How is Square/Stripe getting around the issue that most exchanges wait for 6 confirmations before a transaction is accepted? Are they ignoring the risk of a double spend and just going ahead once a transaction has propagated to the network for mining?
> Are they ignoring the risk of a double spend and just going ahead once a transaction has propagated to the network for mining?
After a majority of the nodes have seen a transaction it becomes relatively safe to accept it as valid before 6 confirmations. You wouldn't want to do that for high value transactions, but I think it's fine up to a couple BTC (read: $1000 or less).
You can't determine what the majority of the nodes thinks in this way because of Sybil attacks. Otherwise we wouldn't need proof of work as a consensus mechanism.
Mycelium's "transaction confidence" feature is well intentioned but it is a disaster waiting to happen.
I agree with you, but I don't think it would be worth the effort to conduct this attack for such low value transactions. I'm certainly not an expert here, and clearly the blockchain is the only source of truth in the end.
Probably. Unless you're working in concert with major mining power, it's still hard to engineer a successful double-spend. And by pushing their preferred observed transaction to major pools, Square could help ensure a double-spend can't succeed, or get a near-instant indication that a competing transaction exists. (I don't know if they're doing this.)
It also looks like most 'Square Market' purchases take more than an hour to deliver/ship... so the payment validity will be known before a hypothetical fraudster benefits.
Makes me wonder - would we ever get to a point where it's in Square/Stripe/Coinbase/et. al's interests to contribute mining power to help their own transactions along? Or is that pretty much taken care of by transaction fees?
I suspect they'd just strike deals with existing mining specialists, if and when necessary, perhaps even via out-of-band (non-Bitcoin-transaction) exchanges of considerations.
There could be a problem with fees from a merchant's perspective because they are chosen by the sender and it's possible that someone could (accidentally or intentionally) pay with a transaction that never confirms. Merchant providers like BitPay/Coinbase/Stripe/Square might benefit from a way to pay fees on behalf of a transaction to ensure it gets confirmed.
>And by pushing their preferred observed transaction to major pools, Square could help ensure a double-spend can't succeed, or get a near-instant indication that a competing transaction exists.
What would this even look like? is anyone doing 'specialized mining' like this, where particular hashing nodes are being used for preferential transactions?
Zero-confirmation transactions are fine for everything but rivalrous digital goods; it takes longer than 60m to ship something in any case, so if there's a double spend you just notify the merchant and they can cancel the order.
> How is Square/Stripe getting around the issue that most exchanges wait for 6 confirmations before a transaction is accepted?
How do you know they're not getting 6 confirmations? They could just give you a confirmation screen, wait for 6 confirmations, then cancel the order in the rare event that it fails.
They seem to imply this in the blog post: "We will continually monitor this address throughout the checkout process so we know when it has received payment."
Consider that even with zero confirmations, with enough clients validating and relying the transaction, it's pretty hard for an attacker to propagate a double-spend for that transaction. This is where the big mining pools are actually a good thing.
In a zero confirmation scenario you could send the transaction to all the big mining pools and wait till they see and validate it which could take just a few seconds. This way it becomes incredibly hard, even with zero confirmations, for an attacker to get her double-spend mined because the big pools saw your tnx first.
For large sums of money of course it's safer to wait for many confirmations, but for $30-40, the risk is relative.
Is this Square? Square up has a different logo and looks a little more like generic bootstrap. I'm not sure if they're related or just an auction site with a similar name.
Edit: yep, see https://www.squaremarket.com/about, this is not the US payment company most people on HN would call 'square' but an auction site started by Oxford grads.
https://www.squaremarket.com/about <- Ghetto-ass Bootstrap site made by Oxford grads, using weird concept of 'squares' that you buy to win the auction. No mention of any relation to 'square' of 'square device iPhone POS' fame.
Looks like you're right, I have no idea where 'https://www.squaremarket.com/about' came from. It looks like they have a product with the same name and something got confused somewhere.
