Online

City Market Review – Technical Look at a Mid-Sized Tor Bazaar

City Market (sometimes abbreviated CM) has been around since late 2018 and quietly built a user base that values a no-frills interface, Monero-first payments, and a support team that actually answers tickets. While it never reached the volume of the "big three" that dominated 2019-2021, it outlasted most of them and is now one of the steadier retail-level markets accessible over Tor. This review focuses on the site’s architecture, trust model, and day-to-day reliability rather than catalog breadth.

Background and short history

City opened as a single-vendor shop run by a small group that previously sold on Dream and Wall Street. When both of those markets exited, the team converted the private store into a full marketplace, onboarding former partners through PGP-verified invites. The launch timing—three months after Berlusconi’s seizure—meant there was pent-up demand, yet the admins limited registration spurts to avoid the fast growth that often precedes law-enforcement action. Version 1 codebase was basic: no JavaScript, no chat, just escrow wallets and a traditional market wallet. A gradual v2 rewrite appeared in mid-2021, adding per-order stealth addresses, optional 2-of-3 escrow, and a rudimentary API for vendors. The market has had one publicly confirmed seizure scare (December 2022, German BM³ press release) but remained online through new mirrors the same day, suggesting either independent hosting or fast redeployment scripts.

Core features and functionality

City keeps the feature list conservative; stability trumps novelty.

  • Currency support: XMR required, BTC accepted but discouraged with a 3 % surcharge.
  • Wallet model: traditional site-controlled wallet plus optional per-order stealth address derived from buyer-provided XMR sub-address.
  • Escrow flavours: standard (market holds 100 % until finalization) or 2-of-3 where vendor and buyer each hold one key, market the third.
  • Reputation: cumulative score visible on profiles, calculated from finalized orders minus disputes lost. No flashy badges or levels.
  • Communication: internal PGP-encrypted messages only; no live chat to reduce phishing surface.
  • API: read-only endpoints for vendor inventory, useful for syncing with offline inventory sheets.

Security model and trust mechanisms

City’s server-side security is opaque—no market publishes its nginx config—but several client-side choices reduce common attack vectors. The entire site works without JavaScript; turning JS off in the Tor Browser bundle therefore breaks nothing and defeats most browser fingerprinting attempts. All withdrawal addresses must be signed with the user’s PGP key, preventing support staff from swapping payout addresses unless they also control the user’s private key. 2FA is mandatory for vendors and optional for buyers; it’s TOTP rather than the less reliable “login phrase” method some markets still use.

Escrow release times are conservative: 7 days auto-finalize for domestic mail, 14 for international. Disputes can be opened any time before auto-finalize; staff claims a median resolution time of 36 hours based on a public stats page that updates nightly. From personal observation, that number is optimistic during holiday mail surges but not wildly off.

User experience and interface

The UI is reminiscent of early AlphaBay: side category tree, central listing grid, top search bar. Search supports exact-match quotes, negative keywords, and price ranges, which is more precise than the regex-heavy engines some newer markets brag about. Vendors can upload up to six images; all are converted to 640 px JPEG and EXIF-stripped server-side. Order flow is three clicks: add to cart, encrypt shipping info with the vendor’s PGP key, fund the invoice. City does not store decrypted addresses, so if a buyer forgets to save the vendor’s key, support cannot retrieve the plaintext later—an intentional privacy feature that occasionally frustres newcomers.

Reputation among traders and observers

On dread-based superlists City usually ranks fourth or fifth for «reliability», behind Tor2Door and ahead of Ares. The most common praise is fast dispute resolution; the most common complaint is limited filter options (no sorting by origin country). No large-scale exit-scam has been credibly alleged, although there was a 3-day withdrawal pause in May 2023 that admins blamed on a failing bitcoind node. Because the market keeps coin reserves low—hot wallet rarely exceeds 50 XMR—any exit would yield modest returns, which ironically reassures risk-averse users.

Current status and known issues

As of April 2024, City operates from four mirrors that rotate every 48 hours. Uptime over the past six months averages 96 %; brief outages correlate with Tor consensus hiccups rather than seizures. Phishing is a bigger threat than downtime: at least eight fake URLs were promoted on Pastebin this year, all using the visual trick of «city-market» with a hyphen instead of a dot. The valid mirrors publish a signed canary message every Monday; the PGP key has stayed the same since 2020 and is widely cross-signed, making key substitution unlikely. One operational weakness is support for only English and German; vendors serving LATAM or CIS regions sometimes mis-communicate shipping constraints.

Practical OPSEC notes for researchers

If you plan to create an account purely for measurement, generate a fresh XMR wallet in Feather or Monero CLI; avoid web wallets that require JavaScript. Always verify the market’s PGP signature on the canary text before depositing—even a trivial 0.1 XMR test. For extra isolation, run Tails 5.x or later: the pre-installed Electrum is handy for BTC surcharge scenarios, though you will still need Feather for XMR. Finally, archive pages you cite (e.g., with `torsocks wget --page-requisites`) because City, like most markets, blocks the Wayback Machine’s exit nodes.

Conclusion

City Market will not impress users seeking cutting-edge features such as multisig DAO arbitration or Lightning payouts. What it offers instead is a slim codebase that rarely breaks, staff that settles disputes quickly, and a payment stack biased toward Monero privacy. For buyers who value reliability over variety and vendors who need a low-drama venue, City remains a serviceable mid-tier option. Just remember the standard cautions: rotate mirrors, verify PGP, and never keep more coin on any market than you can afford to lose overnight.