I'll give it a try, but I'm by no means an expert in cryptography.

Proof-of-work works (very broadly) by computers solving harder and harder math problems to create value. Eventually, these get so hard that solving one requires either joining a pool or a huge investment in electricity and mining rigs - which is where we're at now. This isn't good for the environment.

Proof-of-stake works by individuals "staking" some of their own coins to be more likely to be randomly chosen to "validate" a transaction (which earns them a reward, similar to hashing). Validating a transaction is trivial and uses very little electricity, but the rest of the network also checking the transaction keeps the validator honest.

While proof-of-work and proof-of-stake are both a kind of "the rich get richer" game, to get more coins in proof-of-stake all that's required is a greater investment into the network, as opposed to the mining rigs and large amounts of electricity that are required by proof-of-work.

I found this video to be helpful in visualizing the networking parts of proof-of-stake.

https://www.youtube.com/watch?v=M3EFi_POhps

Thank you, this was really helpful

Kind of funny the goal of crypto was a total new, decentralized, democratic system, and what we end up (to solve the scale issue), is yet another class system where you can vote only in proportion to your wealth.

https://en.wikipedia.org/wiki/Property_qualification

This is a massive and common misunderstanding. Publishing a block is NOT voting on its validity. Every node, regardless of stake accrued 'votes' (the correct word is 'chooses') independently of the validity of blocks just like in Bitcoin.

Blockchains that allow protocol changes via votes are an option, and how you quantify votes is a parameter, but PoS is not tied to being a government token, and 'votes' on forks (its really not a vote as both protocols exist after a fork) are made by large and small holders alike. It has nothing to do with amount of currency owned.

Mining isn't exactly a fair shake either... at least in PoS more network participants are even able to "vote".

Staking better aligns incentives when compared to mining and most other alternatives.

Yes, with POS aren't we just back to a (now programatically enforced!) cabal of bankers that control the money system?

Nope, it's still distributed consensus rather than centralized. If one banker stops being nice, he'll loose all his funds. The current system either ignores people not-being-nice or ejects them, but they'll never lose what they made.

Compared to PoS where the biggest incentive is to be nice.

The fear is that there will be a powerful in-group that has majority control, not just a single bad actor.

Correct me if I’m wrong, but isn’t that a problem shared with PoW?

I would argue that POW tends towards specialization of the hardware, congregating power in few hands, so yes. Yes it is.

This, I find, to be the biggest flaw with crypto in general.

In short, "validators" (which replace miners) put up some crypto, and in return get to validate transactions.

If a validator approves a fraudulent transaction (as determined by other validators), they lose their stake.

Assuming a simple PoS system of more stake=more blocks validated achieving a 51% attack is as capital intensive as it would be on a PoW system of the same size. So as far as the most basic notion of security is concerned there's no difference.

Still asking out of desire to learn: How has it been shown to be flawed? With what kind of experiments? Which are the flaws? How to they manifest them self (e.g. how could you exploit them with PoS but not with PoW)?

One problem: You fire up your blockchain software and it reaches out over the internet to find other servers and ask them if they have a copy of the blockchain.

But how does in know which copy is the real one and not one cooked up by someone like me showing I own half the coins?

With proof of work you can choose the one with the most work in it and that's hard to fake as the real bitcoin blockchain has billions of dollars worth of computer work in.

With proof of stake it's hard. If there is no real cost, fakers can make thousands or millions of fake chains and how do you know which is the 'real' one?

There are potential solutions but it's tricky. Like if you have www.stake-coin.com point to the real one, what if someone manages to take over the domain?

You bootstrap the pos chain onto the pow one, so you have your trivially checkable first part. After that it.s not exactly trivial to fake the whole chain without holding validators private keys (remember, they had stake in pow chain).

Im kinda at a loss about what other vectors of attack possible, hard to find any digestible info, and pos protocol designs are really complex.

What if you just accept the one that's coming from the node with the most stake on it? Or a consensus across multiple nodes with high stake on them?

I am not searching down all the whitepapers for you, if you truly want to learn then you will need to dig into the myriad mathematician's white papers against Proof of Stake.

Here is one link, and you can find several more.

https://download.wpsoftware.net/bitcoin/pos.pdf

Now, that is a PDF, and I do not recommend blindly opening PDFs. This is by Andrew Poelstra, who is a mathematician at Blockstream.