That's not what it means. And I'm not kidding.

I would advocate for consensus changes to fix known exploits. Plus as many known theoretical attack vectors as possible.

Bitcoin is critical infrastructure. What do I mean by that? I have a specific definition, stemming from my experience as an industrial cyber security professional. Critical infrastructure refers to assets, systems, or networks whose disruption would have a profound effect on security, economic stability, public health and safety, or some combination. What this means in practice are those things that we can’t live without in our modern society: electricity generation and grids, oil, gas, and fuel infrastructure, factories, hospitals, transport networks. The list goes on, I hope you get the idea. The Internet itself is critical infrastructure, as the communication network enabling most of our interconnected lives. Additionally, payment networks are considered critical infrastructure. You probably see where I’m going with this. I put forward that Bitcoin is critical infrastructure. No government or agency has officially taken that position. Of course, within the Bitcoin community, this definition shouldn’t be surprising. If Bitcoin is the revolutionized monetary system, the replacement to fiat debasement and the antidote to centralized power structures, the freedom money that enables anyone in the world to save and transact freely, then it had better be considered critical. Now, what is the point in my saying this, especially if it shouldn’t be controversial to anyone in the Bitcoin space? It has to do with how critical infrastructure is defended. As mentioned, I’m an industrial cyber security professional, which means that I focus on defending critical infrastructure and other forms of industrial control systems from cyber threats. Critical infrastructure is treated differently from other types of network systems and assets. Whereas for most systems, confidentiality of data and the integrity of the system are considered most important, for critical infrastructure the focus is on keeping the systems running. Additionally, many of the cyber defenses that work for individuals and normal IT systems simply don’t work in critical environments (for many reasons, not overly relevant here). With that in mind, critical infrastructure is defended based on the types of threats they are expected to face. ISA/IEC 62443 (they couldn’t have picked an easier number to remember /s) is one of the most widely used frameworks for industrial cyber security. It defines 4 threat levels and recommends controls based on those: - Protection against casual or accidental threats - Protection against intentional attacks using simple means - Protection against sophisticated attacks using advanced tools - Protection against nation-states or highly-resourced attacks As you can probably gather, the defenses applied are targeted against more and more intense attacks, with greater motivation and resources each time. One piece of necessary context is that “accidental” threats are still bad - we’re talking about untargeted malware floating around on the internet, for example. The accidental part mostly refers to basic security best practices not being followed (no passwords on a computer - it happens!). Now, at this point, I’ll be clear: I considered non-monetary transactions to be a threat against Bitcoin: specifically against its availability. Non-monetary transactions displace block space and force a higher fee rate. In times of frenzy for some new inscription fad, transactions spiked to the point of pricing out whole categories of users from on-chain transactions, made lightning channel openings much more expensive relative to channel size, and hampered the network overall. Additionally, blocks themselves became much more full and the UTXO set increased rapidly, both putting significant pressure on node hardware requirements, risking decentralization. These points have been discussed ad nauseum and aren’t the point of this post, except for me to be clear that I consider these non-monetary transactions to be a type of threat. I’ve analogized elsewhere that in Bitcoin, policy filters are effectively the defense against casual threats. Mapped to the framework above, the first two categories are essentially tackled by policy filters. Casual, untargeted threats are actually mostly handled by node implementation security features, and those are important in themselves for us to be able to have functioning nodes. Simple targeting Bitcoin itself through abusive transactions are effectively blocked through policy. Default tools and wallets don’t even allow submission of abusive transactions in most cases, because they follow default mempool policy. In the cyber security world, this is enough to deter whole categories of casual attackers, who simply move on to the next potential target. There’s no reason to think that this isn’t the case with Bitcoin also. More sophisticated attackers are a different situation. They use bespoke tools and know what they’re doing. They’re able to bypass policy filters and use specific exploits to get their transactions on chain. The level to be able to tackle these attacks is at consensus level. I’ll save further discussion about that for another time, but I’ll emphasize another point here: this is what is done in the cyber security world all the time. Vulnerabilities are identified, tracked, and remediations are developed. Individuals and organizations either fix the vulnerability, put up some other defense to compensate, or leave themselves free to get exploited. An important distinction is also whether a vulnerability is being actively exploited. If that’s the case, it’s only a matter of time before they find and exploit you. In other words: Bitcoin has a choice - fix identified and actively exploited vulnerabilities, or simply accept that this will continue to happen. Forever. I don’t have any intention to imply that Bitcoin should be managed like a business or any other kind of centralized organization. Bitcoin is unique in that it is the only truly decentralized system in the whole world. All other cryptocurrencies have developers who make changes at their discretion, similarly to companies and individuals who can simply decide to do something and do it. It’s different with Bitcoin. The network has to agree. And that’s good! It also means that if significant portions of the network do not agree that something is a threat or that a vulnerability is worth fixing, it may or even will not happen. At this point, those who think something needs fixing could either throw up their hands and decide to live with it, or decide to try to persuade network participants of their view. I’ll finish with another cyber security principle: an attacker with unlimited resources and motivation will always breach your system. This might sound defeatist, but it’s a reminder that no set of defenses is ever perfect. The higher the value of the potential payoff, the more likely an attacker is willing to throw time and resources into exploiting the system to get what they want. In the Bitcoin context, this means that there will always be attackers looking for vulnerabilities, because what is a more valuable payoff than the best form of money the world has ever seen? Does this mean we should give in to the inevitability that SOMEONE is going to attack Bitcoin SOMEHOW, and just give up? In my view, no. That’s not how things work outside Bitcoin. Critical infrastructure is actively defended. Threats and vulnerabilities are identified and remediated as best they can be. The cat and mouse game goes on, but electricity keeps flowing, gasoline gets to the pumps, factories keep pumping out products, ships bring goods to their destination, trains keep running, and water flows from the taps. We don’t notice when everything is working. We sure do notice when something breaks. Let’s not let Bitcoin break. Bitcoin is critical infrastructure, and we should be treating it like it is, keep it running, and save the world.

Congratulations Matt!

I understand that perspective. Unintended consequences is always a thing. Still, I don't see why we can't fix obvious exploits that are being abused. Otherwise, we just live with things as they are. Maybe it's fine, but maybe it isn't.

Tiresome. Oh well!

Cybersecurity is all about defense. Defending against attackers (threats). There are a few basic types of attackers: - The opportunists who will take advantage of an easy win but will stop when they meet trivial resistance - Sophisticated actors looking for financial gain (think ransomware or extortion for data) - Determined actors with extensive resources who want to do bad things (nation-states, industrial sabotage) (As with all things, I'm simplifying a little) In industrial cybersecurity (my day job, if you didn't know), defenses are all built around the type of threat actor they aim to stop. The opportunists give up after very little resistance. Things like strong passwords or two-factor authentication or a locked door are usually enough to stop them. More sophisticated actors need tailored defenses. You can't cover every attack vector, and it's pretty much a constant cat-and-mouse game. But it's necessary for pretty much all companies to implement some basic protections that stop most cyber threats. Again, you can't stop everything, but you can mitigate most damage. The determined actors like nation-states are difficult. It's taken as a given that an actor with unlimited time and resources will breach your system. The whole idea there is to make it as difficult as possible to get what they want, and perhaps they give up. This maps onto Bitcoin: The opportunists are stopped by filters. If their transaction won't be accepted by most nodes, they just don't do it. More sophisticated spammers try to find new vectors to attack the system. They've found various exploits to abuse. And ultimately, someone who REALLY wants to put their data on Bitcoin will do so. But, we could make it difficult for them. The whole reason I bring all of this up is: outside of Bitcoin, we play the cat-and-mouse game with cyber attackers. We have no other choice! The world enabled by the internet would be worthless if attackers could just do whatever they want. We have the ability to fix some specific bugs which are being actively exploited. Outside of Bitcoin, this is a no-brainer. We can also make it as difficult as possible to put arbitrary data on Bitcoin. This is how we attempt to stop the most determined threats attacking critical infrastructure. Of course, Bitcoin is a distributed system and requires consensus. I don't want to change that. Therefore, I advocate for building consensus towards putting up some basic defenses and fixing exploits that are being abused. That's how we can defend against threats to Bitcoin.

Insults are the thing now (again?) on Twitter. It's exhausting. We can't have conversations with each other if the other side is dismissed with insults.

If everyone adopts the new consensus rules, it's not control.

So what is wrong with closing off the currently abused exploits and leaving OP_RETURN only? Regardless, wanting less UTXO bloat is the best argument for this that I've heard. It would be nice if Core focused on that as the messaging.

"They have only been ineffective since Taproot because a certain core devs refused to patch the default policy run by 99% of nodes." - so they've been ineffective. But I'm not disagreeing! "Ineffective" in absolute terms. Effective by another measure, sure. New changes to policy demand that the change be on consensus terms. IMO.

I can't tell if you're agreeing with me or disagreeing with me.

What exactly is censorship on Bitcoin? Here's my answer: certain addresses being blocked on consensus level. Changes to policy to limit specific forms of transaction is not censorship, it's discrimination. I'll explain what I mean by that. Bitcoin has always discriminated in terms of what can go into a transaction. It has never been possible to put whatever you want into a transaction, just like it's never been possible to double spend a UTXO. I'm glossing over a ton of minutiae here, for simplicity. The previously agreed amount of data that is allowed in a transaction has been set to a reasonable level, through OP_RETURN. There have been disagreements as to that level, but even the most permissive amount was 80 bytes of data in practice. This has been more than enough, and it has been enforced by policy, not consensus. Since SegWit and Taproot, more ways to put arbitrary data (spam) on chain have been discovered. That is to say, the ability to do these things was right there, as unintended consequences of development changes. Uncaught bugs, or a lack of forethought about human behavior. Filters on the policy level have been ineffective in containing spam. However, they have provided individuals who are against spam with tools to control their own nodes and mined blocks. Individual policy choices are a form of discrimination, not censorship. Discriminating against certain types of consensus-valid transactions is perfectly fine. I even go so far as to say that discriminating against transactions from certain address is also completely fine. These are all individual choices. Every individual on the network is free to make those choices. Anything short of that is coercion. Consensus rules, on the other hand, are where censorship is possible. This is where it would be possible to block certain addresses from moving their UTXOs. As I understand it, this is usually termed confiscation. In practice, this would likely be the result of making some technical type of coin unspendable. In theory, some list of addresses could be drawn up that says they can never move their coins. Good luck getting that adopted. Consensus changes that do not prevent certain addresses from moving their UTXOs are not censorship. Making it so that transactions containing arbitrary data invalid is not censorship. Making those transactions more expensive is not censorship. Private key holders will still be perfectly able to move their UTXOs. They can even add some arbitrary data through OP_RETURN, or jump hoops (and pay fees) to encode their data some other way. This is discrimination against certain types of transactions. Those which have no intention of using Bitcoin as money, or which misuse the network for their own purposes (I use the word misuse here to mean that they are using exploits which were not intentional developments). If the majority of the network decides to eliminate the possibility of those transactions in the future, that is not censorship. And, as previously mentioned, that has not been effective on a policy level. The consensus level is all that is left. I'm not going to discuss the currently proposed soft fork in extensive detail, except to say that I think the proposal is technically extremely reasonable in my understanding. Compromises have been made to allow for other specific potentially useful data types by consensus. The language about legal consequences is completely unnecessary, and I hope it is removed. I hope this proposal or a similar one passes. Bitcoin is money, not data storage. To hammer these points further: I might morally object to some miner rejecting transactions from specific addresses, but I can't do anything to force them to include those transactions in blocks they mine. I can put public pressure on them to change their view, but I can't force them to do so. This would still not be censorship. All individuals on the network are free to do what they want, including rejecting transactions they disagree with. Here's the beautiful thing: we're not all the same! One miner might reject some transactions. Another one almost certainly will include those transactions. This is primarily why filters don't "work" - someone will always mine valid transactions. I still support filters on the node level. Nobody can force me to include transactions I don't want in my mempool. In other words: as long as the consensus is not making it impossible for certain addresses to move their coins, it's not censorship. Discriminating against certain types of transactions or certain arrangements of arbitrary data is not censorship. Everyone on the network is still free to move their UTXOs. Bitcoin is useful as money. The best money. That's the important thing. What do you think?