FINAL / LOCKED

Final Scoring · Ranking · Analysis — Bitcoin/FOSS/Privacy Commerce Stack

A strict, adversarial evaluation of five commerce stacks under a maximal Bitcoin-only, FOSS-first, privacy-first, collapse-resilient sovereignty lens. Scores represent the behavior of each stack under hardened, self-hosted deployment assumptions (not default “hosted SaaS” usage).

Method: weighted multi-criteria scoring (0–100 each)
Model: protocol-first · self-host-first · metadata minimization
Threat posture: hostile infrastructure + coercive chokepoints assumed
Scope: shopstr · LNbits/nostrmarket · Magic Webstore · Plebeian Market · Conduit

1) Final Criteria & Weights

All criteria are scored 0–100, then combined into a composite score (0–100) using the weights below. Weighting is deliberately harsh on stablecoins, mandatory SaaS dependencies, and custody-in-the-path designs.

Monetary Stack Purity (20%)

Bitcoin-only rails (on-chain / Lightning / BTC-denominated ecash) score highest. Stablecoins and fiat rails incur major penalties, especially when first-class.

Stack Sovereignty & Collapse-Resilience (20%)

Self-hostability, minimal moving parts, Tor-friendly “bunker deploys,” and survivability under infrastructure loss, censorship, or platform seizures.

Privacy & Metadata Containment (20%)

Minimization of identity, transaction, and graph leakage: rotating/“whisper” addresses, Nostr DMs, ecash where appropriate, low telemetry and low central indexing.

Trust Model & Custody (15%)

Highest scores go to stacks that never custody funds or force intermediaries into the settlement path. Default custodial flows (hosted hubs, custodial Lightning, mint reliance) reduce the score.

Nostr Nativeness & Protocol Decentralization (10%)

Depth of Nostr integration (e.g., NIP-15 marketplaces; listings as events; relay fungibility), and portability across front-ends without a single chokepoint database.

Synthetic-Stack Infiltration Risk (10%)

Exposure to surveilled or coerced rails: stablecoins, mandatory cloud enclaves, default dependence on hosted wallets/hubs, or “growth stack” integrations that externalize metadata.

Maturity, Community & Viability (5%)

Activity, maintenance, documented deployment paths, and operational robustness. Complexity is not rewarded; survivable simplicity is.

Deployment assumption: scores are calibrated to hardened, self-hosted configurations whenever feasible (e.g., self-hosted LNbits, Tor access, relay choice, avoiding custodial defaults). Where a project’s default path is custodial or hub-dependent, the trust score reflects that default unless a clear, supported non-custodial path exists today.

2) Final Scores (0–100 per criterion) & Composite

Composite score is a weighted sum using the criteria weights above. Scores are shown with one decimal place for the composite.

Project Monetary Stack Privacy Trust Nostr Synth Risk Maturity Composite
LNbits + Nostr Market
LNbits server + NIP-15 marketplace extension 		98 94 92 90 98 93 92 94.0
Shopstr
Nostr marketplace + Lightning + Cashu 		100 85 92 88 97 88 88 91.5
Magic Webstore
Static “whisper address” webstore 		100 100 91 75 88 90 80 91.3
Plebeian Market
NIP-15 marketplace with Alby-linked payment flow 		100 80 88 72 97 70 88 85.5
Conduit Market
Nostr commerce hub with BTC + USDT + ecash settlement 		40 75 88 90 95 50 85 72.9
Key differentiator: Shopstr and Magic Webstore are extremely close. Shopstr wins slightly on trust and Nostr-market depth, while Magic Webstore is a near-ideal collapse-resilient primitive but loses points on default custodial Lightning behavior.
Composite Score Bars
94.0
LNbits + Nostr Market
91.5
Shopstr
91.3
Magic Webstore
85.5
Plebeian Market
72.9
Conduit Market
Primary reference links used throughout this page
Links are embedded inline within each section. Core sources include:

3) Final Ranking (Highest → Lowest Composite)

Ranking is strictly based on composite score under the weights defined above.

1
LNbits + Nostr Market
Bitcoin/Lightning-only + mature self-hosted engine + canonical NIP-15 marketplace.

94.0

Composite

2
Shopstr
Nostr-native classifieds marketplace using Lightning + Cashu.

91.5

Composite

3
Magic Webstore (ex-Superstore)
Static, CC0 “whisper address” store primitive; default Lightning is custodial.

91.3

Composite

4
Plebeian Market
Strong NIP-15 client; payment path includes an Alby-linked ricochet hop.

85.5

Composite

5
Conduit Market
Non-custodial posture + Nostr-native, but stablecoins (USDT) are first-class.

72.9

Composite

4) Project Breakdown (Full Detail)

Each project section includes: what it is, the score vector, justification per criterion, and the role it plays in a hardened, protocol-first commerce stack. Links are embedded inline at the point of claim (no link appendix).

LNbits + Nostr Market — Composite 94.0

LNbits is a lightweight server that sits on top of a Lightning funding source and provides isolated wallets plus an extension system. Nostr Market is an LNbits extension implementing a NIP-15 marketplace using Nostr events and NIP-04 DMs for order flows.

Repo: lnbits/lnbits Extension: lnbits/nostrmarket Deploy guide: DarthCoin Docs: docs.lnbits.org Site: lnbits.com
98
Monetary
94
Stack
92
Privacy
90
Trust
98
Nostr
93
Synth Risk
92
Maturity

What it is (verified)

  • LNbits: lightweight server on top of a Lightning funding source with isolated wallets + extension framework source
  • Nostr Market: LNbits extension implementing NIP-15 marketplace; supports generating or importing merchant Nostr keys source
  • Tor / WSS-only deployment pattern described as “no HTTP traffic and even without DNS/domain” source

Score rationale (criterion-by-criterion)

  • Monetary Purity (98): nostrmarket is Bitcoin/Lightning-oriented; LNbits ecosystem can host other payment rails via other extensions, so the purity score is near-perfect but not absolute. Example of non-Bitcoin payment options in a separate LNbits extension: lnbits/market
  • Stack Sovereignty (94): self-hostable; multiple hardened deployment recipes exist; heavier than static primitives but still “bunker deployable” source
  • Privacy (92): Nostr transport (events + DMs) is relay-fungible; privacy is primarily driven by relay choice + LN routing metadata.
  • Trust (90): non-custodial when self-hosted on top of a self-controlled funding source; custody risk rises sharply when using third-party LNbits instances source
  • Nostr Nativeness (98): explicit NIP-15 marketplace focus source
  • Synthetic Risk (93): no stablecoins required; risk is largely configuration-dependent (hosted funding sources, hosted LNbits, etc.).
  • Maturity (92): LNbits and its marketplace extension are actively developed and widely deployed across the ecosystem source
Role in a hardened commerce stack
Canonical “heavy” marketplace engine: suitable for multi-merchant markets, inventory, and structured commerce, especially when deployed as self-hosted LNbits + self-controlled Lightning funding source, with Tor/WSS relay posture.
Notable adversarial caveat
LNbits is an extension platform; unrelated LNbits extensions can introduce fiat rails or external payment providers. The score applies specifically to hardened deployments of LNbits + Nostr Market, not to the entire LNbits extension universe. Example of an extension listing Stripe/PayPal payment option types: lnbits/market.

Shopstr — Composite 91.5

A Nostr-native marketplace for Bitcoin commerce using Lightning and Cashu. Operates public marketplaces and supports permissionless commerce through Nostr-based identity and event distribution.

Repo: shopstr-eng/shopstr Site: shopstr.store Markets: shopstrmarkets.com Reference: No Bullshit Bitcoin
100
Monetary
85
Stack
92
Privacy
88
Trust
97
Nostr
88
Synth Risk
88
Maturity

What it is (verified)

  • GitHub: “A global, permissionless Nostr marketplace for Bitcoin commerce.” source
  • Site messaging: “Built on Nostr… Bitcoin native… secure transactions using Lightning and Cashu.” source
  • Third-party summary: “decentralized classifieds marketplace on Nostr using Lightning and Cashu.” source

Score rationale (criterion-by-criterion)

  • Monetary Purity (100): Lightning + Cashu are BTC-denominated; stablecoins are not framed as first-class in the product definition. source
  • Stack Sovereignty (85): self-hostable (GPL codebase), but a full webapp stack has higher operational complexity than static primitives source
  • Privacy (92): Nostr for identity and listings; Cashu offers strong off-chain privacy but shifts trust to mint selection (custodial at the mint layer).
  • Trust (88): platform is not designed as a custodian, but Cashu mint reliance introduces an external trust nucleus.
  • Nostr Nativeness (97): explicit “built on Nostr” identity and distribution posture source
  • Synthetic Risk (88): absence of stablecoin rails is a major positive; risk stems from canonical hosted markets and widely-used mints becoming coercion targets.
  • Maturity (88): active codebase and operational marketplaces source
Role in a hardened commerce stack
Nostr + Cashu-rich market fabric: strong for classifieds and distributed commerce, especially when deployed in local/regional instances that minimize global discovery metadata and use carefully chosen (or self-run) mints.
Notable adversarial caveat
Cashu improves privacy but introduces custodial trust at the mint layer. A hardened posture requires deliberate mint strategy and avoidance of “default global marketplace” behavior when metadata minimization is the priority.

Magic Webstore (ex-Superstore) — Composite 91.3

A CC0-licensed static Bitcoin webstore using “whisper addresses” for enhanced on-chain privacy. Entire store can be deployed as a static HTML/JS page; default Lightning flow is custodial via LNbits.

Repo: supertestnet/superstore Live: supertestnet.github.io/superstore Reference: No Bullshit Bitcoin
100
Monetary
100
Stack
91
Privacy
75
Trust
88
Nostr
90
Synth Risk
80
Maturity

What it is (verified)

  • GitHub README: “Superstore is now called Magic Webstore… whisper addresses… CC0-1.0” source
  • Live deployment exists as a static page source
  • Third-party note: default Lightning payments are custodial via LNbits source

Score rationale (criterion-by-criterion)

  • Monetary Purity (100): Bitcoin-only rails (on-chain + Lightning) with no stablecoin rails in scope.
  • Stack Sovereignty (100): static HTML/JS primitive; minimal dependencies; deployable in extremely constrained environments source
  • Privacy (91): whisper/rotating address strategy improves on-chain privacy; Nostr DMs handle order communications, avoiding centralized order databases.
  • Trust (75): default Lightning behavior is custodial via LNbits accounts; hardened deployment requires replacing or disabling the custodial default source
  • Nostr Nativeness (88): strong Nostr-based identity and messaging; not a canonical multi-merchant NIP-15 marketplace client in the same way as LNbits Nostr Market, Shopstr, or Plebeian.
  • Synthetic Risk (90): no stablecoins; risk is concentrated in the default custodial LNbits path and relay selection.
  • Maturity (80): functional and widely discussed; still closer to a powerful primitive than a large multi-team product.
Role in a hardened commerce stack
Atomic ghost-store primitive: ideal for single-merchant storefronts with minimal infrastructure, especially on-chain-only configurations. A hardened Lightning posture requires self-hosted LNbits or node wiring.
Notable adversarial caveat
Default Lightning setup is custodial; this is a direct tradeoff for frictionless onboarding. The score reflects this default custody risk.

Plebeian Market — Composite 85.5

A Nostr-native marketplace implementing NIP-15 stalls and enabling multi-stall shopping carts. Current payment narrative includes a “ricochet” flow involving an Alby wallet.

Repo (new app): PlebeianTech/plebeian.market Repo (old impl): PlebeianApp/plebeian-market-old Reference: No Bullshit Bitcoin v0.0.1 Alby listing: getalby.com/discover
100
Monetary
80
Stack
88
Privacy
72
Trust
97
Nostr
70
Synth Risk
88
Maturity

What it is (verified)

  • NIP-15 compliant marketplace (“100% on Nostr & NIP-15 compliant”) source
  • “Payments will ricochet off Plebeian Market’s Alby wallet directly to the seller’s LN wallet” source
  • New app repo explicitly labeled WIP (self-hostable development workflow) source

Score rationale (criterion-by-criterion)

  • Monetary Purity (100): Bitcoin/Lightning-only settlement framing (no stablecoin rails described in the cited flow).
  • Stack Sovereignty (80): open source and self-hostable, but current public usage patterns center on a canonical instance and a hub-like payment flow.
  • Privacy (88): Nostr-based identity + stalls reduce platform siloing; the Alby-linked ricochet introduces additional payment metadata surfaces.
  • Trust (72): the Alby hop places an intermediary in the settlement path, raising custody and censorship leverage even if designed to be transient. source
  • Nostr Nativeness (97): strong NIP-15 positioning and market participation.
  • Synthetic Risk (70): dependency on Alby-linked payment routing in the described flow increases exposure to hub/service coercion. Alby’s “Discover” page lists Plebeian Market as an app integration: getalby.com/discover.
  • Maturity (88): multi-year project history with continuing development (old implementation + new app rewrite).
Role in a hardened commerce stack
Strong NIP-15 marketplace client; best treated as a candidate to fork and harden by removing hub-dependent payment steps. In its described payment flow, it belongs outside the most hardened core.
Notable adversarial caveat
The documented “ricochet off Alby wallet” payment flow is the primary reason for the low trust and synthetic-risk scores. A materially different deployment architecture would require re-scoring.

Conduit Market — Composite 72.9

A Nostr-powered commerce hub emphasizing direct merchant relationships and non-custodial posture, while explicitly offering settlement in BTC, USDT, or ecash.

Site: conduit.market
40
Monetary
75
Stack
88
Privacy
90
Trust
95
Nostr
50
Synth Risk
85
Maturity

What it is (verified)

  • Conduit’s primary positioning explicitly includes stablecoins: “get paid instantly in BTC, USDT, or ecash” source

Score rationale (criterion-by-criterion)

  • Monetary Purity (40): USDT is first-class in the “core offer,” materially diluting Bitcoin-only purity. source
  • Stack Sovereignty (75): Nostr-native posture, but the product framing is platform-like (demo/waitlist) and multi-rail, implying heavier operational dependence.
  • Privacy (88): direct merchant relationship framing; still a commerce hub that may centralize discovery metadata in practice.
  • Trust (90): non-custodial posture is emphasized; settlement can be direct to merchant wallets (the score remains high despite monetary purity penalties).
  • Nostr Nativeness (95): explicitly Nostr-powered marketplace identity and discovery posture. source
  • Synthetic Risk (50): stablecoin settlement is a direct bridge into regulated/surveilled rails, creating leverage and capture vectors.
  • Maturity (85): live public site and coherent product framing; not a minimal primitive.
Role in a hardened commerce stack
Perimeter bridge layer: useful for interfacing with multi-asset settlement assumptions, but not suitable as a Bitcoin-only core stack component. The stablecoin-first-class posture is the determining penalty.
Notable adversarial caveat
A purely “Bitcoin-only mode” (if it existed as a supported, documented deployment profile) would materially change the Monetary Purity and Synthetic Risk scores. The scoring reflects the explicit BTC+USDT+ecash product definition.

5) Synthesis — How the Stacks Fit Together

The ranking reflects “best overall composite,” but a hardened ecosystem benefits from a layered composition: heavy engines, market fabrics, and minimal primitives operating at different layers of risk and dependency.

Core engine

LNbits + Nostr Market functions as a canonical heavy marketplace engine when self-hosted and deployed with Tor/WSS posture. Reference deployment guidance: DarthCoin guide.

Market fabric

Shopstr provides a Nostr classifieds fabric using Lightning + Cashu; strong for distributed commerce, with trust concentrated in mint selection and hosted-market clustering. Core definition: Shopstr repo.

Atomic primitive

Magic Webstore is a minimal, CC0 static storefront primitive with whisper-address design for on-chain privacy. Default custodial Lightning is the principal penalty. Repo: supertestnet/superstore.

Why Shopstr and Magic Webstore are nearly tied:
Shopstr wins on non-custodial settlement posture and marketplace depth; Magic Webstore wins on collapse-resilience and minimalism. The deciding factor is whether default Lightning custody is acceptable in the primitive layer.
Why Conduit is last:
Conduit explicitly includes USDT as first-class settlement. Under a Bitcoin-only sovereignty lens, stablecoin rails constitute a hard boundary, regardless of non-custodial posture. Source: conduit.market.