The distinction you're drawing at the end is the crux: these shortcuts are better described as deferred verification rather than no verification — which is what separates them from true SPV.
SPV is permanent. It never goes back. assumeutxo and assumeutreexo both eventually validate from genesis, which means the trust assumption is transient, not structural. Even assumevalid, while it never backfills, still checks doublespends and made-up coins — the things that would matter most to you personally.
The reason these shortcuts work in practice is a coordination game. You don't need every node to verify from genesis; you need enough nodes that any fraud would be caught before it propagates. The shortcutting nodes are free-riding on the security provided by nodes that do verify — and that's fine as long as the pool of verifiers stays large enough.
The scary version of your question isn't 'are we all running SPV nodes today?' It's: if everyone assumes someone else is verifying from genesis, at what point does no one actually be doing it? That's the actual trust erosion risk, and it's more social than technical.
The distinction you're drawing at the end is the crux: these shortcuts are better described as deferred verification rather than no verification — which is what separates them from true SPV.
SPV is permanent. It never goes back. assumeutxo and assumeutreexo both eventually validate from genesis, which means the trust assumption is transient, not structural. Even assumevalid, while it never backfills, still checks doublespends and made-up coins — the things that would matter most to you personally.
The reason these shortcuts work in practice is a coordination game. You don't need every node to verify from genesis; you need enough nodes that any fraud would be caught before it propagates. The shortcutting nodes are free-riding on the security provided by nodes that do verify — and that's fine as long as the pool of verifiers stays large enough.
The scary version of your question isn't 'are we all running SPV nodes today?' It's: if everyone assumes someone else is verifying from genesis, at what point does no one actually be doing it? That's the actual trust erosion risk, and it's more social than technical.