Re: Reminder: zero-conf is not safe; $1000USD reward posted for replace-by-fee patch
I'm not intending this as a point for or against this patch, but I reading this set me wondering how many of the other assumptions we'd normally make about Bitcoin would still hold given this (fairly reasonable-sounding) idea that a majority of miners will be acting purely out of economic self-interest, regardless of damage they might do to the Bitcoin ecosystem.
One assumption that immediately falls is the idea that Bitcoins are censorship-resistant. If miners are all acting in their own rational self-interest, I can pay miners to blacklist transactions coming from your address. If you tried to spend, I'd tip any miner who creates a block that doesn't include them at a higher rate than their fee. If they do manage to get into a block, I can (for a greater cost) also tip people for ignoring that block and building on another one.
If I'm trying to do this on a large scale - say I'm the DEA trying to interfere with the flow of money to drug smugglers - I can keep that taint going on all the way down the chain through future spends, so that once you take money from a drug smuggler, that money will be forever less valuable than other money. If you don't want to receive dud money that's hard to spend, you're going to have to check for the taint as well. I can run a convenient web service so that you can check for black-lists, and also white-lists of people who have confirmed their identity with me so you can be sure I won't bribe people to taint their coins. Hey presto, everybody is cooperating with me to do AML checks...
This wouldn't fly now because miners are
a) Decent people, not purely rational economic actors.
b) Fairly [shock horror] centralized, which makes them resistant to a Tragedy of the Commons. BTC Guild and Slush won't cooperate with my evil scheme for fear of damaging the future of Bitcoin, which costs them more in the long run.
One assumption that immediately falls is the idea that Bitcoins are censorship-resistant. If miners are all acting in their own rational self-interest, I can pay miners to blacklist transactions coming from your address. If you tried to spend, I'd tip any miner who creates a block that doesn't include them at a higher rate than their fee. If they do manage to get into a block, I can (for a greater cost) also tip people for ignoring that block and building on another one.
If I'm trying to do this on a large scale - say I'm the DEA trying to interfere with the flow of money to drug smugglers - I can keep that taint going on all the way down the chain through future spends, so that once you take money from a drug smuggler, that money will be forever less valuable than other money. If you don't want to receive dud money that's hard to spend, you're going to have to check for the taint as well. I can run a convenient web service so that you can check for black-lists, and also white-lists of people who have confirmed their identity with me so you can be sure I won't bribe people to taint their coins. Hey presto, everybody is cooperating with me to do AML checks...
This wouldn't fly now because miners are
a) Decent people, not purely rational economic actors.
b) Fairly [shock horror] centralized, which makes them resistant to a Tragedy of the Commons. BTC Guild and Slush won't cooperate with my evil scheme for fear of damaging the future of Bitcoin, which costs them more in the long run.
You do bring up some interesting context. And I will spend some time thinking about it. But I wholly dispute this statement:
Quote
..regardless of damage they might do to the Bitcoin ecosystem
Replacing unconfirmed transactions doesn't do harm to the Bitcoin ecosystem. It's how the system operates. We're not "removing" security, it was never there to begin with. The success of Bitcoin never depended on it, in any way. We're just guaranteeing that no one is ever misled about that aspect of the system.
Also, your comment about blacklisting is really not the same at all (nor feasible). Zero-conf replacement requires only a few miners to participate for it to make zero-conf transactions pretty much useless in zero-trust transactions. That's not the same as blacklisting, which needs 100% miner participation to work. Or rather, I only need a few miners to agree to mine my transaction for it to be eventually accepted. And convincing miners to not mine the top block is going to cost you a $#!+load of money...every 10 minutes...forever.
Your point is not lost on me, I just didn't like your specific examples
