XmrBazaar (beta)

If you want to disclose an XmrBazaar vulnerability you've discovered, you can choose to do it responsibly via encrypted DM to me, or irresponsibly here on an open forum. So far, all 80K+ messages in our DB (over 1+ year of operation) are PGP encrypted. There are no unencrypted messages.

Encryption is done client-side in the browser via OpenPGP.js (you can easily check it), so the server never sees any unencrypted messages. And you can always use your own PGP: https://xmrbazaar.com/messenger-nojs.

And if you want to disclose a vulnerability you've discovered in OpenPGP.js, you should do it there via GitHub, as many projects rely on it: https://github.com/openpgpjs/

Otherwise, you just sound like a disgruntled scammer trying to get their petty lil' revenge for being labeled as such, by spreading FUD under their XXth empty account here.

And I'm not saying you are the one; I'm saying you've made yourself sound like one. Because EVERY time I label a scammer as a scammer, there's always a new "concerned citizen" with a fresh empty account who's suddenly worried about XmrBazaar's or its team's "safety."

And now my professor of statistics is fighting in my head with some conspiracy theorist, yelling that "Correlation does not mean causation." :)))

Personally I don't consider anything done on a phone or computer to be private. I'm not super tech literate but even at the most basic level, your data is being collected by your ISP and even by many bloat ware programs you may have, so the security of any website you use isn't exactly going to protect you from something like government prosecution anyways.