I've been heads-down working on shipping Miniscript in Nunchuk. I look up three months later, and people are STILL debating mempool filters. 😀

Since we have a moment before our next major release, I’ll jot down my thoughts on the matter.

Disclaimer: I have no horse in this race. I don't think keeping the current OP_RETURN limit or raising it will have a material impact. My only interest is the truth and what's best for Bitcoin. Interestingly, I disagree with both sides of the debate (the so-called "spammers" and the "filterers") for reasons I'll explain below.

Let’s first establish some ground truths:

1. Proof-of-Work is more special than you think.

History is filled with rulers who debased their currencies—the original "Proof-of-Stake" systems. Yet, historical PoW money (gold) always prevailed. People in ancient Rome and Confucian China alike knew gold was valuable. This is distilled wisdom, passed down through diverse cultures. Our ancestors have an intuitive understanding of PoW, despite not knowing PoW is (unforgeable costliness). It is the most objective truth we have, independent of language or belief system. Everything else is fake in comparison. The JPEG peddlers don't fully grasp PoW's economic implications, and the filterers gravely underestimate its power as the ultimate filter.

2. Monetary transactions have a higher economic density than data transactions.

A monetary transaction moves value (V) for a fee (F). A data transaction moves value (V) plus some perceived data premium (D1​) for a fee (F) plus an extra fee for the data payload (D2​).

Thus, the fee rate for a monetary transaction is F / V.

The fee rate for a data transaction is (F+D2​) / (V+D1​).

In the long run, the on-chain data premium (D1​) trends toward zero, except for a few special truly non-fungible, rare sats (not artificially rare). As this happens, monetary transactions become vastly more economically efficient and will inevitably outcompete data transactions for block space.

3. Relying on data alone to prove a positive is a logical fallacy.

Data can help formulate a hypothesis, but that hypothesis is fragile. It only takes one contradictory data point to destroy it. For instance, I've seen the argument: "Our OP_RETURN filter must be working, otherwise why would there be significantly more transactions with under 80 bytes of data than over 80 bytes?"

This logic is trivially debunked. For 16 years, we rarely saw transactions paying less than 1 sat/vB, a long-standing mempool policy. One could have concluded the policy was an iron law. Yet, in just a few months, 0.1 sat/vB transactions have become common despite 99% of nodes still enforcing the old policies, proving the policy was a transient heuristic, not a fundamental truth. It works until it doesn't.

Here’s another analogy: A society that lives next to a volcano for a thousand years without an eruption might theorize that fire can never fall from the sky. That theory, based on a millennium of "data," will one day get them killed. Data is insufficient without being coupled with first-principles analysis.

Now, for my opinions:

I strongly believe that any non-PoW-based method to filter spam, which must rely on subjectivity and "rough social consensus," is doomed to fail. Worse, it has a centralizing effect, mirroring the dynamics of Proof-of-Stake. This "social consensus" filtering is just PoS by another name. We've seen this cat-and-mouse movie too many times, especially during the internet's evolution (see: email, SMS, DNS, social media).

Email is the perfect case study. It demonstrates two things: (a) The cat-and-mouse game of subjective filtering inevitably leads to extreme centralization. (b) Bitcoin is luckier than email because it has a built-in spam-mitigation tool: transaction fees.

The cost-benefit analysis for email spam is that it's nearly costless to send, so a 0.001% success rate is a win. All costs are externalized to the network and its users. The cost-benefit for on-chain JPEGs is the opposite: one must pay a higher fee rate per unit of economic value transferred. This cost is internalized by the "spammer" (with some long-term storage costs borne by the network). Therefore, on-chain JPEG spam is inherently not sustainable. Email spam is.

Furthermore, concerns about short-term consequences or chain "bloat" are sufficiently mitigated by the existing blocksize limit. The worst-case scenario is a linear chain growth of 100-200 GB per year. In the grand scheme, this is perfectly acceptable, as the falling cost of storage continues to follow Moore's Law, making this a manageable and decreasing burden over time.

Ultimately, this all comes down to one thing: PoW is the only objective, incorruptible mechanism for separating signal from noise in the digital realm. Chasing a non-PoW filtering method is like chasing a perpetual motion machine, a utopia that defies physics. PoW is about understanding the world and its constraints through the lens of physics. It's the highest signal of truth because it's literally built on the undisputed currency of the universe: energy. Everything that isn't grounded in this way is a pale imitation. Bitcoin's PoW mechanism is a beautiful, profound emulation of the cosmic process that forges gold from energy (neutron star collision). It connects digital truth to physical reality. To truly appreciate Bitcoin is to appreciate this fundamental connection. It's a special, almost sacred, principle, and I believe it's the one that matters most.

What's ironic is that while we debate, the economic reality I described is already playing out. All past and current attempts at selling on-chain JPEGs have fizzled out or are in the process of doing so as people wise up to their true worth. At this rate, people will spend more time talking about filtering JPEGs than the JPEGs themselves will remain relevant.

Spending time debating JPEGs when the mempool is near empty, fee rates at historical low, and people flocking to paper Bitcoin is an inefficient allocation of time and resources.

Believe in PoW. Let's focus on the real fight: making self-custody safe and accessible for everyone. That means working on things like Miniscript, MuSig2, and FROST, more hardware signers and form factors/UX, and education. We must dispel the myth that self-custody is impossible for the average user. Turning as many people as possible into sovereign individuals. That is the real fight.

🫡 Hope all is well bro.

Bitcoin taught us that the only sustainable way to filter “spam” is Proof-of-Work. Look at all the communication protocols (SMS, email, etc.) being slowly destroyed without a PoW mechanism. Look at all the PoS “L1 blockchains” that sprang up and died, or are dying. Look at the reCAPTCHA mechanism, which works only because it’s a PoW variant—albeit an impure one; Bitcoin PoW is the purest since it’s backed by quantifiable energy expenditure.

I don’t think even Bitcoiners have internalized this lesson well enough.

Using SOFTWARE ALONE to fight “spam”, to separate signal from noise, is a losing proposition. That’s the biggest lesson of Nakamoto Consensus. Proof-of-Work is a true innovation that underpins the whole network.

JPEGs on the blockchain are not a long-term problem because they inherently lack PoW. Just because you call a JPEG-attached sat “rare” under arbitrary rules, doesn’t mean it’s actually rare. It’s fake scarcity. Fake scarcity is not PoW. One sat will always equal one sat for 99.99% of sats. You only waste transaction fees by playing pretend that 1 sat > 1 sat. That’s not sustainable. The only reason inscriptions have any relevance is because of the market being temporarily irrational, and people chasing pumps and dumps for quick gains.

You can call out the hype, but Bitcoin has much bigger fish to fry. JPEGs are pure distractions. Don’t get lost in the distractions.

I don’t think people fully grok the risk of KYC in Bitcoin.

KYC honeypots & data leaks are already dangerous in the analog world. But zoom out and fast-forward 20 years into a hyper-digitized, hyper-bitcoinized future, and that risk 10x’s.

In the analog, pre-hyperbitcoinized world, if someone gets your family’s name, SSN, and address, what’s the worst the can happen?

Maybe they impersonate you. Maybe they sell your data to ad companies.

It’s bad, but not end-of-the-world bad.

But with Bitcoin — a digital bearer asset — it’s different.

Once someone knows your family holds a large stack, you’re a forever target.

You don’t get spammed. You get hunted.

By North Korean hacker teams and ransomware crews from every corner of the world. Forever.

You do not want a target on your family’s back for eternity.

Zoom out & think long-term. KYC isn’t just a risk. It’s a ticking time bomb.

P.S. Some historical context: KYC was invented before the Internet.

Not only has it failed its objectives, its creators NEVER anticipated a world shaped by the Internet & Bitcoin.

The ramifications of this outdated policy will be insane in the years to come. A lot of people will get hurt.

nostr:note1g2rhxjnygvtaa8g2j5acl85akuscyk9lc6gqcq7fwzv77rst5mjqs52y54

Friends don’t let friends use browser-based wallets.

Agreed.

Self-custody is the cornerstone of Bitcoin. The day self-custody dies, Bitcoin dies with it.

Nunchuk is fully committed to improving free self-custody tools—it’s 1000x more important than our paid services.

Principle over money. nostr:note1lw30vds9um9j3p6qp8fmds67ay9tmu2r0qkta3v3zfas5ljadgvswnm06e

When the Internet was invented, everyone thought it would democratize knowledge. Fast forward 30 years, it got so incredibly centralized and censored that it took one man buying Twitter to (hopefully) save it from itself.

What’s the equivalent of that threat in Bitcoin?

We either continually set and pursue higher goals, or we regress and die mentally. That’s the essence of the saying ‘most people die at 25.’

What I’ve learned is that there’s no in-between. Retirement is a false dream. Stasis is death.

🚫 Do NOT use a hot wallet (mobile or desktop) for main Bitcoin savings

✅ Do use a phone as a watch-only wallet coordinator for distributed multisig for Bitcoin savings — get a second, dedicated phone for this purpose. nostr:note1p09trq9se6ucfyjy6j5ehzdftzppj7axhvaeku5026zlleln8hhqwaupal

I don’t. That’s probably why.

Why do some Nostr posts/comments show up on Primal but not Damus (and vice versa)? Relay issue? 🤔

In a perfect world, I’d agree with you.

But we don’t live in one. I mean take the entire defense industry for example. Many weapons, offensive or defensive, are speculative in nature: you don’t know how effective they are until they’re actually used in a war zone.

I’m more optimistic on decoy wallets. Of cos they don’t address all types of attacks (no security feature ever does), but one can easily imagine how they can be useful *at least* in the case of non-targeted attacks, which will probably become more common when Bitcoin goes mainstream. It will not be unusual for a random person on the street to own Bitcoin.

The anecdote you cited about one victim refusing to give up anything and telling the attackers to shoot her: she might very well got lucky - she could’ve ended up dead.

At the end of the day, stories/anecdotes are just that. They don’t have predictive power. We don’t have substantial data on how many users have used decoy wallets, and how many have used it successfully or unsuccessfully.

TL;DR: Decoy wallets are just one tool in a large toolset. Writing them off based on a few data points seems a bit premature IMO.

“The majority is not always right” is true for normies but also true for Bitcoiners.

Bitcoiners got many things right, but many things wrong as well. For examples:

1/ Believe in S2F nonsense

2/ Obsessed with scaling payments use case when the killer use case is SoV

3/ Avoid phones for main savings nostr:note1p09trq9se6ucfyjy6j5ehzdftzppj7axhvaeku5026zlleln8hhqwaupal

Insisting on using desktops for Bitcoin savings is like clinging to mainframes in the era of cloud or sticking with search engines in the age of Gen AI. nostr:note1p09trq9se6ucfyjy6j5ehzdftzppj7axhvaeku5026zlleln8hhqwaupal

> main savings account should be on a separate device from teh one you carry around

That’s exactly what I said. Reread point 2. Not sure what you’re disagreeing about.

> multisig is not going to help for hot storage

I’m NOT discussing hot spending wallets, I’m talking about main savings. (So your LN example also isn’t relevant here).

That’s what I said. The phone (or desktop) should be a watch-only interface.

P.S. Nunchuk ships both mobile and desktop apps, but IMO mobile is the future of Bitcoin self-custody.

People who say “don’t use phones for your main Bitcoin savings” never make sense to me.

1/ Security matters: Phones have a much smaller attack surface and are designed with security in mind, unlike desktops burdened with legacy software and hardware. What's easier to crack—a Windows machine or an iPhone?

2/ Dedicated devices: If you're concerned about your main phone being out and about too much, get a second, dedicated phone for your savings. You should also use a dedicated desktop if you're truly serious about security. Avoiding phones but using a non-dedicated desktop filled with software means you don’t care about security as much as you think you do.

3/ Use multisig: If you set your wallet up properly, the phone should hold no private keys—only a watch-only interface. The wallet interface should be the *least* of your worries. Distributed multisig keys are your main defense. Focus your energy on securing the actual keys.

4/ Use a decoy wallet: If you can’t get a second phone, use a decoy wallet. You can use a decoy wallet even if you have a dedicated phone.

So don’t take bad advice, even from Bitcoiners. Think from first principles.

Don’t be stuck in the 20th century. DO use phones for your main Bitcoin savings.

Key quote regarding Yubikey vulnerability: "We estimate that *the vulnerability exists for more than 14 years* in Infineon top secure chips."

32 million Yubikey units have been sold.

Multi-vendor multisig is the only rational setup for your BTC savings.

https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

There’s something satisfying about Nostr feeds being deterministic: if you sign in on different Nostr clients or different devices, you most likely will get the same exact feed for a given moment of the day. It’s true even for different moments of the day: if you scroll long enough you will encounter the old set of posts, minus a few new ones for the last X hours.

It’s satisfying because you know the feed is not gamed. That this is the raw, unmanipulated experience. Unlike something like X which increasingly show you garbage that plays on our worst instincts.

On the other hand, once the amount of content on Nostr blows up, some filters will likely be needed. It’d be cool if you can craft your own feed algorithms based on a human-readable language, or a set of commonly-defined control knobs. Something like:

1. Prioritizes posts from people I regularly interact with (with weights I can go in and adjust)

2. Prioritizes posts that have some minimum number of likes/comments from the people I follow

3. For freshness: Occasionally surface posts from accounts from my extended network (friends of friends), provided that they pass some level of quality control (e.g. account older than Y months, minimum likes, etc.).

And you can keep finetuning your algorithms as you go along. Have a few that you quickly switch between. Share your algorithms with others, etc.

Anti-exfil techniques spill engineering challenges into the user space. They also add a new dependency on the wallet coordinator to perform security-sensitivity tasks.

Tasks which they are not well suited for.

How can you even verify that the coordinator will be able to provide good entropy? You can’t.

So there’s also this hidden danger of using anti-exfil with singlesig with a coordinator running in unsafe environments, and THINK you’re safe, but you’re not. Turtles all the way down.

Just use multisig and be happy.