Escrow is a great one:
Alice wants to buy a burger (shipped by priority mail
) from Bob, but they don't trust each other, and neither one wants to send first. They both trust Eugene, though. Alice creates a 1-of-2 transaction which can pay to Bob once signed by either Alice or Eugene. The three scenarios:
1. Alice creates the transaction; Bob sends burger. Alice signs the transaction and Bob gets his money.
2. Alice creates the transaction; Bob doesn't send the burger. Eugene sees that Bob is a scammer and doesn't sign the transaction; no money changes hands.
3. Alice creates the transaction; Bob sends the burger. Alice refuses to pay. Once Eugene is satisfied with Bob's proof that he sent the burger, Eugene signs the transaction. Bob gets paid.
It's possible to do this with a 2-of-2 transaction between buyer and seller. Then both parties have to find an agreeable resolution before anyone gets the money. Thus, neither party has any incentive to try scamming the other. However, there's a risk that the coins are locked forever if there is no resolution, so I had
started a thread to discuss how it might be done without a third-party. It's complicated, but it works if you include "risk deposits." I think most of the complexity can be hidden under-the-hood, though.
In most cases, you should just use a third-party. It's very cheap for third-parties to operate because they never really "handle" the money themselves. But one of the beauties of Bitcoin is that you can have the bitcoin network itself act as your "trusted third-party" in cases where privacy is critical, or the two parties can't agree on a trustworthy third-party.