According to http://bitcoincasinopro.com/provably-fair-verification/ the Satoshi Slider is not showing the expected numbers.
In particular:
 This Game's Result: c0cb902b871f4d52c978adec98297ccd972d63630afc1fcbef9b18c6c4e7839d
Expected result: int("c0cb",16)=49355  -> Same as in http://bitcoincasinopro.com/provably-fair-verification/
Given result: 60263


In addition, in the Roulette the "next server hash" does not match the hash of the next round.

What is going on?

Good to know that imaging the device is not as simple as plugging the internal memory (SD Card for example) into a PC and bruteforcing the PIN in seconds. I think that should be stated more clearly in the website. You say that the attacker would need expensive laboratory equipment, can you please be more specific, or point me to the doc where they describe this point? It would be important to discard this attack surface.
In any case it would be a good idea to have another Trezor at home ready to send all the funds to a paper wallet, just in case the main one 'disappears'.


If the first point is solved, and considering that the integrity of the device can be verified by providing a test seed and checking the generated addresses, the only attack surface I can think of is the validation of the data sent by the computer to the device. I'll take a look at how Google's protobuf works.


Is there any reason why they went with BIP 0032 instead of simply SHA256(SEED+idx) or similar? The added complexity of BIP 0032 is justified when we need 'watch only' wallets for example, but in the use case of Trezor, where there is a single user and the privates keys are not supposed to be leaked I don't understand the reason. Maybe they plan to allow Trezor to only receive payments, but not send them? (for example, for waiters in a restaurant).


I find some points unclear in their FAQ. For example, how does the passphrase work? They only say that it sits "on top of the PIN". So am I supposed to write it in the computer's keyboard? Also, in their sentence "[...] we have implemented a safe way of entering PIN, so no keylogger can be used to spy on your PIN" there is no information. I finally found in reddit a video showing how the PIN input works (but not yet the passphrase).

Good job! I hope to get one one day, too 

What I couldn't find is the answer to the following two questions (or maybe it is buried somewhere in these 84 pages), not even in their official site:

1) What happens if someone steals the device, dumps its memory and bruteforce the 10000 PINs offline? Is the memory protected, like in a Smart Card? Is the encryption key hardened (like after 100,000 rounds of sha256? Or is it a race between the attacker and the owner to move the funds?

2) How is the interface Trezor-Computer? There must be bidirectional communication (to receive the unsigned transaction and send the signed back). How is it carried out? Is like a network interface? Does it simulate a keyboard, like the Yubikey? In this last case, how does Trezor receive the transaction from the computer? What is the worst that a compromised driver can do to the wallet?


I would love to see these questions answered in the main site (since probably I am not the only one wondering this). For the rest, kudos to you two and keep up the good work!

I see what you say, and I agree with your points. Nevertheless, when I make a payment (as a customer) I feel much more comfortable paying with Paypal than with any other payment method (unless of course the seller is well known and respected as Amazon or Dell). "Accepted by Paypal" tells me two things about a site: (a) that they wouldn't be doing business with Paypal for long if they were scammers and (b) that I can get my money back if things go bad.
Of course, with Bitcoin and escrow one could do the same thing. Maybe one day the "Using escrow with inBitweTrust" (for example) will transmit the same level of customer protection as today Paypal. Now I understand better the real practical applications of multisig transactions.   

I completely understand that posts like that of "LET'S CRASH BITCOIN" are tiresome and sometimes outright trolling. I am glad that you don't see me now as one of them.


Thanks for the URL, I didn't know it. On the other hand I don't completely agree with you about the economics of arbitrators, but well, time will say if they are cheap or expensive. Anyway, what I find a clear advantage is that the escrow is not needed in a normal scenario and, above all, it cannot steal the funds (as could theoretically Paypal do today).

I agree that today the loss is amortized, but I don't see it necessarily a bad thing. What is true is that chargebacks and insurance come at a price (which one may or may not be willing to pay, the market will decide).

I find hardware wallets a really promising technology and I hope the best for Trezor. I read in their thread that they are delivering.


I think I understand your general view (please correct me if I am wrong). Your vision is that Bitcoin, while having at this moment some drawbacks like yes, extortion by individual scammers is possible or funds can be lost (but coming technology is making this more unlikely than losing fiat) it solves the biggest of problems: institutionalized stealing by state agents and the economic elite. Or in other words, Bitcoin may, at this moment, make us a little bit more vulnerable to small-scale thefts (and even that is being solved) while protecting us from the biggest scammers who steal money in front of our face and modify the laws as needed to make it 'legal'.
If so, of course it would open another whole can of worms about in which situations the market should or should not be free, like in asymmetric information scenarios (car dealer-client, health insurance-client, etc), or in which scenarios could be useful to devaluate the currency and, of course, if the people who make these decisions are honest or not. But well, I am sure it would be a really interesting debate but that is not the scope of this thread.

Maybe we are in opposite sides of the world but thanks to Internet we are having this interesting discussion. If Bitcoin makes to the economy what the Internet made to the information I am sure that interesting times are coming. 

Of course! Verification of the results after applying a deterministic algorithm! You just recovered my interest in hardware wallets!

I remember a couple of projects in the Project Development subforum. One of then is/was Trezor. What is its current status? And, why is it so difficult (honest question)? I would naively think that with a Raspberry Pi, a LED screen and a cheap webcam (to send the transaction to sign) it could be done. What am I missing?

Actually the seed is the beginning of a long algorithm you are trusting. And if you trust the algorithm, you can also trust the seed generator. If not, you need to generate for each private key 256 bits of entropy throwing a dice (for example).

Thank you for your answers, most of which pose interesting points of view. Before answering the points I consider the most relevant, I noticed some hostility in some of the answers, stating things like I hate Bitcoin and even the reason, apparently because I was scammed to bankrupcy. Since I want to keep the discussion focused on Bitcoin, I will answer briefly your concerns.
I absolutely do not hate Bitcoin. What is more, I already made my part to the community selling some at the time. With Paypal indeed. And no, I was not scammed one single time. I stopped because it was more a proof of concept, I enjoyed building the system but not so much running it and, above all, because I discovered that in the US one can buy a prepaid SIM card withoud providing ID.   


The tone of some of the answers really shocked me. I did not expect to make people angry and that raises some concerns about how do we interpret this. I had seen this reaction with extremely religious and political people, but never in a technical field (maybe in some Windows/Linux and XBox/PS2 discussions among teenagers). In other threads I saw how some users are pushing their friends to join in, others who invest all their life savings and some who blame the victim when someone loses their wallet. Being myself passionate about Bitcoin, I am doing this exercice of scientific skepticism to try to validate my beliefs about this matter. I am educated about the technicalities of Bitcoin and I follow the current news. I would like to invite you to make this exercise of introspection with a neutral and passion-less mentality.


Now I would answer some of your most interesting points. Thank you again for your time.


You are right, and this is an important fact. Nevertheless, I fail to see the practical implications in the everyday life. Could you please provide an example were these controls pose a regular problem to people? It is true that it would be hard to move large capitals to another country, but people do not have regulations to pay for groceries, electronics or a house, for example.

Good point. After all one cannot have both security and convenience. But careful when intutively using systems as throwing two dices. Often times the distributions are not as constant at it may seem.

inBitweTrust, thanks for your long answer. I already explained what happened to my site and why I don't think that it is relevant. Anyway, even if I were scammed, what does it have to do with the security of the currency?


Good point. You solved the problem of losing/stealing the phone. But there is still the problem with malware. Sure, fiat has it too, and it happens often. But with fiat these problems are reversible, with Bitcoin unfortunately they are not.

I am talking about about offshore investments, not capital/tax evasion.



That is a good point, fiat currencies can lose all their value.


I appreciate your passion and I understand that it is a sensitive subject. I'd rather keep the tone neutral and a rational discussion.


The problem I see with escrow is that it must be trusted by both parties. These entities (trusted by many people) will be scarce and thus they can impose high fees. In addition, these trusted entities can always side with the buyer (for example) if they chose to. Is it the same as Paypal? Isn't it centralization? Theoretically you can use whatever payment gateway you can find, but the trusted ones are few (Paypal and few others).


I agree. The current banking system has big flaws.


Crackers attack the fiat system all the time. And they succeed. And you call the bank and have your money back. With Bitcoin you call the Waaaahmbulance (I liked that picture!).



My point is that I'd rather trust an established system with accountability and traceability than an anonymous mining pool without accountability to make them self-control. I think it is immensely more likely that a mining pool starts a 51% attack to take as many Bitcoin as possible and then disappear than my government to start printing money non-stop and the responsibles disappear. Of course it could happend (and happened, unfortunately, as well as in Bitcoin with MtGox, Bitcoinica et al and their hacks). I am just talking about posibilities. Nirvana fallacy if you want. Just because the current banking system is not perfect it doesn't mean that we need to go all-in in an experimental, anonymous currency.


Yes, I see your point. But again, the fact that you can extort with fiat doesn't mean we should use a currency with which extorsion can be easier.


I meant that I don't find these two criticisms valid. Price volatility and deflation have nothing to do with Bitcoin itself. They are just market eventualities and, as you say, it will stabilize over time.

NOTE: There is a tl;dr at the end. But if you plan to participate I beg you to read the full post, since maybe your concerns were already addressed.


I would like to share with you some questions/rants/introspection about this community and Bitcoin in general. Often is hard to look inside and try to challenge what I believe is in some extent echo chambering, collective madness and a little bit of paranoia.

The problem I see with Bitcoin is that, despite the fact Satoshi envisioned a trust-less system, this community strives for mainstream adoption. These two scenarios are simply not compatible. We need to trust someone at some point, or the alternative is to spend great amounts of time and energy to get the expertise of a bank-grade security consultant (in addition to your day job). Maybe some people in this community can reach this level of expertise (although scandals like MtGox or Bitcoinica among others show it is not easy), but what is sure is that the most part of the world are nowhere near. And it is not because they are stupid, but because their role in society is different. They are doctors, chemists, lawyers, mechanical engineers, etc. who may excel at what they do, but they don't know (nor they care) how to set an air-gapped network with two computers communicating through the sound card.

Before you jump to the conclusion "Well, if they actually don't care, they don't deserve this currency" think about your knowledge of how antibiotics and cell division work, the distribution of mechanical/thermal stresses in an aircraft or the differences between the Otto and Diesel cycles in a four-stroke engine. It doesn't mean that you don't care about diseases, cancer, transport or energy, but that your role in society is probably different and you expect the experts on each field to 'dumb down' their findings such that newcomers can more or less understand it.

The problem with Bitcoin is that either you become an expert in the field and you make it all by yourself (and even then you will end up trusting the OS developers) or you will trust someone. And, at that point, why don't simply stick with Visa, who provides chargebacks if I am scammed?


Some proposed solutions involve hardware wallets, but this solves no problem. How can we be sure that the RNG is not backdoored? Should we trust everyone in the distribution chain from development to delivery not to backdoor it, considering the huge rewards that there are in doing so? Or should we expect that everyone becomes a hardware/firmware developer with Master in embedded systems, and do it from scratch?


My point is that a big percentage of people here are invested in Bitcoin (either by buying early or mining) and have a veil in front of their eyes. This phenomenon is normal, it is one of the well understood human cognitive bias called 'Rationalization'. And it can be dangerous since it prevent us to see the big picture. Or, in other words, these people only want Bitcoin to succeeded because it will give them enormous riches. And I find it a wonderful, respectable reason. But we should not let it blind our rational thinking.


The fact that more and more merchants are accepting Bitcoin can be explained by the fact that many people (early miners and adopters) are sitting in huge stashes of Bitcoin with no way to cash them out (at least without sending an identity theft pack to a shady exchange and risking problems with your local bank). That explains why these merchants received huge amounts of transactions when they started accepting Bitcoin. It's just people cashing out. And they will probably stop accepting it once the volume of sales is not enough to balance the risks (with BitPay/Coinbase/etc and the local bank) and the costs of accepting Bitcoin.


I'll try to debunk some commonly accepted points in this community. Feel free to counter my counterarguments:


M) Payment with Bitcoin is easy, just sweep a QR-Code and make the payment.
A) If you do so, you trust that Google(Android) or Apple(iOS) are not evil (modifying the RNG, keylogging you...) or incompetent (allowing a rogue third-party app to do the former). If you lose your phone (or it is stolen) your money is gone. If you are scammed by the seller, it is lost.

M) You can minimize the losses of losing your phone if you keeping a small amount. It would be, in this case, like losing your traditional wallet.
A) I agree, that might work. But at this point I don't see the difference with traditional metal coins and paper bills. And the risks of the previous point.

M) Bitcoin protects you from inflation, currency manipulation, global economic disaster, etc.
A) I agree, too. But this is exactly the 'non sequitur' fallacy. I agree that the governments (or the classes that control them) have way too much control over the currency. But this problem comes from really long ago. And the traditional way to deal with it are offshore investments. Actually, Bitcoin might be just one more investment choice (a particularly, specially risky one), but I don't see how can be anything more.

M) But I cannot make offshore investments with my small wealth!
A) National (or global) instabilities are a problem of the rich. If you have less wealth than a threshold ($100,000 I think?) your deposits are guaranteed. And if the crisis is so big that even that cannot be guaranteed, you'd better learn how to raise your own vegetables and how to clean water. Bitcoin could not help you in this scenario.

M) Bitcoin is so handy to use. Just send instantly money worldwide.
A) So are Paypal/Visa/MasterCard, etc.

M) But they take a fee!
A) So do the Bitcoin miners and Coinbase. Don't expect people to work for free. If you say that Visa's fee is higher... well, that doesn't seem to be a problem for most people, considering the advantages (chargebacks and insurances).

M) My bank does not let me to send money worldwide!
A) Western Union can send money to many places. Of course with a fee.

M) A Bitcoin wallet cannot be frozen
A) Bank accounts are NOT frozen for the most part of people. If you bank freezes your account often, I guess that you are still a niche market.


And now the drawbacks of Bitcoin, which seems to be invisible:

- Your wealth can be gone in a matter of seconds for reasons you might don't event understand (for non-technical but intelligent people). To put an overly complex example. Imagine that with ssltrip someone stole your Gmail credentials and modified an attachment that you then executed in another computer and it slightly changed the RNG of your Linux distribution so the successive keys where not 100% random, giving the attacker a small edge to guess your private key.

- Centralization problem. This issue has been largely discussed and so far the solution is again, trust that the miners won't accumulate 51% of the hashing power, and if they do, they won't be evil.

- Future transaction fees. It is not clear how it will work once the block reward is negligible.

- Conversion to other currencies (in anonymous but somehow not shady exchanges)

- Security. This one is for me a fatal flaw. I am yet to see a satisfactory solution, but unfortunately the current system (not only financial, but the whole society) is based in people's good-faith and reversibility when not.

- Blackmailing, Cryptolocker: here is where my first point point of "[...] and a little bit of paranoia" comes. One might believe by reading this forum that the current financial establishment (from the IMF to your local bank branch) have just one thing in mind: "Screw you". Although economic incentives might turn evil the greatest saint, the most part of the times there are reasons for their decisions. Anonymous transfers incentive thefts and blackmail. Transfers to conflictive countries are likely to be used for illicit purposes (when was the last time you sold something to a Nigerian customer?). Not always, of course, and that is how Bayesian reasoning works. If all you know about a person is that is it interested in making an anonymous payment to Iran (for example), the bank thinks the worst and freezes his account. Then, ideally, they will contact the person and update their 'beliefs' about this client, and with this new information they can choose to unfreeze the account. The system may be perverted at some points, but I don't think it is 'evil' from the roots.



tl;dr
Bitcoin has many drawbacks: Centralization (Damocle's sword), security (even with hardware wallets), shady exchanges, blackmailing. And the advantages are not more than investing in offshore assets and selling them when you need money (so, one could keep wealth in a varied portfolio of offshore assets/shares/commodities/whatever and sell them to fiat in order to make transfers using the traditional banking system (or Western Union, or whatnot).

I didn't mention the two most common red herrings (in my view): price instability and deflation.

I would like to be proven wrong in a peaceful, rational debate. I am sure that newcomers often wonder about these issues, and they cannot find satisfactory answers anywhere.


I have a flashback of Orwell's Animal Farm, where the humans are the bankers. Boxer the horse is the hard-working, idealist people in the "Project Development" subforum. And the pigs are the... guess which Foundation?

Thanks for your answer, gmaxwell.

So, if I understand correctly, what you propose in your "I taint rich" thread is:

- You say publicly that someone make a transaction with this schema (first transmission):

inputs:
 a) His address (spendable previous output with X BTC)
 b) Your address (spendable previous output with 1 BTC)

outputs:
 a) A different address of him (X BTC)
 b) You address (with 1 BTC)

- This transaction is signed and sent back to you (cited: "via PM, anonymous gpg encrypted email, or a post in this thread") (second transmission).

- You sign this transaction and announce it (third transmission)

Or, in other words, in order to agree on the outputs, we need to have a rdv server (either an IRC server, a Forum -as in your thread-, a P2P network, etc.). We cannot avoid playing ping-pong with the transactions (I have nothing against it. In fact I proposed a detailed specification some post above).



How can we agree on something without previous communication? What is the advantage over, for example, sending back and forth the transaction?

That's a neat idea (mixing large transactions) but unfortunately I cannot see how it could be implemented. When signing an input we sign a hash of the outputs, and thus adding new outputs will require to re-sign the transaction (as you already stated).

So, the transaction must go back and fort (in order to resign it each time an output is added) and the miner becomes essentially the rendez-vous server.

Thanks for sharing an implementation of the Coinjoin protocol! I would've loved to find a README file in your project explaining how the mix is carried out. It is really hard to deduce it just by looking at the source. The specification in gmaxwell's post, while very insightful, is too high level to apply formal methods of validation. I am glad you have an implementation, but I think we all will benefit with a low level specification of what coinjoin.py does.

I mean, something like what I've done in this post.

I will answer the two questions:

1) Why is there a change address?
Because more often than not the user has more coins than the standard amount to mix (for example, 1 BTC).

2) Why is the same as the input address?
Because it makes clear that these funds are NOT mixed. Not only slightly mixed (in my previous example, the output with 49 BTC is obvious where it came from). There is no such thing as "little unsure". Funds are completely anonymous*, or they are identifiable. And I chose to make it clear in the protocol.

I would like feedback in the protocol itself. For example, how can a transaction be re-identified, or under which circumstances the program may be stuck. If you still believe that reusing the change address would compromise anonymity, please give a concrete example of how.

If it is OK, developing the program is quite straightforward. All the tools exist already (it can be even a bash script with the sx tools).


*Under certain assumptions, like for example excluding the other party (this is why the process is repeated several times)

I agree that it might not be ideal, but it does not compromise the anonymization. It is not intended to be pretty, but useful, and to decrease the chance of the user making mistakes.

No it is not. Take a look at the flowchart. The way the transaction is constructed does not leak information about which input goes with which output.

For example (fees excluded for clarity)

Inputs:
1) 50 BTC from 1addr1
2) 100 BTC from 1addr2

Outputs:
1) 1 BTC to 1addrX
2) 1 BTC to 1addrY
3) 49 BTC to 1addr1
4) 99 BTC to 1addr2


The change is sent to the same address in order to avoid confuse the user (it was 1addr1 the mixed, or was it 1addrY?).

Anyway, if you *really* want to specify a different one, it is trivial to do that.

I propose a specification of the CoinJoin protocol. It is not yet implemented, but if you find the work-flow sound it would not be hard to make an IRC bot with the sx command line utilities as a proof-of-concept.

The idea is a P2P network where a thread is relaying all transactions. Another thread is in charge of the mixing.

A first, simple implementation would be an IRC bot which sends and listens to encoded transactions. Of course this approach would not be P2P, but a public channel in a hidden IRC server provides several advantages:

   -Easy implementation: IRC servers already exist. Bots enter to the channel #coinjoin (for example) and speak there.
   -Soft trust system:
      - If we trust the IRC server (for large values of 'trust') and only registered nicks are allowed to talk in the channel, a Sybil attack will be difficult.
      - We can chat (privately or publicly) with some users and thus allow them to prove their identity (by signing a given message, telling you a private joke, etc.)

The concept is composed by two parts (threads):

   1) Communications thread: In the case of the IRC server architecture, it has the method "sendTransaction" and "listenToTransaction". The first one "chats" in the channel and the latter listens to transactions and stores them in memory.

   2) The actual mixing part: Its work-flow is showed in the link [1]. It has been designed with yEd (http://www.yworks.com/en/products_yed_download.html) and the file (if you want to edit it) is [2] . The main points are:

      - It handles "change" addresses. If you want to mix 47 BTC, it will be a pain (really!) to make 47 inputs of 1 BTC and mix the separately. This approach allows you to send the 47 BTC as input, recover 1 BTC (for example) mixed and your 46 BTC back (of course, not mixed! In order to avoid confusion, this change address is the same as the input address). Fees are deduced from the change address, and thus you can serialize this method trivially as many times as you want.

      - Random decisions to avoid an attacker that listens how the transaction is constructed to map inputs with outputs. Each time transactions are composed in a different order.

      - If something goes wrong (bad signature, peer not responding, etc.) the output is discarded and the process restarted.


Q: What means checkTransaction?

A:
1) Are inputs confirmed (at least 1 confirmation)? OR, Are all unconfirmed previous transactions valid (for the Bitcoin network) and with enough fee?
AND
2) Signatures match?
AND
3) Is there enough transaction fee?
AND
4) Are all outputs equal AND sum(outputs) < sum(inputs)?


[1] http://i41.tinypic.com/5p3k02.jpg

[2] http://www18.zippyshare.com/v/26446175/file.html

I wouldn't be so sure. Your private key will probably be full of 7's 


(from http://hyperphysics.phy-astr.gsu.edu/hbase/math/dice.html).


I'd rather flip a coin 256 times. Or better, 256 coins once (decreases the effect of a biased coin) 

Maybe in the near future. For the moment I prefer to keep it as simple as possible.

Maybe the term ATM is a bit confusing. With ATM I refer to a machine where you can buy Bitcoins.


I love this example! Or like saying "Hey, why would an Australian care about the information of a server in Europe?"

Thanks for your replies. I find your comments very insightful, but I fear I have accidentally changed the original subject (the usefulness of building an ATM Bitcoin dispenser).

So, I agree with you that there are inconvenients (more or less frequent, depending on the person, I accept that) with traditional banking that Bitcoin aims to address (and I really hope it will). But I am still not sure of the answer to the following question:

- Will people use a Bitcoin ATM, other than tech-savvy people? (if placed properly?)

- What will be the reasons that will lead a 'common' person, not particularly tech-savvy (the so called "average Joe") to change some EUR into BTC, _today_? Maybe publish a list of sites accepting Bitcoin in the ATM? And what would be the different than paying with euros in another site?

- What would be the slogan for those people, and not empthy retoric as "Freedom for the people", or "Forget the banks" etc. Something like "Your money more secure", "Easier to use money", "More powerful money", "More stable money", but true (at this time).

- I think that the deployment of ATMs should be complemented by some physical merchants (affiliates) accepting it in the neighbourhood. In this way people will see the sign "Accepting Bitcoins", and when find the ATM for the first time, they will wonder what's all this about. But, how to convince merchants to use Bitcoin, if they need to pay taxes in euros? Their reaction would be the same as if I proposed to accept Swiss francs (and I think they would probably accept Swiss francs rather than Bitcoins).

Again, I don't see how it solves the main problem (that Bitcoin is a solution begging for a problem*). I copy your post to comment inline each point:


1) If Joe plays poker, it's likely. It's happened to many players twice. NetTeller and FTP (complicated by Ponziness, but related to government for sure)

Well, so you are implying that Bitcoin is like a poker chip? Do we have to market poker players? And maybe casino players too? It is not something I can write in my ATM project: "Play poker with unregulated money", or "Visit X sites without embarrasing charges in your VISA" (though it might be a good marketing)

2. Six billion people live too far from me for me to hand them cash. Mail is not so good. Plus I don't likely have the brand of cash they want.

I don't think average Joe needs to send cash to people in the antipodes. Maybe once in his life, and he won't mind paying some fees. And people who do these transactions often are (again) not the people who would casually buy BTC in an ATM.

3. Millions if not billions of people break laws because laws are terrible around the world.

I completely agree. So I modify my question adding that "people in developed, democratic countries".

4. Obviously 3% doesn't stop much trade, but 3% is worth 3%.

My point is that when Bitcoin has good (developed) escrow services, transactions will also have a cost.

5. Merchants and their consumers are on the same team. If merchants get hit with fraud they either pass it on to the legit consumers or they go out of business.

Surely merchants prefer to pay a fee and "forget" fraud rather than deploying their own anti-fraud measures. And if a third party deploys this anti-fraud measures, merchant will need the pay them, thus charging more to their consumers.

6. Of course they can be stolen.

I agree.


P.S.: Concernign the answer from Foxpup, Bitcoin has some advantages in particular (rare) events. I cannot write in the ATM machine "Use Bitcoin and your bank account will not be frozen for completely arbitrary reasons". I don't know anyone (well, now _you_, but I cannot say I really know you ;-) ) whose bank account has been frozen and, while it's very inconvenient, detractors would argue that with Bitcoin people would say "All  my wealth has been stolen by a malware/antivirus_bug/moths/whathever and I can do *nothing* to recover it".
And why do you think that you can get the same (or better) service that the existing ones for less than a 3% fee?
You talk about __trust__ merchants... Isn't the whole point of Bitcoin not to trust anybody?


* Really, I'm not trolling at all. I am enthusiastic about the Bitcoin project, and I believe that it would be as revolutionary to the economy as the Internet has been to the information (I have carried out some projects involving Bitcoin). My point is that it won't solve everyday, common people in developed countries actual problems (or at least, _prioritary_ problems).
It sure has its market, but it's narrower that we'd like to think (myself included, since all this thoughts came when I was looking for reasons to convince people that Bitcoin would be useful for them, and thus deploying a network of low cost of Bitcoin ATMs).