Vortex Entry Protocol

Before you connect to anything on the Tor network, you need two things in working order: a verified copy of Tor Browser, and a basic understanding of what it does and does not protect you from. Tor anonymises your network path — it cannot protect you from browser fingerprinting if you modify it, and it cannot protect you from your own operational choices after you're connected.

Download and verify Tor Browser

Every Tor Browser release is signed with the Tor Project's PGP key. This signature is the only way to confirm that the binary you downloaded wasn't tampered with in transit or on a compromised mirror. The process takes four minutes.

1. Go to torproject.org and download the stable build for your platform (Windows, macOS, or Linux). Download the .asc signature file alongside it — they're listed together on the download page.
2. Import the Tor Project signing key via WKD — the simplest method:gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.orgConfirm the fingerprint matches EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 exactly.
3. Verify the download:gpg --verify tor-browser-linux-x86_64-13.5.6.tar.xz.ascExpect "Good signature from The Tor Project". A BAD signature means discard and re-download from a different location.
4. Launch and set Security Level to Safest. Click the shield icon → "Change Security Settings" → Safest. This disables JavaScript on standard sites. On .onion sites, JavaScript remains available since the transport layer already provides strong anonymity.

With Tor Browser running and Security Level set to Safest, you're ready to connect to Vortex. The market's entry sequence has three gates: the PoW challenge, account creation, and 2FA setup. Plan for ten minutes on your first visit.

1. Copy a verified address from the mirrors page. Paste it directly into Tor Browser's URL bar and press Enter. Do not use a search engine — no search engine indexes .onion addresses. Any result that appears is a phishing site.
2. Wait through the PoW captcha. The browser automatically computes a hash challenge (2-4 seconds). You'll see a brief spinner. This prevents scripted scans without asking you to identify fire hydrants.
3. Register an account. Choose a username with no personal identifiers — random alphanumeric is ideal. Use a password of at least 18 characters with mixed case and symbols. There is no recovery mechanism — write it down on paper and store it away from your device.
4. Record your PGP mnemonic. On registration, Vortex generates a 24-word phrase linked to your session PGP key. Write every word, in order, on paper. If your session key is lost, this phrase is the only recovery path for encrypted messages.
5. Enable TOTP 2FA immediately. Account → Security → Two-Factor Auth. Scan the QR code with Aegis (Android) or Raivo (iOS). Confirm the six-digit code. From this point forward, every login requires both your password and the current TOTP token.

The browser layer is handled. Now the threat model shifts to your payment trail and your operational identity. Monero is mandatory on Vortex — not as a preference, but because the platform removed Bitcoin support entirely in March 2024 after extensive community discussion on Dread about blockchain analysis capabilities.

Monero wallet setup

Download the official Monero GUI or Feather Wallet from getmonero.org. Verify the download (GPG verification, same process as Tor Browser). For acquisitions, use a peer-to-peer exchange that requires no KYC — this breaks the link between your real identity and the XMR entering your wallet.

What Vortex does not store

The primary node uses RAM-only storage with a 48-hour maximum retention window. No persistent disk writes for transaction data, user session data, or message content. The market never receives plaintext versions of messages between buyers and vendors — only encrypted blobs it cannot decode. Physical access to the server yields nothing recoverable beyond the active session window.

Vortex currently lists 24,984 items across 14 categories. Your first purchase should be from a vendor with 200+ completed orders and a rating of 4.7 or above — the threshold at which fraud rates drop below 0.4% according to community tracking data. Do not optimise for price on your first trade.

1. Find the vendor before the listing. Click the vendor username to view their full profile — total sales, average rating, registration date, and dispute history. A vendor with 847 sales and a 4.81 rating is a reliable starting point. A vendor with 12 sales and a 5.0 rating is not.
2. Check escrow terms. Standard orders use Vortex's 3-of-5 multisig escrow — funds are locked until you confirm receipt or a dispute resolves. "Finalize Early" (FE) bypasses escrow and pays the vendor immediately. Only use FE with verified gold-tier vendors (500+ orders).
3. Encrypt your delivery address with the vendor's PGP public key before placing the order:gpg --armor --encrypt --recipient VENDOR_KEY_ID "Full address here"Paste the resulting PGP block into the shipping field. Do not enter a plaintext address.
4. Fund the escrow. Vortex generates a unique XMR subaddress per order. Send the exact amount shown. Payment confirms after 10 Monero blocks (~20 minutes). Do not send BTC, ETH, or any other currency — only XMR reaches the escrow.
5. Confirm or dispute before the timer expires. When your order arrives, mark it complete to release escrow to the vendor. If it does not arrive within the stated window, open a dispute from the order page before the auto-release timer hits zero — auto-release is permanent and cannot be reversed.