Nostr Web Client

This is a long post that hopefully bridges some gaps between technical people (devs) and non-technical users and how they look at spam prevention in Bitcoin. I hope that it clarifies why I think that there is such a huge misunderstanding between both camps.

I'll preface this post with first disqualifying any malicious attempts to misrepresent the motives of either camp. Everybody wants to improve Bitcoin as money. Money is Bitcoin's use case. It's not a data storage system. If you think otherwise, there are countless shitcoins to play with.

Alright, let's get into it.

I have worked on anonymous systems for over a decade. I have read tons of research on spam detection, rate-limiting, and I've implemented spam prevention techniques in the real world.

I am very confident to say that there is not a single known method to prevent spam in decentralized anonymous open networks other than proof of work.

This is what Satoshi realized when he designed Bitcoin and it's why only transaction fees can reliably fight spam without sacrificing any of Bitcoin's properties.

Let me explain.

Spam prevention is a cat and mouse game. As a system's architect, your goal is to make the life of a spammer harder (increase the friction). This is why, on the web, you see captchas, sign-ups, or anything that can artificially slow you down. Slowing down is key. This is why Satoshi turned to proof of work.

Let's contrast this to other methods for spam prevention. This is not an exhaustive list but it illustrates the design space of this problem, other methods are often derivatives of these:

CAPTCHAS are a centralized form of proof of work for humans: Google's servers give you a hard-to-solve task (select all bicycles) that will slow you down so that you can't bombard a website with millions of requests. It requires centralization: you need to prove Google that you're human so that you can use another website. If you could host your own CAPTCHA service, why would anyone believe you're not cheating?

LOGINS with email and passwords are most popular way to slow down users. Before you can sign up, you need to get an email address, and to get an email address, you often need a phone number today. The purpose of this is, again, to slow you down (and to track you to be honest). It only works well when emails are hard to get, i.e. in a centralized web where Google controls how hard it is to get an email account. If you could easily use your own email server, why would anyone believe you're not a bot?

The next one is the most relevant to Bitcoin:

AD BLOCK FILTERS are another form of spam prevention but this time the roles are reversed: you as a user fight against the spam from websites and advertising companies trying to invade your brain. Ad blocking works only under certain conditions: First you need to be able to "spell out" what the spam looks like, i.e. what the filter should filter out. Second, you need to update your filters every time someone circumvents them. Have you ever installed a youtube ad blocker and then noticed that it stops working after a few weeks? That's because you're playing cat-and-mouse with youtube. You block, they circumvent, you update your filters, repeat.

The fact that you need to update your filters is critical and that's where it ties back to Bitcoin: Suppose you have a mempool filter for transactions with a locktime of 21 because some stupid NFT project uses that. You maybe slow them down for a few weeks, but then they notice it and change their locktime to 22. You're back at zero, the spam filter doesn't work anymore. What do you do?

You update your filter! But where do you get your new filter from? You need a governing body, or some centralized entity that keeps updating these filters and you need to download their new rules every single day. That's what ad blockers in your web browser do. They trust a centralized authority to know what's best for you, and blindly accept their new filters. Every single day.

I hope you see the issue here. Nobody should even consider this idea of constantly updating filter rules in Bitcoin. This would give the filter providers a concerning level of power and trust. It would turn Bitcoin into a centrally planned system, the opposite of what makes Bitcoin special.

This is why filters do not work for decentralized anonymous systems. They require a central authority. Until now, these rules were determined by Bitcoin Core, but they have realized that these rules do not work anymore. Transactions bypass the filters easily and at some point, carrying them around became a burden to the node runners themselves. Imagine you're using an outdated ad blocker but instead of filtering out ads, it now also filters out legitimate content you might be interested in. That's what mempool filters do, and that's why Bitcoin Core is slowly relaxing these filters. This has been discussed for over two years, it's not a sudden decision.

The goal of this change is not to help transactions to slip through more easily. The goal is to improve your node's prediction of what is going to be in the next block. Most people misrepresent this part. They say "it's to turn Bitcoin into a shitcoin" but that is just a false statement at best, or a manipulation tactic at worst.

Let's tie it back to proof of work and why fees are the actual filter that keeps Bitcoin secure and prevents spam reasonably well: Satoshi realized that there is no technique that could slow down block production and prevent denial of service attacks in a decentralized system other than proof of work. Fees prevent you from filling blocks with an infinite number of transactions. All the other options would introduce some form of trust or open the door for censorship – nothing works other than proof of work.

He was smart enough to design a system where the proof of work that goes into block production is "minted" into the monetary unit of the system itself: You spend energy, you get sats (mining). This slows down block production. How do you slow down transactions within those blocks? You spend the sats themselves, original earned form block production, as fees for the transactions within the block!

This idea is truly genius and it's the only reason why Bitcoin can exist. All other attempts of creating decentralized money have failed to solve this step. Think about it: without knowing who you are, whether you're one person pretending to be a thousand, or a thousand people pretending to be one. Bitcoin defends itself (and anyone who runs nodes in the Bitcoin system) from spam by making you pay for your activity.

People sometimes counter this by saying: the economic demand for decentralized data storage is higher than the monetary use case. First of all, I think that's just wrong. There are way cheaper ways to store data (there are shitcoins for this), and the value of having decentralized neutral internet money is beyond comparison.

However, there's a much deeper concern here. If you truly believe this, I ask you: what is Bitcoin worth to you? If you think Bitcoin can't succeed as money (i.e. be competitive), why do you even care? If you're not willing to pay fees for the use case that we all believe Bitcoin is designed for (money), and you believe that no one is willing to pay for it, how can it even persist into the future?

You can't have it all. If Bitcoin is money (which I believe it is), then we need to pay the price to keep it alive. There is no free lunch.

Either we centralize, or we pay the price of decentralization. I know where I stand.

Peace.