What is Nostr?
Daniel Lipshitz [ARCHIVE] /
npub1t97ā€¦g2yy
2023-06-07 23:18:35
in reply to nevent1qā€¦2qe2

Daniel Lipshitz [ARCHIVE] on Nostr: šŸ“… Original date posted:2023-01-14 šŸ—’ļø Summary of this message: GAP600 enables ...

šŸ“… Original date posted:2023-01-14
šŸ—’ļø Summary of this message: GAP600 enables merchants to accept 0-conf transactions via API without AML/KYC. Privacy concerns arise as they collect data on real-world entities paying for their service. They claim to have a significant presence in transactions but do not disclose their clients. Full-RBF implementation is suggested to stop data collection.
šŸ“ Original message:On Sat, Jan 14, 2023 at 1:53 AM Peter Todd <pete at petertodd.org> wrote:

> On Sun, Dec 18, 2022 at 10:06:15AM +0200, Daniel Lipshitz wrote:
> > GAP600 is not a trxs processor or liquidity provider we service
> merchants,
> > payment processors & non-custodial liquidity providers - our service is
> > purely the 0-conf enabling our clients to accept 0-conf. Clients access
> our
> > service via API - sending us the Trx hash & output address. Our service
> is
> > not based on AML/KYC it is purely an analysis of the Bitcoin network.
>
> I checked and to sign up for your service, you ask for the name, phone
> number,
> email, and company name.
>
> That is an example of AML/KYC. By learning the tx hash and output address,
> you
> learn which addresses are associated with what real world entity is paying
> for
> your service. You learning that information for what you claim is ~10% of
> all
> transactions is a significant privacy concern. On that basiss alone, I
> would
> argue that full-rbf should be implemented specifically to destroy your
> business
> and stop the collection of that data.
>
> We have standard commercial information about the payment processors, non
custodial liquidity providers and merchants which become our clients - we
do not have any kyc/aml information or telephone number on who is sending
our clients the bitcoin for deposit. For us these are just bitcoin Trx
which our clients choose to benefit from 0-conf deposit recognition. Our
service is provided via API with the only information our clients share
with us, regarding a specific bitcoin transaction, being public bitcoin
information like trx hash and output address.

> I am not at liberty to share names of other services which have developed
> > their own 0-conf service - they include a payment processor on a gambling
> > platform which services multiple gambling operators, a standalone gaming
> > payment processor, and a payment processor recently I have come across.
> We
> > also do not have a significant presence in Asia - so I don't have
> > visibility there.
>
> No, I asked you for information on what companies are actually using *your*
> service. You claim to be involved with a huge % of all transactions. If
> that is
> in fact true, obviously it shouldn't be hard to provide some examples of
> merchants using GAP600 to accept unconfirmed txs.
>

As already posted here
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-December/021240.html
Max CEO from Coinspaid who has provided Cpoinspaid address clusters, see
link, is available to discuss further and may choose to share further
information on the merchants they support.

>
> > I don't see it being necessarily an either/or approach here. The risk
> > looking to be mitigated with FullRBF seems to be able to be mitigated
> with
> > FullRBF but with a swop limitation of at least the Inputs of Trx1 being
> in
> > Trx2 - no flagging required. Added to this all these trxs always have the
> > OptinRBF so if these platforms need to be able to recreate completely
> their
> > trxs they have that option as well. The option to Swop out or bump up
> trxs
> > seems to be well covered under those two options.
>
> You are not correct. One of the most important use-cases for full-rbf is
> multi-party transactions; adding that limitation to full-rbf negates that
> usecase. See my post on why full-rbf makes DoS attacks on multiparty
> protocols
> significantly more expensive:
>
>
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021322.html


I also note that there is ongoing debate as to the need for full RBF see
here
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021331.html
.

This seems to be an extreme edge case - with Opt-in RBF, FSS Full RBF and
common sense - offering enough coverage to mitigate.

0-conf although may not be liked by some actors in Bitcoin, is engaged with
free choice and understanding of the risks. 0-conf is a long standing and
significant use case which should not be ignored. 0-conf demise should be
viewed as being a major and unnecessary cost to FullRBF as currently
implemented.

> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230114/70440238/attachment-0001.html>;
Author Public Key
npub1t97ak5ltnq0v72nv4jssnhw0fr09axwqvc20623jfdnvrajae7nqufg2yy