Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7014BC0032 for ; Sat, 3 Dec 2022 13:20:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 450BE40166 for ; Sat, 3 Dec 2022 13:20:38 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 450BE40166 Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=gap600.com header.i=@gap600.com header.a=rsa-sha256 header.s=google header.b=F+O7urBF X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ELzfcbN7JcF for ; Sat, 3 Dec 2022 13:20:37 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org E8972400E2 Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) by smtp2.osuosl.org (Postfix) with ESMTPS id E8972400E2 for ; Sat, 3 Dec 2022 13:20:36 +0000 (UTC) Received: by mail-il1-x129.google.com with SMTP id h17so3198459ila.6 for ; Sat, 03 Dec 2022 05:20:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gap600.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=sq1gzaQFKmVYpGgLQ30BKH2lhM37zR2fMvJs40ncJuc=; b=F+O7urBFPmnTV28/ZZKePCAgJXYNiJwe7cxnfYehzRRFXok9woCmOapkzfU6m+wSn8 WFC6lEGvNP4UnO1eFuZQwCw77aKQTfF9JUoAdbykgLrWe9FBCjpZGheClSUQdjiUKnsi ou30YagXOz6f2yqdZF7dNDO0lx6PwbZuFhz0cdQv2fVU/8NkXriQJzy4LBMeHY/iWOfs ENWLBL/0eygx0/kRMGnxqnj5zpz/+IGi3kARyaFYGMjlpajz4/D3+8NTBNJlYdA30/fv EPk3Ji9imce1IGJedxkIzOmoNJ64M2vwvUjxAyGT28f8tOCKmLwIxEZdzaqvCXiS/ADZ T3Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sq1gzaQFKmVYpGgLQ30BKH2lhM37zR2fMvJs40ncJuc=; b=PudrQF/8rKNcmJDdNNFUUnZuQSLssBC9TyQ9+BPDof9c/ZaTEqMLDWaYlV13eg0njl iY0cWqkgmV5W5Cm43XWF6/hcRP8h2a7kK+2piHvEoK/d53np95FzODv5d4tX1b1pGCXL LsXrnJlOASKnwaUIF2wyjImf6lQuV9uMUOCb94exSbMkDNA4ssWuK3OXNdtEbAgKXEa3 wiIIDAGyqdiTgWU0jrXKiMqMeDWkBqa4UuJg8QB2nhP0cxdMQqY2Z74JVan7mmQuR/VS ZXC8eUtohOb8vhzshR6GBD8zMVJfKDx4DoIkM6/Ju3zohMnKmCdTabnJVenAu+SovjcN yhGg== X-Gm-Message-State: ANoB5pkvPiMosFf1Pw6B1ef7epOXO9X1zHjAh84FsLPGCh9cVhC73Xj9 4yufFOIpZ3n3l5APAWwNOeGNWQDALn9OMYS99sBpe6vzeQijsA== X-Google-Smtp-Source: AA0mqf7tpfOi+kegIruU6NEcwjNQQKcrVXpwymc4Tz39HgYdGq8pyJIx9+ylW85avC6KBOBC7Ec5oZop6EEB68+ohjM= X-Received: by 2002:a92:6e0a:0:b0:302:4d37:9e69 with SMTP id j10-20020a926e0a000000b003024d379e69mr28798651ilc.160.1670073635805; Sat, 03 Dec 2022 05:20:35 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Daniel Lipshitz Date: Sat, 3 Dec 2022 15:17:16 +0200 Message-ID: To: Peter Todd Content-Type: multipart/alternative; boundary="000000000000cfcd0105eeec51ff" X-Mailman-Approved-At: Sat, 03 Dec 2022 16:07:37 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] [Opt-in full-RBF] Zero-conf apps in immediate danger X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Dec 2022 13:20:38 -0000 --000000000000cfcd0105eeec51ff Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable The statistics that I have stated are based on trxs that rely on our tool. They are not overstated, this is a reflection of the 0conf market on BTC. They are trxs which our clients query via the API and which I clients pay subscription for. There is no point for clients to send us trxs they don=E2=80=99t want or ne= ed our response from. We are a B2b provider so we are not sure how and who the end users and applications are. Coinify definitely doesn=E2=80=99t send us all their traffic, as I would th= ink some of our other clients. Here is some external confirmation a bit old though but still- https://blog.coinpayments.net/news-features/gap600 You can also see our video of Coinspaid using our service on our site - all our Marcom is a bit old. We service primarily payment processors and liquidity providers and not end merchants so I can=E2=80=99t say how and to who end clients implement it. If AML/KYC was enough to prevent double spends all exchanges would offer 0conf. I don=E2=80=99t know the split with our clients as it=E2=80=99s non of our = business but definitely a significant amount of end users are not Kyced for the trxs. Best would be to try and talk to some of our major clients - ie Coinpayments, Coinspaid and Coinify. On Sat, 3 Dec 2022 at 14:12 Peter Todd wrote: > On Sat, Dec 03, 2022 at 01:01:16PM +0200, Daniel Lipshitz wrote: > > Shapeshift used to be clients in fact one of our first when we started = in > > 2016. > > > > They no longer use our service but from time to time use us for fee > > recommendations. So we actually should remove their logo as a current > > client. > > Yes you should. When did ShapeShift stop using your service? Did they > explain > why? > > > If you wish to test it out try find a merchant using Coinpayments or > > Coinspaid. > > > > Also some of our non custodial liquidity providers offer service no > > custodial wallets. I am not sure which. > > I see that you also advertise that Gap600 is "Trusted by" Coindirect and > Coinify, both AML/KYC crypto exchanges. Obviously, with full AML/KYC > double-spends are not much of a concern. And it's not even clear that > either accepts zeroconf anyway, as I'll explain later. > > On this list you claimed that: > > > 1. As of end of Nov 2022 - GAP600 has processed i.e responded to circa > > 15M transactions > > 2. These transactions have a cumulative value of 2.3B USD value. > > 3. We currently are seeing circa 1.5M transactions queired per month. > > What's the value and number of transactions that *actually* rely on your > unconfirmed transaction tools? The only category that would apply for is > goods > provided immediately and irrovocably, without AML/KYC. Because it sounds > like > these figures may be significantly overstated. > > > Re: CoinsPaid, what you say here makes it also sound like it relies on > AML/KYC: > > > CoinsPaid applies a special software tool across its solutions to condu= ct > > stringent KYC procedures and a risk-based approach to CDD that verify > user > > identities to mitigate fraud, money laundering and other activities > linked to > > criminality and terrorism. > https://www.gap600.com/uncategorized/coinspaid/ > > Re: Coindirect, the documentation I can find appears to say that > confirmations > are required before you can use coins deposited into Coindirect: > > > Digital currency transactions must be confirmed on the relevant network > block > > before they are considered valid. Only once confirmed, will you be able > to > > use the coins deposited in your Coindirect wallet. > > https://help.coindirect.com/hc/en-us/articles/115002441974-How-quickly-ca= n-I-use-coins-deposited-into-my-Coindirect-wallet- > > This is repeated here as well: > https://help.coindirect.com/hc/en-us/articles/4409120006546--Deposits- > > Re: Coinify, the API docs don't give any indication of risk scoring or an= y > other Gap600 integration: > > https://merchant.coinify.com/docs/api/#payment-object > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org > --=20 ________________________________ Daniel Lipshitz GAP600 www.Gap600.com --000000000000cfcd0105eeec51ff Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The statistics that I have stated are based on trxs that = rely on our tool. They are not overstated, this is a reflection of the 0con= f market on BTC.

They ar= e trxs which our clients query via the API and which I clients pay subscrip= tion for.

There is no po= int for clients to send us trxs they don=E2=80=99t want or need our respons= e from. We are a B2b provider so we are not sure how and who the end users = and applications=C2=A0are.

Coinify definitely doesn=E2=80=99t send us all their traffic, as I would= think some of our other clients.

Here is some external confirmation a bit old though but still-=C2= =A0
https://blog.coinpayments.net/news-features/gap600<= /div>
You can also see our video of Coinspaid using our se= rvice on our site - all our Marcom is a bit old.

We service primarily payment processors and = liquidity providers and not end merchants so I can=E2=80=99t say how and to= who end clients implement it.

If AML/KYC was enough to prevent double spends all exchanges would o= ffer 0conf.=C2=A0

I don= =E2=80=99t know the split with our clients as it=E2=80=99s non of our busin= ess but definitely a significant amount of end users are not Kyced for the = trxs.=C2=A0

Best would b= e to try and talk to some of our major clients - ie Coinpayments, Coinspaid= and Coinify.


=

O= n Sat, 3 Dec 2022 at 14:12 Peter Todd <pete@petertodd.org> wrote:
On Sat, De= c 03, 2022 at 01:01:16PM +0200, Daniel Lipshitz wrote:
> Shapeshift used to be clients in fact one of our first when we started= in
> 2016.
>
> They no longer use our service but from time to time use us for fee > recommendations. So we actually should remove their logo as a current<= br> > client.

Yes you should. When did ShapeShift stop using your service? Did they expla= in
why?

> If you wish to test it out try find a merchant using Coinpayments or > Coinspaid.
>
> Also some of our non custodial liquidity providers offer service no > custodial wallets. I am not sure which.

I see that you also advertise that Gap600 is "Trusted by" Coindir= ect and
Coinify, both AML/KYC crypto exchanges. Obviously, with full AML/KYC
double-spends are not much of a concern. And it's not even clear that either accepts zeroconf anyway, as I'll explain later.

On this list you claimed that:

>=C2=A0 1. As of end of Nov 2022 - GAP600 has processed i.e responded to= circa
>=C2=A0 15M transactions
>=C2=A0 2. These transactions have a cumulative value of 2.3B USD value.=
>=C2=A0 3. We currently are seeing circa 1.5M transactions queired per m= onth.

What's the value and number of transactions that *actually* rely on you= r
unconfirmed transaction tools? The only category that would apply for is go= ods
provided immediately and irrovocably, without AML/KYC. Because it sounds li= ke
these figures may be significantly overstated.


Re: CoinsPaid, what you say here makes it also sound like it relies on AML/= KYC:

> CoinsPaid applies a special software tool across its solutions to cond= uct
> stringent KYC procedures and a risk-based approach to CDD that verify = user
> identities to mitigate fraud, money laundering and other activities li= nked to
> criminality and terrorism.
https://www.gap600.com/uncategorized/coinspaid/
Re: Coindirect, the documentation I can find appears to say that confirmati= ons
are required before you can use coins deposited into Coindirect:

> Digital currency transactions must be confirmed on the relevant networ= k block
> before they are considered valid. Only once confirmed, will you be abl= e to
> use the coins deposited in your Coindirect wallet.
https://help.coindirect.com/hc/en-us/articles/115002= 441974-How-quickly-can-I-use-coins-deposited-into-my-Coindirect-wallet-=

This is repeated here as well: https://help.coindirect.com/hc/en-us/articles/4409120006546--Deposits-=

Re: Coinify, the API docs don't give any indication of risk scoring or = any
other Gap600 integration:

https://merchant.coinify.com/docs/api/#payment-= object

--
http= s://petertodd.org 'peter'[:-1]@petertodd.org
--
________________________________
Dani= el Lipshitz
GAP600
www.Gap600.com


--000000000000cfcd0105eeec51ff--