This thread is a bit off the rails, but I do want to make a couple of comments on the original link (mostly for my own understanding).
First, censorship attacks on ETH are hard in general (link), so it is non-trivial for a set of validators to decide to censor a transaction even if they are completely colluding without opening themselves up to large vulnerabilities. Given that, in practice, any censorship attack involves changing the software of the colluding validators, and that this is complex software handling large $ sums of coins, there is a large lower bound to the real cost of any attempted attack - how can validators who decide to join the collusion be assured that the new software to support censorship is not backdoored? Regardless of the theoretical costs, this makes the practical cost significantly larger for carrying out any significant real attack.
More importantly, this pushes two general equilibrium - either no censorship, or 100% censorship (empty blocks) as anything in-between is vulnerable. However, an empty blocks attack is the easiest to coordinate community support for minority soft fork expulsion of the attackers. (MSF, or perhaps UAMSF, I’ll get the hats )
Secondly, this statement:
In this section of Vitalik’s paper, he attempts to explain why if >50% of stake decides to censor our txs in the blocks we build, that the remaining minority of stakers is consistently able to do a history re-write attack to undo the censorship attack.
which leads to contradiction. However, this is contraction is not applicable, as a minority soft fork is NOT a history re-write but a reverse censorship attack. For example, assume a majority validator set is censoring X. The MSF make a chain that includes X (which the attacker cannot build on, since they are censoring) and refuse to build on any chain that does not include X (the attacker’s chain).
Assuming neither side gives up, this causes a permanent chain split. After inactivity leakage runs its course, the chain that includes X will have no attacker deposits, and the chain that does not include X will have no MSF deposits. It is then up to the social layer to decide that the MSF is the ‘real’ ETH and the attacker chain is false, and decide to use the MSF chain.
At no point is any history rewritten or finality reverted, two parallel valid histories exist. This is obviously not ideal, but it is probably the best that can be done given the situation.