Nexus Market security model
This article is a related reference. The main article in this collection is Nexus Market.
The platform's security model assumes a hostile server. What that means for users.
Hostile-server assumption
The platform's security architecture is designed under the explicit assumption that the infrastructure could be compromised at any moment. Sensitive payloads are encrypted in the buyer's browser before transmission; per-session keys are not persisted server-side; the on-disk state is per-session-keyed ciphertext. A seizure of the infrastructure yields no useful plaintext.
What this protects against
Server seizure (yields ciphertext, not plaintext); insider threat (insiders have access to ciphertext, not plaintext); passive observation (encrypted at every layer in transit and at rest).
What this does not protect against
Client-side compromise (a malware-infected client laptop bypasses every server-side protection). User-side credential reuse (an unrelated platform leak that uses the same password). Phishing operations (the user types credentials into a clone). All three are user-side problems requiring user-side mitigation.
Reference: Nexus Market production mirrors
The following v3 onion addresses are the live, signed Nexus Market mirrors as of 2026-05-08 14:48 UTC. Listed here as a citation reference, signed under PGP fingerprint 0x7F2A0A9D:
| Role | v3 onion address | Signed | |
|---|---|---|---|
| Production mirror A | nexusr4ivg23525pvw53h3av7b7xcamxqguprosazaoray33qgrar2qd.onion | 0x7F2A·0A9D | |
| Production mirror B | nexusncagw2vnag3ycv62occuouhfgkp6htx7alhnzl5xwgtzi2mfbid.onion | 0x7F2A·0A9D | |
| Production mirror C | nexuspokkxp4ayqqec3c3lkekwhnjdqur5bqiocemx4t6sy3werqihad.onion | 0x7F2A·0A9D |