How a vendor earns its spot.
A directory is only as good as the bar it holds. Anyone can scrape a list of “Bitcoin” accounts. The point of this one is that a human actually checked each entry against the rules below before it went live — and re-checks them on a schedule. Here is the entire process, unedited.
1. Sells forBitcoin — not just Bitcoin-themed
The inclusion test is “you can pay this vendor in Bitcoin for a real, physical good or service,” not “this brand has an orange logo.” A shop that sells Bitcoin-motif merch but only takes fiat at checkout is a different thing than a shop that takes sats. When a vendor is clearly themed but on-site acceptance can't be confirmed, the listing says exactly that rather than implying more than is known.
2. Identity is verified, not assumed
- Nostr· the vendor's
npubis decoded and their published profile (kind:0 metadata) is fetched from multiple relays and cryptographically signature-verified (BIP-340 Schnorr) before a single field is trusted. Relays are untrusted infrastructure; a signature is not. - Lightning · any Lightning Address is shape-validated, and when a vendor publishes a signed
lud16it's cross-checked against what was submitted. - X · the linked profile is spot-checked by a human (there is no reliable public X activity API, so this is deliberate manual review, not an automated guess).
3. Claims are corroborated, never inferred
Submitted details are checked against the vendor's own signed profile and live site. A description, Lightning address, or website is only recorded when it's high-confidence and sourced — matching the vendor's signed metadata or stated plainly on their own site. Nothing is fabricated or guessed to fill a field; an unknown stays unknown. Marketing copy is rewritten into a short factual description.
4. Outbound links are HTTPS-only
Every website and image URL must be https://. A plaintext outbound link is a mixed-content downgrade, is MITM-tamperable, and leaks a visitor's IP to an unauthenticated origin — a commit-time validator rejects anything that isn't HTTPS so it can never reach a card.
5. A human approves every entry
There is no auto-add. Public submissions land in a moderation queue (with spam/honeypot filtering); a human reviews each one, runs the schema validator, and only then does it reach the public list. Approval is a deliberate decision, not a default.
6. It stays fresh
Every card shows the date the vendor was last confirmed, and entries past the staleness window are flagged for re-verification on a roughly quarterly sweep. Nostr vendors that go silent for an extended period are automatically hidden from the default views and automatically restored when they're active again — so a shared link never breaks, but a quiet shop doesn't sit at the top looking active.
7. What this is not
It is not an endorsement, a guarantee, or financial advice — it's a curated starting point. Verification reduces risk; it doesn't remove it. Always do your own due diligence before transacting, and tell us if something looks off.
Think a shop belongs here? It'll go through exactly the above. Submit a vendor. More about the project on the about page.