Replying to Avatar calle

This is a long post that hopefully bridges some gaps between technical people (devs) and non-technical users and how they look at spam prevention in Bitcoin. I hope that it clarifies why I think that there is such a huge misunderstanding between both camps.

I'll preface this post with first disqualifying any malicious attempts to misrepresent the motives of either camp. Everybody wants to improve Bitcoin as money. Money is Bitcoin's use case. It's not a data storage system. If you think otherwise, there are countless shitcoins to play with.

Alright, let's get into it.

I have worked on anonymous systems for over a decade. I have read tons of research on spam detection, rate-limiting, and I've implemented spam prevention techniques in the real world.

I am very confident to say that there is not a single known method to prevent spam in decentralized anonymous open networks other than proof of work.

This is what Satoshi realized when he designed Bitcoin and it's why only transaction fees can reliably fight spam without sacrificing any of Bitcoin's properties.

Let me explain.

Spam prevention is a cat and mouse game. As a system's architect, your goal is to make the life of a spammer harder (increase the friction). This is why, on the web, you see captchas, sign-ups, or anything that can artificially slow you down. Slowing down is key. This is why Satoshi turned to proof of work.

Let's contrast this to other methods for spam prevention. This is not an exhaustive list but it illustrates the design space of this problem, other methods are often derivatives of these:

CAPTCHAS are a centralized form of proof of work for humans: Google's servers give you a hard-to-solve task (select all bicycles) that will slow you down so that you can't bombard a website with millions of requests. It requires centralization: you need to prove Google that you're human so that you can use another website. If you could host your own CAPTCHA service, why would anyone believe you're not cheating?

LOGINS with email and passwords are most popular way to slow down users. Before you can sign up, you need to get an email address, and to get an email address, you often need a phone number today. The purpose of this is, again, to slow you down (and to track you to be honest). It only works well when emails are hard to get, i.e. in a centralized web where Google controls how hard it is to get an email account. If you could easily use your own email server, why would anyone believe you're not a bot?

The next one is the most relevant to Bitcoin:

AD BLOCK FILTERS are another form of spam prevention but this time the roles are reversed: you as a user fight against the spam from websites and advertising companies trying to invade your brain. Ad blocking works only under certain conditions: First you need to be able to "spell out" what the spam looks like, i.e. what the filter should filter out. Second, you need to update your filters every time someone circumvents them. Have you ever installed a youtube ad blocker and then noticed that it stops working after a few weeks? That's because you're playing cat-and-mouse with youtube. You block, they circumvent, you update your filters, repeat.

The fact that you need to update your filters is critical and that's where it ties back to Bitcoin: Suppose you have a mempool filter for transactions with a locktime of 21 because some stupid NFT project uses that. You maybe slow them down for a few weeks, but then they notice it and change their locktime to 22. You're back at zero, the spam filter doesn't work anymore. What do you do?

You update your filter! But where do you get your new filter from? You need a governing body, or some centralized entity that keeps updating these filters and you need to download their new rules every single day. That's what ad blockers in your web browser do. They trust a centralized authority to know what's best for you, and blindly accept their new filters. Every single day.

I hope you see the issue here. Nobody should even consider this idea of constantly updating filter rules in Bitcoin. This would give the filter providers a concerning level of power and trust. It would turn Bitcoin into a centrally planned system, the opposite of what makes Bitcoin special.

This is why filters do not work for decentralized anonymous systems. They require a central authority. Until now, these rules were determined by Bitcoin Core, but they have realized that these rules do not work anymore. Transactions bypass the filters easily and at some point, carrying them around became a burden to the node runners themselves. Imagine you're using an outdated ad blocker but instead of filtering out ads, it now also filters out legitimate content you might be interested in. That's what mempool filters do, and that's why Bitcoin Core is slowly relaxing these filters. This has been discussed for over two years, it's not a sudden decision.

The goal of this change is not to help transactions to slip through more easily. The goal is to improve your node's prediction of what is going to be in the next block. Most people misrepresent this part. They say "it's to turn Bitcoin into a shitcoin" but that is just a false statement at best, or a manipulation tactic at worst.

Let's tie it back to proof of work and why fees are the actual filter that keeps Bitcoin secure and prevents spam reasonably well: Satoshi realized that there is no technique that could slow down block production and prevent denial of service attacks in a decentralized system other than proof of work. Fees prevent you from filling blocks with an infinite number of transactions. All the other options would introduce some form of trust or open the door for censorship – nothing works other than proof of work.

He was smart enough to design a system where the proof of work that goes into block production is "minted" into the monetary unit of the system itself: You spend energy, you get sats (mining). This slows down block production. How do you slow down transactions within those blocks? You spend the sats themselves, original earned form block production, as fees for the transactions within the block!

This idea is truly genius and it's the only reason why Bitcoin can exist. All other attempts of creating decentralized money have failed to solve this step. Think about it: without knowing who you are, whether you're one person pretending to be a thousand, or a thousand people pretending to be one. Bitcoin defends itself (and anyone who runs nodes in the Bitcoin system) from spam by making you pay for your activity.

People sometimes counter this by saying: the economic demand for decentralized data storage is higher than the monetary use case. First of all, I think that's just wrong. There are way cheaper ways to store data (there are shitcoins for this), and the value of having decentralized neutral internet money is beyond comparison.

However, there's a much deeper concern here. If you truly believe this, I ask you: what is Bitcoin worth to you? If you think Bitcoin can't succeed as money (i.e. be competitive), why do you even care? If you're not willing to pay fees for the use case that we all believe Bitcoin is designed for (money), and you believe that no one is willing to pay for it, how can it even persist into the future?

You can't have it all. If Bitcoin is money (which I believe it is), then we need to pay the price to keep it alive. There is no free lunch.

Either we centralize, or we pay the price of decentralization. I know where I stand.

Peace.
Avatar
Benking 3mo ago

People keep underestimating how fundamental PoW and fee-based friction are to Bitcoin’s resilience. Any attempt to introduce filter rules or heuristics inevitably drifts toward centralization and soft censorship. What makes Bitcoin unique is exactly that it doesn’t rely on trusted third parties to “decide” what is spam. Fees + PoW are the only neutral and sustainable mechanisms we have, and relaxing arbitrary mempool filters is a step in the right direction.

Reply to this note

Please Login to reply.

Discussion

Avatar
Benking 3mo ago

A data-size limit is just a technical boundary to prevent spam and keep the network stable, it doesn’t interfere with who gets to move money. Censorship happens only when a valid financial transaction is deliberately ignored or dropped. Mixing the two is less of a logical argument and more of a play on words.

Avatar
epsql 3mo ago

I agree with you on proof of work and fees being the ultimate arbiters of what gets into the chain, but I don't understand your point on censorship: you're arguing for Core 30 as if the debate centered around introducing OP_RETURN limits instead of removing them.

What parties exactly have been damaged since the existence of the 80 bytes OP_RETURN limit?

Avatar
Benking 3mo ago

The 80-byte OP_RETURN limit hasn’t really “damaged” anyone in a meaningful sense. It’s just been a long-standing policy boundary that shaped how people used the field. If a use case truly needed more space, it could (and did) migrate to off-chain solutions or use alternative encoding schemes. Nobody’s monetary transaction got excluded because of it. That’s why calling it censorship feels misplaced, it was never about blocking valid payments, just about keeping arbitrary data storage from bloating the chain.

Avatar
epsql 3mo ago

I agree in principle, yet something feels off with the way ordinals have been handled. If Core really had the prevention of the UTXO bloat set in mind from the beginning, why not remove the OP_RETURN limit in 2023?

Avatar
Benking 3mo ago

Exactly, that point makes sense. It seems the OP_RETURN limit was mainly a gradual policy to control spam and protect network stability, rather than a direct tool to prevent ordinals. If the real goal was to avoid UTXO bloat, removing the limit could have been done much earlier without issues. Most likely, Core considered potential unknown risks and security implications as well.

Avatar
David Cavan Fraser 3mo ago

The only thing being “introduced” is a relaxation of the already existing op return. The onus is on the people proposing the change to explain clearly why it’s necessary. Until then I’m not updating