On Tue, Oct 18, 2022 at 05:00:45PM +1000, Anthony Towns via bitcoin-dev wrote:
> For what it's worth, my guess is that releasing core with full rbf
> support and having you and Murch and others advocating for people to
> try it out, will mean that full RBF is usable on mainnet within two
> or three months, supported by perhaps 5%-20% hashpower, but probably
> still requiring special effort to actually find a peer that can relay
> full rbf txs to that hashpower (probably doing an addnode, despite the
> privacy implications). Even if that happens, I'm not super confident
> that it would mean people would actively steal from zeroconf businesses
> in any volume, though. It's not something I'd risk happening to me,
> but accepting zeroconf from strangers isn't something I'd risk anyway.

FWIW I'm not aware of any zeroconf accepting businesses where exploiting double
spends can be done without significant legal risk. Bitrefill has significant
legal risk, because pretty much everything you buy with Bitrefill can be traced
to your real world identity. ATMs have less risk. But I haven't seen an ATM
that accepts BTC without a confirmation in many years. Nor have I found a
non-KYC/AML in-person currency exchange service that would accept funds without a
confirmation (yes, I've had to wait 30 mins to get my cash before!). And all
the anonymous crypto-exchange websites like FixedFloat require a confirmation.

I have found AML/KYC in-person currency exchange services that would accept
zero conf. But of course, they had sufficient details on me to just call the
police if I double-spent them.

In practice, there are very few people who are actually affected by zeroconf
going away.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org