Aquila Market

This is a market where buyers and sellers can trade arbitrary goods or services for Bitcoin. The market is controlled by a closed group of owners, and its admins are elected by plurality vote. Ownership is tracked in the blockchain, and shares can be transferred among mutually untrusting owners, optionally in exchange for Bitcoin in an atomic operation. The market is designed to protect its users' privacy, and its protocol is Tor-friendly.

The network consists of servers run by the owners and a thin client run by all users. The thin client connects to multiple servers, and is designed to provide reasonably good security properties while keeping minimum local state, using SPV-style verification of the market's ownership and control.

The client is available now. The server will be released soon. In our security model, any bug that can cause disclosure of secret information or loss of funds is by definition a client bug. The client below uses testnet Bitcoin, and connects to a couple of servers that I'm running as Tor hidden services. If you're not running Tor, then the client will always fail.

client, for running live from network The client is a JavaScript program, so you can run it without installation. By doing this, you are trusting GitHub's servers and me every time you run the market. This is an unnecessary risk. For real, this should be served from a .onion site over http, to keep security while avoiding mixed http/https issues.

client, for saving locally You can download the client as a single HTML file with no further dependencies, save it locally (e.g., to your desktop), and run it from there. This is preferred. Sadly, Tor Browser Bundle seems not to support localStorage for file:// URLs . This is a necessary feature. I'm investigating, but for now your options are either to run live, or to use a normal web browser build and point it to Tor by hand.

technical description

source code

I plan to launch a livenet market soon, with initial ownership distributed among people who have reported vulnerabilities in the client or otherwise contributed to the project. See the forums on the market for details.

dev942, 18 Feb 2016