say 8 percent) plus high finalisation (95 percent) means many disputes but they mostly get resolved in the vendor's favour. Might be a vendor whose customers are unreasonable, or a vendor gaming the system. Read the reviews to work out which. --- ## Recent reviews beat lifetime average *Why the last twenty reviews tell you more than the lifetime star count.* (reading time: 3 min) The lifetime star average on a vendor page is a smoothed number that hides recent decline. The last twenty reviews are the real signal. ## Why lifetime average is misleading A vendor with 4.9 stars overall could have earned those stars over a year of good service, then dropped their supply source in the past month and started sending inconsistent product. The lifetime average is still 4.7 because the past twenty reviews cannot pull down a thousand older ones. But the reviews you should actually read (the recent ones) tell a different story. ## What to look for Scroll to the bottom of the review feed. Read the last twenty reviews individually. Not the star ratings, the text. Consistent complaint patterns are the red flag. "Package arrived open" once is a fluke. "Package arrived open" three times in the last twenty reviews is a structural problem with the vendor's stealth. Consistent praise patterns are the green flag. "Great communication" across many recent reviews means the vendor is responsive on the message system, which matters if you ever need to dispute. ## The fake-review pattern A cluster of glowing five-star reviews with generic wording ("fast shipping quality product", "A+ vendor will buy again") is often a vendor buying fake reviews to bury a real bad one. Look at the neighbouring reviews. If a genuine bad review sits between a burst of generic five-stars, treat the vendor with caution. ## The timing pattern If a vendor has 300 orders and 250 of them cluster in the same four days, that is not a vendor. That is someone spinning up a profile for a scam. Real order flow spreads across weeks and months. --- ## First-order protocol *Small, cheap, standard. Buy information about the vendor, not just the product.* (reading time: 2 min) Your first order with any vendor on WeTheNorth is calibration, not commerce. You are buying information about the vendor, and the product is a happy side effect. ## The protocol - Small quantity. Minimum size the vendor offers. - Cheap product. Not the most expensive thing in their catalogue. - Standard shipping. Not express, unless you specifically need speed. - Standard escrow. Never finalise early on a first order. - Polite factual messages only. - Address encrypted to the vendor PGP key. ## Wait for the order to arrive cleanly Check the item against the listing. If everything matches, that vendor gets a second order from you, larger. If anything is off, open a dispute early with clear evidence and move on. ## Why calibrate Because vendor pages describe what vendors want you to see, and reality often deviates in small ways from that description. A first small order tells you whether the vendor's advertised stealth actually works, whether their advertised shipping time actually holds, whether their advertised weights match reality. All of these are worth knowing before you place a bigger order. ## Vendors who fail calibration Are the same vendors who write to the Bureau most often after buyers open disputes. If your first small order goes wrong, the second larger order would have gone much more wrong. Calibration is cheap insurance. --- # Topic: Escrow ## Marking an order received *The signature that releases the coin. Do not do it before the package is in your hands.* (reading time: 3 min) Marking an order received is your signature on the multisig release. It is one of the two signatures needed to move coin out of escrow. The vendor's signature is the other. ## What to do first Physical package in your hands. Opened. Item checked against the listing. Everything matches. Only then mark received. ## What not to do Do not mark received before the package arrives, even if the vendor asks. That is finalising early (FE), and it drops your escrow protection. If the vendor asks you to FE, that is a sign the vendor may not deliver, and you should read the FE-warning reading before responding. ## If the item does not match the listing Do not mark received. Open a dispute with clear evidence. Photos of the package on arrival, photos of the item next to a scale or measuring stick if the issue is weight or size, message log with the vendor showing your polite factual complaint. ## What happens after you mark received Your signature is applied to the multisig release transaction. The vendor's signature is applied automatically or on their next login. When both signatures are present, the transaction broadcasts to the Bitcoin (or Monero) network and the coin moves from the multisig address to the vendor's wallet. The platform key never moves in this path. That is the healthy signature flow. ## Timing You can wait a day or two to mark received if you want to check the item over. There is no rush. Vendors generally do not follow up until well past the delivery window. --- ## The 2 of 3 multisig escrow model *Three keys, two release. What each key does.* (reading time: 5 min) Every deposit on WeTheNorth sits behind a 2 of 3 multisig contract. Three private keys are generated per order. One held by the buyer, one by the vendor, one by the platform. Any two release the coin. This reading walks through the flow. ## Why 2 of 3 and not 2 of 2 A pure 2 of 2 between buyer and vendor sounds cleaner because the market is not involved in settlement. In practice, if either side goes offline, the coin is stuck forever. The third key is the tiebreaker. Because the market holds only one of three keys, it cannot walk with the coin. It can only help. ## The happy path Buyer deposits. Vendor ships. Buyer marks received. Buyer and vendor both sign the release. Coin moves to the vendor. Platform key never moves. ## The dispute path Either party opens a dispute. Moderator reads both sides, checks the vendor history, judges. Moderator cosigns with the side they judged correct. That signature is the second of two needed. Coin releases accordingly. ## The refund path When the moderator judges the buyer is owed a refund, the moderator cosigns with the buyer key to move coin to a refund address the buyer specifies. Vendor is not required. This is exactly the failure mode a 2 of 3 model closes cleanly. ## What multisig fixes The classic exit-scam pattern. The market operator cannot wake up one morning, move every deposit at once, and vanish. Every deposit sits in its own multisig contract. The market holds one key per contract. That single key cannot move anything. ## What multisig does not fix Seller fraud. A vendor can still ship a rock. The moderator can rule wrongly. These are people problems, not protocol problems. --- ## The dispute workflow, step by step *What happens after you click Open Dispute, and how to increase your chances.* (reading time: 4 min) ## When to open Vendor has failed to respond for at least 72 hours after a clear question. Or the order is significantly past the vendor's advertised shipping window with no update. Or the item arrived and does not match the listing. ## The click Click Open Dispute on the order page. Provide a short factual description of the problem. Attach any evidence you have (photos of the package on arrival, photos of the item against the listing). ## What the moderator sees Your dispute text. Your evidence. The full message thread between you and the vendor. The vendor's dispute history. The vendor's finalisation ratio. Any prior disputes on the same vendor with similar patterns. ## What the moderator asks Both sides for additional evidence if needed. Vendors typically get 48-72 hours to respond. If the vendor does not respond at all within the window, the dispute usually resolves in the buyer's favour by default. ## Common outcomes Full refund. Undelivered order or clear seller failure. Moderator cosigns with the buyer to refund address. Partial refund. Product delivered but does not match the listing (weight short, potency lower). Moderator negotiates a partial. No refund. Order delivered as advertised, buyer complaint not supported by evidence. Moderator cosigns with vendor. ## How to increase your chances Evidence up front. Clear photos. Polite factual language throughout the message thread (accusations before facts hurt your case). Answer moderator questions promptly. Do not open multiple parallel disputes. --- ## Do not finalise early *FE drops escrow. Almost always the wrong move.* (reading time: 2 min) Finalising early (marking an order received before it actually arrives) drops your escrow protection. Once you finalise, the coin is out of the multisig contract and the vendor has it. If the item then does not arrive, there is no dispute path to reverse the release. ## Why vendors ask for FE They want the money before the shipping window closes. Some vendors have legitimate reasons (short on runway between shipments, moving between storefronts, needs to restock). Most FE requests are scams. A new vendor asking a first-time buyer to FE is a scam pattern. ## The Reading Room position Do not FE. If a vendor pushes back on the refusal, choose a different vendor. If a vendor you have used before asks you to FE for a good reason, treat it as a favour you are extending, not a normal step, and only for small orders you can afford to lose. ## Escrow is what makes the market work Give it up and you are buying on an honour system that has no dispute path. The whole reason to go through a Tor storefront is the escrow layer. Do not surrender it for free. --- ## What to do when a package is late *Timing, message the vendor, when to open a dispute.* (reading time: 3 min) Packages are sometimes late. This reading walks through the response. ## Check the vendor's advertised window Every listing has a shipping window (e.g. 3-5 business days domestic Canada). Compare against how long it has actually been. If you are still inside the window, wait. ## If you are past the window Message the vendor politely. "Hi, my order [order-id] is now [n] days past the advertised window. Any update?" Wait 48 hours for a response. ## If the vendor responds Read what they say. Real delays happen (postal delay, supply issue, vendor's own scheduling). If the response is factual and reasonable, wait another 48 hours after the vendor's estimate. If not, escalate. ## If the vendor does not respond Message once more. Wait 48 more hours. If still no response, open a dispute. ## Opening the dispute Provide a factual description. Attach the message thread (which shows your polite unanswered messages). The moderator will contact the vendor. If the vendor does not respond within the moderator's window either, the dispute typically resolves in your favour. ## What not to do Do not spam the vendor. One message every 48 hours is fine. Ten messages in a day makes you look unstable and hurts your case if it goes to dispute. Do not threaten the vendor. Threats end up in the message thread the moderator reads. Do not finalise the order in the hope that the vendor will "reward" you by shipping. This is exactly the FE trap. Do not fall for it. --- # Topic: Safety ## Phishing defence workflow *Three layers of defence, in the order they run.* (reading time: 5 min) Phishing is the single largest cause of buyer account loss on WeTheNorth and every serious Tor storefront. This reading walks through the defence workflow in the order the defences run. ## Layer one: bookmark hygiene The first defence is having a trusted source for the mirror addresses in the first place. Bookmark the mirror reference page inside Tor Browser. Never type an onion address from memory. Never click a link to WeTheNorth from a search engine result, chat message, forum banner or directory you have not vetted. ## Layer two: PGP verification, once per rotation When the operator publishes a signed rotation, verify it against the operator public key you have on your keyring. If the signature is good, the address inside is real. If not, the rotation is fake and the address is worthless. ## Layer three: captcha URL match, every session Every session, before typing the password, compare the small text at the bottom of the login captcha image against your URL bar. Match wins. Mismatch means phishing clone. ## Common phishing patterns Domain squats. Clones on clearnet domains that look close to a WeTheNorth address. Defence: never search WeTheNorth on clearnet. Prefix-collision onions. Onion addresses matching the first 4-8 characters. Defence: full letter-for-letter comparison of all 56 characters. Stale-address hijacks. A retired address gets registered by a phisher shortly after the operator retires it. Defence: keep bookmarks against the current signed rotation, not against addresses you memorised. ## What phishing clones cannot fake They cannot fake a valid signed rotation. They cannot fake the captcha URL match. Any one defence layer, run correctly, catches the median attempt. --- ## Bookmark hygiene *One canonical bookmark. Not five. Not one per mirror.* (reading time: 2 min) Your Tor Browser bookmarks should have one WeTheNorth entry. Not five. Not one per mirror. ## The rule Bookmark the mirror reference page on this Reading Room (or another source you trust to keep the signed rotation fresh). One entry. When you open it, you land on a page that lists the current mirrors. Copy from there. ## Why not individual mirrors Onion addresses rotate. A bookmark to an address the operator retired six months ago is a phishing risk if the retired address gets picked up by a clone (which happens often). Bookmarks to individual addresses go stale. Bookmarks to reference pages stay valid across rotations. ## Where to store the bookmark Inside Tor Browser only. Not in your normal browser. Not in a synced browser bookmark that lives on your host operating system. The bookmark belongs in the same isolated browser session where you actually use it. --- ## Recognising a real WeTheNorth address *Length, character set, prefix. The three quick checks.* (reading time: 2 min) Three quick eyeball checks before doing full verification: ## Length Exactly 56 characters before the .onion suffix. Not 55, not 57. If your paste is a different length, either you copied wrong or the address is malformed. ## Character set Lowercase letters a to z and digits 2 to 7. No uppercase, no 0, 1, 8, 9, no punctuation. Anything outside this set means the address is not a valid v3 onion. ## Prefix Current WeTheNorth addresses use a consistent prefix chosen by the operator. Compare the first several characters of your address against the reference. Any deviation is a signal. ## These are eyeball checks, not verification An address passing all three still needs to be checked against the current signed rotation before you type a password on it. But an address failing any of them is guaranteed wrong. --- ## Where to store the mnemonic *Paper works. Cloud does not. A few options in between.* (reading time: 2 min) The mnemonic seed WeTheNorth issues at registration is the recovery path for your account. Anyone with the mnemonic owns the account. Where you store it matters. ## Paper The default. Write the mnemonic in your own handwriting on a piece of paper. Store in a physical location only you access. Multiple copies in different physical locations you control is fine. ## Metal For long-term cold storage, engrave or stamp the mnemonic into a metal card. Not paranoid, just future-proof. Fires happen. ## Encrypted local file File encrypted with a passphrase only you know, on encrypted local disk that never syncs to any cloud. GnuPG can encrypt a file with a passphrase in one command. ## KeePassXC Password manager database on encrypted local storage. Not a cloud-synced password manager. ## Do not Screenshot the mnemonic. Save it to iCloud, Google Drive, Dropbox. Store it in a browser autofill. Email it to yourself. Take a photo. Any of these moves the mnemonic out of your exclusive control. --- ## Encrypt anything sensitive with vendor PGP *Storefront message system is encrypted, but PGP on top matters.* (reading time: 2 min) WeTheNorth's message system is encrypted by the storefront. But every message is decryptable by the storefront itself, which means it is decryptable by anyone who compromises the storefront database. ## What layering PGP on top adds If you encrypt your shipping address to the vendor's PGP key before pasting it into the message system, the storefront sees only ciphertext for the address field. A seized database returns nothing useful. ## What to encrypt Name. Address. Phone number. Tracking number if you exchange one. Any identifier that could link the order back to your real identity. ## What you do not need to encrypt Order coordination questions. Dispute discussion. Generic messages. The storefront-side encryption is fine for anything that does not include an identifier. ## How Import the vendor PGP key. Encrypt with gpg --encrypt --armor -r vendor-key-id. Paste the ciphertext block into the storefront message. Vendor decrypts with their private key. ## Two minutes per order Costs you two minutes. Closes a permanent risk. --- ## Session length and New Identity *Close Tor Browser between sessions. New Identity between accounts.* (reading time: 2 min) Tor Browser sessions accumulate state over time. Cookies (locally), history, cached DOM state. None of this is inherently dangerous, but a long-lived session is a longer window for anything to go wrong. ## The habits Close Tor Browser after each WeTheNorth session. Open it fresh when you need it again. Use New Identity between accounts. If you have more than one WeTheNorth account (buyer account and separate research account, for example), switch identities between them. Do not leave Tor Browser open for days. The longer the session, the more state accumulates, the higher the chance something crosses. ## Why this matters Small habit. Small effect. But operational security is the sum of many small habits. Skipping one is fine. Skipping many is how accounts get compromised. --- # Topic: History ## The WeTheNorth launch *How the Canadian storefront opened, and what was distinctive about the launch.* (reading time: 5 min) WeTheNorth opened in the second half of 2021 with a Canadian-focused pitch and a small initial vendor pool. This reading covers what the launch looked like and what was distinctive about it. ## The launch pitch A market for Canadian vendors and Canadian buyers. Domestic shipping, no customs crossings for most orders, a focused vendor pool, and standard 2 of 3 multisig from day one. The pitch was to a specific national audience that had been using international markets and finding the vendor pool did not fit their needs. Canadian domestic shipping reduces friction significantly compared to international, and the FINTRAC scrutiny on Canadian exchanges made non-KYC coin flows increasingly important. ## Operator PGP key The launch announcement carried an operator PGP public key. The key has signed every subsequent rotation and has not been rotated. This is the trust anchor readers use to verify every mirror update. ## Initial vendor pool Small. Roughly two dozen active vendors at launch, most of whom migrated from other markets where their Canadian-domestic focus was underserved. Categories concentrated in what was in demand domestically. ## Growth pattern Slow and organic. WeTheNorth did not court attention aggressively. The vendor pool grew as domestic vendors found the market and buyers found the vendor pool. This slow growth correlates with longer market survival, which is what happened here. ## Present state Active. Roughly a hundred vendors depending on the month. Established buyer base. Multisig has held. Operator key has held. This is what a boring successful Tor market looks like. --- ## WeTheNorth timeline, launch to present *Dated events since 2021.* (reading time: 4 min) ## 2021 Launch. Initial mirror. Operator PGP key signed. Bitcoin as sole supported coin. 2 of 3 multisig from day one. ## 2022 Second mirror introduced. Vendor pool doubles roughly by mid-year. First recorded coordinated DDoS window in autumn, absorbed without rotation. ## 2023 Third mirror introduced. Anti-DDoS queue introduced on the login flow. Monero added to the wallet panel, initially opt-in. ## 2024 Wallet panel default switched to Monero for new accounts. Bitcoin remains available for existing balances. Vendor bond schedule tightened after a small wave of scam-bait accounts. ## 2025 Captcha reworked to embed the current mirror address inside the image. This is now the standard phishing check. Coordinated phishing wave in spring, three clone domains detected and burned within a week. ## 2026 Operator PGP key remains unchanged since launch, approaching five years of stability. Mirror rotation cadence steady at every few weeks. Reader mail patterns stable. --- ## WeTheNorth vs international markets *Where a domestic market wins, where an international one does.* (reading time: 4 min) WeTheNorth and international Tor markets like Nexus or Anubis serve overlapping but different buyer populations. This reading walks through where each wins. ## Where WeTheNorth wins for Canadian buyers Domestic shipping. Most orders never cross a border, which means shorter windows, no customs risk, cleaner delivery. Canadian vendors on WeTheNorth generally understand the domestic postal system better than international vendors trying to ship to Canada. Vendor concentration on Canadian-specific product categories that international markets treat as niche. Lower risk profile for buyers who prefer to stay within their national postal system. ## Where international markets win Vendor pool size. Nexus has an order of magnitude more vendors than WeTheNorth. Selection is broader across every category. Bond schedules and dispute infrastructure that have been calibrated over more orders. International markets have more data on scam-bait patterns. For buyers outside Canada, international markets are the default anyway. ## Using both Nothing prevents a buyer from having accounts on both. Different products from different vendors on different markets. Separate wallets, separate mnemonic seeds, separate PGP keys. Do not reuse identifiers across markets. ## Practical read for Canadian buyers Try WeTheNorth first for anything a Canadian vendor sells. Fall back to international for categories WeTheNorth does not cover well. --- # Topic: Community ## Reader mail patterns *What people write in about, and what the answers usually are.* (reading time: 3 min) Reader mail to the Reading Room falls into a small handful of patterns. This reading summarises them so future readers can find their question here first. ## Verification questions How do I import the operator PGP key. Where is the operator key published. What does BAD signature mean. What do I do when gpg says No public key. The verification section of the Reading Room covers all of these. ## Coin choice Should I use Bitcoin or Monero. How do I get Monero in Canada without KYC. What is Cake Wallet. The wallet section covers all of these. ## First-order anxiety Reader has never ordered from a Tor storefront before, has picked a vendor, wants to know what to expect. The first-order protocol and the buyer decision framework collections address this. ## Disputes Order has not arrived, vendor is not responding, what do I do. When do I open a dispute. Will I win. The escrow section covers the workflow. ## Phishing worry Reader is not sure if they landed on a real mirror. Reader accidentally typed credentials into a suspicious page and wants to know what to do. The safety section covers defence. If credentials were typed into a clone, change the password immediately and withdraw any wallet balance. ## What we do not answer Vendor recommendations. Prices. Individual product questions. All of these fall outside our scope. --- ## Editorial notes on category drift *How WeTheNorth's category tree has shifted, and what to check before ordering from a category you have not used in a while.* (reading time: 3 min) WeTheNorth's vendor category tree at launch had a handful of top-level buckets. Two years later, the internal composition has shifted noticeably. This reading walks through the pattern. ## Consolidation Categories that had many vendors at launch have converged toward a shorter list of survivors. Bond costs and probation windows filter low-quality newcomers. Buyer traffic clusters around vendors with clean dispute histories. Compounding advantage over time. ## Fragmentation Some categories that were single buckets got split into subcategories after buyer complaints about noisy search results. Fragmentation is a growth signal. ## Vanished A few subcategories present at launch no longer have active listings. Not an operator decision, just no vendors listing and no new vendors filling the slot. ## Buyer implication A buyer who has not visited in six months should not assume the category tree is unchanged. Start from the current top-level list and drill down. Do not type a category name from memory. --- ## Why we write this *The Reading Room mission in three paragraphs.* (reading time: 2 min) The Reading Room exists to help readers who want to understand WeTheNorth before they use it. Not to promote the market. Not to review vendors. Not to elevate anyone's brand. Everything published here is written by hand by a small editor group. Every claim traces to a signed operator announcement or direct observation. Every mirror listed has been verified against a PGP signature. The point is to save readers the confusion that comes from stitching this together from scattered forum posts and unverified directory sites. If you find the material useful, keep reading. If you find something wrong, send a correction through the storefront message system to the Editor account. If you want us to shill for a vendor, save your time. --- # Collections ## First-time visitor path *Read in order if you have never used the storefront before.* - **What WeTheNorth Market actually is** — A short introduction to the Canadian Tor storefront, its history, and what makes it different from the larger markets. - **Installing Tor Browser, correctly** — One download source, one signature check, three settings that matter. - **Picking a WeTheNorth mirror** — Three current addresses. All equivalent. Pick whichever opens fast. - **First login walkthrough** — From paste to logged in, step by step, plus the check to run every session. - **Registering a WeTheNorth account** — Fresh username, strong password, mnemonic on paper, PGP key uploaded. - **Depositing Bitcoin, first time** — The workflow for a first Bitcoin deposit if that is the coin you already hold. - **Placing a first order** — Small, cheap, standard shipping, standard escrow. - **Marking an order received** — The signature that releases the coin. Do not do it before the package is in your hands. ## Verification, from key to signature *The full workflow for verifying a WeTheNorth rotation with PGP.* - **What PGP signatures actually prove** — Two guarantees, one anchor. Why the check matters at all. - **Importing the operator PGP key** — One command, once per keyring. Then never again. - **Verifying a rotation message** — Two commands. Look for Good signature. Compare the address inside. - **Reading gpg output like a normal person** — The lines that matter, the lines to ignore. - **Kleopatra on Windows** — The GUI version of the verification workflow. - **The captcha URL check, per session** — A five-second check that catches most phishing clones on the first attempt. - **Common verify errors and what they mean** — A short reference table for the errors you might hit and how to fix each. ## Wallet and funding *Coin choice, wallet software, non-KYC funding paths.* - **Coins accepted at WeTheNorth** — Bitcoin at launch. Monero later. What each is good for. - **Bitcoin deposit workflow** — From wallet to storefront, plus the fee awareness that saves money. - **Monero adoption in Canadian Tor markets** — Why WeTheNorth defaulted to Monero and how the shift played out. - **Wallet software shortlist** — The wallets the Reading Room recommends per coin. - **Non-KYC funding paths for Canadians** — How to get coin without an exchange in the middle. - **Coin swaps inside Cake Wallet** — The Bitcoin-to-Monero swap that most Canadians end up using. - **Withdrawing promptly** — Do not leave a balance on the storefront after orders release. ## Safety and OpSec *The habits that separate buyers who last from buyers who lose accounts.* - **Phishing defence workflow** — Three layers of defence, in the order they run. - **Bookmark hygiene** — One canonical bookmark. Not five. Not one per mirror. - **Recognising a real WeTheNorth address** — Length, character set, prefix. The three quick checks. - **Where to store the mnemonic** — Paper works. Cloud does not. A few options in between. - **Encrypt anything sensitive with vendor PGP** — Storefront message system is encrypted, but PGP on top matters. - **Session length and New Identity** — Close Tor Browser between sessions. New Identity between accounts. - **Do not finalise early** — FE drops escrow. Almost always the wrong move. ## How to evaluate a vendor *The specific numbers to check and the pattern to follow.* - **Reading a WeTheNorth vendor page** — The specific numbers to check, the ones to ignore. - **Dispute ratio thresholds explained** — Where the lines are and why they are drawn there. - **Finalisation ratio, what the number tells you** — Above 95 percent is healthy. Below 90 percent is a warning. - **Recent reviews beat lifetime average** — Why the last twenty reviews tell you more than the lifetime star count. - **First-order protocol** — Small, cheap, standard. Buy information about the vendor, not just the product. - **What to do when a package is late** — Timing, message the vendor, when to open a dispute. --- # Reference material ## About WeTheNorth Market *Canadian-focused Tor storefront. Escrow, coin support, mirror rotation.* WeTheNorth Market is a Canadian-focused Tor storefront active since the second half of 2021. It ships domestically within Canada as the primary use case and serves a smaller international audience through vendors who opt into cross-border shipping. This page covers the storefront at reference length. ## Canadian focus Most vendors on WeTheNorth ship domestically within Canada. Most buyers pay in Canadian-preferred coin flows. Shipping windows tend to be shorter than international because the majority of orders never cross a border. This is the single distinguishing feature of the storefront relative to larger international Tor markets. ## Escrow Every order settles through 2 of 3 multisig. Three keys, held by buyer, vendor, platform. Any two release. In the healthy path, buyer and vendor sign the release themselves after delivery and the platform key never moves. If a dispute is raised, the platform arbitrates and cosigns with the side it judges correct. ## Coin support Bitcoin at launch. Monero added in 2023 and now the default for new deposits. Both fund the same multisig escrow at checkout. Monero is preferred where privacy matters, Bitcoin remains fully supported for buyers who already hold it. ## Mirror rotation The operator maintains a small set of rotating onion addresses. All addresses in the current set resolve to the same storefront with the same account, balance and order history. When an address rotates out, the others continue serving without interruption. The current set is on the mirrors page. ## Timeline Launched second half of 2021. Second mirror added 2022. Monero support 2023. Wallet default switched to Monero for new accounts 2024. Captcha reworked to embed the current mirror address 2025. Operator PGP signing key unchanged since launch, approaching five years of stability. --- ## Reference library *Glossary, timeline, mirror list, FAQ, further reading.* Reference material for readers of the Room. - Glossary — every term used in the readings. - Timeline — dated events since launch. - Mirrors — the current verified addresses. - FAQ — questions readers ask most. - Downloads — editor PGP public key. --- ## Glossary *Plain-language definitions of every term.* **Anti-DDoS queue** : Wait page in front of the login form. Holds visitors for 20 to 60 seconds. Rate-limits automated credential-stuffing. **Bond** : Refundable deposit posted by a new vendor before the first listing goes live. Returned after clean probation. **Captcha URL match** : Comparing the onion address baked into the login captcha image against the URL bar. Catches most phishing clones on first check. **Dispute** : Formal disagreement over an order. Moderator reads both sides, cosigns with whichever they judge correct. **Escrow** : Payment arrangement where funds sit in a multisig contract until both buyer and vendor agree the trade is done. **Finalisation** : Marking an order complete, which releases coin from escrow to the vendor. Do not finalise before delivery. **Finalise early (FE)** : Marking an order complete before delivery. Drops escrow protection. Almost always the wrong move. **Guard node** : The first Tor relay in your circuit. Long-lived for anonymity reasons. **Mirror** : Distinct onion address resolving to the same storefront backend. Same account, same balance. **Mnemonic seed** : Human-readable phrase issued at registration for account recovery. Paper only. **Multisig (2 of 3)** : Payment contract with three keys held by buyer, vendor, platform. Any two release. **Onion address** : 56-character v3 Tor hidden service address. Only Tor Browser resolves it. **Operator key** : The WeTheNorth operator PGP public key. Signs every rotation. Has not rotated since launch. **PGP signature** : Cryptographic signature over a message. Proves origin and integrity when verified against the corresponding public key. **Signed rotation** : PGP-signed operator announcement listing current mirror addresses. **V3 onion** : Current generation of Tor onion addresses. Ed25519-based, 56 characters. --- ## Timeline *Dated events since 2021.* Full timeline is covered in the history reading WeTheNorth timeline, launch to present. Latest verified events summarised here for quick reference: - 2021. Launch, one mirror, operator PGP key first signed. - 2022. Second mirror. Vendor pool doubles by mid-year. - 2023. Third mirror. Anti-DDoS queue introduced. Monero opt-in added. - 2024. Monero becomes wallet default. Bond schedule tightened. - 2025. Captcha embeds onion. Coordinated phishing wave, three clones burned. - 2026. Operator PGP key stable across five years. Steady rotation cadence. --- ## Verified mirror reference *The three current WeTheNorth onion addresses, verified against the operator signed rotation.* Three current addresses. All three resolve to the same WeTheNorth storefront. Pick whichever opens fast. a.Copy b.Copy c.Copy ## Verify before login Every entry above verified against the last signed operator rotation. Before typing your password, compare the small text at the bottom of the login captcha image against your URL bar. See the captcha URL check reading. --- ## Frequently asked questions *Short answers to the questions reader mail brings up most.* ## What are the current WeTheNorth mirrors? The three addresses on the mirror reference page. All three resolve to the same storefront. ## What coin should I use? Monero if you can, Bitcoin if you already hold it. See the coins reading. ## How do I verify a rotation? Import the operator PGP key once, run gpg --verify. See the verify walkthrough. ## Is WeTheNorth Canadian-only? Primarily. Most vendors ship domestic Canada. Non-Canadian buyers can use the storefront but face vendor-side friction. ## How do I get Monero in Canada without KYC? RoboSats or Cake Wallet swap. See the funding paths reading. ## My order is late. What do I do? See the late-package reading. Short version: wait through the window, message the vendor politely, open a dispute if no response. ## What is finalise early? Marking an order received before delivery. Drops escrow. Almost always wrong. See the FE reading. ## Where is the operator PGP key published? Pinned Dread profile and /pgp path on any current mirror. Fetch from both, cross-check fingerprint, import once, never re-fetch. ## Can I use the same account on all mirrors? Yes. That is the whole point. Every mirror resolves to the same backend. ## Are the mirror addresses safe to type? Always copy an onion address rather than typing it. A single wrong character in a 56-character string sends you to the wrong destination. Use the copy button on the mirrors page. --- ## Downloads *Editor PGP public key.* ## Editor PGP public key Used for reader correspondence about corrections and tips. Fingerprint available on request through the storefront message system. ## Not published here The WeTheNorth operator PGP key. Deliberately not published on this site to avoid becoming a single source that could be poisoned. Fetch it yourself from Dread and from a mirror /pgp path, cross-check. Screenshots of the storefront. Not published to avoid becoming targets for phishing clones matching specific visual details. ---