Ledger Under Fire: Can You Trust the New ‘Ledger Recover’ Service? – 253

A ledger bats back criticism of new Wallet Recovery Service quote you're Saying this is not what customers want They go on to say actually this is what Future customers want said The Ledger CEO Pascal uh gothier if I am saying That correctly gothier crypto wallet Maker Ledger came under Fire this week For its new Ledger recover feature with Some posters on Twitter arguing that the Service Which stores encrypted user seed phrases With third-party custodians undermines Ledger statement or stated commitment to Privacy and security during a Twitter Space session Ledger CEO Pascal defended The offering saying you're saying this Is not what customers want actually this Is what future customers want he said Quote this is the way that the next Hundreds of millions of people will Actually onboard crypto now is he wrong Not necessarily right like we've seen at The Bitcoin conference this week I've Seen a couple videos come out of people Saying that they want some form or Fashion of recovery a third-party Custodian to basically come back at if They have any issues with their Transactions Etc or missing crypto so so The problem Becomes Of course as Somebody that is you know I would say a Fundamentalist when it comes to Cryptocurrency especially to the Bitcoin

I show You how To Make Huge Profits In A Short Time With Cryptos! I show You how To Make Huge Profits In A Short Time With Cryptos! Welcome to the Future of Money

White paper is that when you give up the The responsibility of managing your own Keys you're going to give up that Privacy and security but I'm not Necessarily sure that the Ledger CEO Here is incorrect In fact I think he's Correct in the manner of which he is Stating this in that a majority of People will want this sort of service The problem is is it undermines the Entire purpose of cryptocurrency from The very get-go right because with great Power comes great responsibility What cryptocurrency allows you to do is Self-custody your future the future Generations within your family and so on And it does that by eliminating third Parties and therefore of course Eliminating any corruption that may come Along with it now within Bitcoin there's Been a ton of other issues going on too That I will be talking about more in Depth but I haven't gotten a ton of Research into it yet but there is some Issues coming out with basically Backdoor Mining and fee structuring and All of this sort of thing plus the Slowdown of the network now with the bpc Or the B yeah bpc 20s or however that Works right all of the ordinal stuff We've seen ordinals now come out for Dogecoin we've seen ordinals come out For uh Monero this uh seems to be a Techno technology is going to get

Applied across the board on all layer One blockchains it'll be really Interesting to see how it functions Tangent aside though as far as this is Concerned I think that yes what he is Stating is correct however it is not the Way you want to onboard and educate People right at least in my humble Opinion the incident underscores the Long simmering tension between Blockchain focused companies Looking to attract new users and Ideologically minded segments of the Crypto Community it can be difficult to Square user experience with core ideals And obviously that's where everything Comes into contention if you have a Third party that is managing all of These funds at the end of the day they Will have that access to basically Participate within any subpoenas from The government any sort of government Control any sort of financial control All of that manipulation that Cryptocurrency is you know slated to Replace all the sudden becomes an issue Once again and so I think you have to be More ideologically mined if you actually Believe in cryptocurrency and this is Something I mean even within the the Casper communities even within the Smaller let's say kadena communities Whatever maybe even the Pepe communities All this there's a huge focus on Price

Right but that price is always Converting back to Fiat Once again the thing is is like it's Supposed to be a replacement of an Archaic system that is not being fair Fairly levied across the board for all Participants right and so it if the Focus is to go ahead and increase you Know price of X crypto and that is Considered the the primary focus then You lose focus of everything else that Surrounds it or the original purpose Right the ideological purpose and and And then you have to pull into question If if cryptocurrency really changes Anything at all right Ledger is a Paris-based provider of crypto Hardware Wallets quote cold storage devices that Link a person's crypto to a USB thumb Drive compared to browser-based hot Wallets like metamask which stay Connected to the internet at all times Or exchanges like coinbase and binance Which hold crypto on customers behalfs Hardware wallets are considered the most Secure way to hold crypto Now I've said this before and I'll and I'll say it again you can have a more Secure way to uh custody cryptocurrency You can get offline wallet generators And when you generate those keys you can Go ahead and place them in something That's never touched the internet pull That public address out and custody your

Crypto in that manner that would be the Safest way the hardware wallets Traditionally I've said are kind of The Next Step Up from that a little less Secure but more secure than a lot of These right Here's the other thing though you can Always still do if you wanted something That can connect to the internet but Then you can disconnect it you can do This in a lot of different ways Virtualization with any chosen software Wallet that you that you prefer right For whichever cryptocurrency you want These are options cubes OS which I've Covered before backed by Snowden if you Aren't familiar with cubes OS it Compartmentalizes each individual Application which can make it a little Bit more secure you can also basically Detach any of the network from any of Those attach them as necessary and so on You could use hyper-v to do this or any Other virtualization software or if you Just want as basic as possible you could Literally purchase like a laptop strip The Wi-Fi strip the Bluetooth out of it Use maybe just like a whatever I would Get a laptop that had some sort of Nick Or hardwire connection that you can Connect when you're ready to connect it Connect it go about your business and Then you're not having to worry about These Hardware wallets pushing any sort

Of you know firmware updates that could Potentially compromise your system right When a person sets up a wallet they are Given a random string of words called The seed phrase that serves as a secret Wallet recovery key users are instructed To write down the phrase and hide it Away somewhere safe and this is why at The end of the day like the difference Between generating one offline or even Generating one with a software or Generating one with the hardware wallet It all ends up being the same custody or Custodial issue of like you still need That physical piece to put somewhere Whether that's in a safe Etc because it Would be kind of silly to have like a Single Tresor or a single Ledger and not Have a backup of that somewhere any Anyways so when we're talking about keys And all of that The advantages of Hardware wallets are Basically that you can disconnect and Connect it to your main PC and then you You're basically you're you're a warm Wallet right you're connected when you Want to be connected you're disconnected When you don't want to be connected And that's how you can manage it it's Like a middle a middle step but like I Said there are other ways of managing That but the seed phrase system has some Obvious user experience issues if a Person loses the phrase they have no

Options for recovering their funds and Just as the phrase can be used to Recover the wallet it can be used to Crack a wallet if it falls into the Wrong hands well I mean you they're just Recovering it they're not cracking it Right they have the key it's like if you If you have the RSA key to log into a Linux system via putty or whatever you Know an SSH connection if you have the Key you have the key you're not cracking The key you just have the key on Tuesday Ledger confirmed speculation that I was Introducing an optional 9.99 per month Seed phrase recovery service for owners Of its Nano X wallet the service Ledger Recover offers a way for people to Secure their seed phrases without Worrying about losing a slip of paper Quote when you subscribe to Ledger Recover a pre Vip39 version of your private key is Encrypted duplicated and divided into Three fragments each fragment with each Fragment secured by a separate company Coin cover Ledger and an independent Backup service provider you know just The NSA Laughs Oh that was a joke they didn't say that I don't know who the independent backup Service provider is ledger explains on Its website quote each of these Encrypted fragments is useless on its

Own when you want to get access to your Wallet two of the three parties will Send fragments back to your Ledger Device reassembling them to build your Private key today's sponsor is BT miners BT miners has been a long time sponsor Of the channel and a proven reliable Source for Asic miners if you're looking To purchase Asics Hardware from Bitcoin To Dogecoin miners they are available For purchase on Bt-liners.com BT miners is a trusted Source by both asicminervalue.com and Cryptominer.com follow the affiliate Link in the description and tell them Soat sent you to support the channel Here's the community backlash the Segment of the crypto Twitter responded To news of the feature with outrage Alleging that splitting the encrypted Key to third parties could leave it Vulnerable thus undermining the entire Purpose of a hardware wallet versus Alternative storage options users took Particular issue with the requirement That ledger recover customers Provide a government or provided that They provide a government issued ID to The company should they wish to use the Service so obviously here now what do You get you onboard everybody with kyc Also known or just for those who don't Know kyc stands for know your customer And this can be utilized to track

Cryptocurrency and basically be able to Undermine of course one of the core Principles of cryptocurrency in the very From the very this is why you saw a Backlash against iron fish for their Airdrop in the U.S require hiring kyc This is why you see backlash for kyc Across cryptocurrency in general is Because it removes that privacy feature And it gives more control back into the Government right and that is a third Party that you shouldn't have to Interact with if you were just making a Transactions between two people and that Is the idea right for some in the crypto Community this step violates core crypto Tenants around privacy of course it does Quote sure you could use Ledger's new Recover service and give them your Private Keys controlling your assets as Well as a copy of your ID and other Personal information tweeted Alistar Milne a Bitcoin investor with a large Following on Twitter but why then bother With a hardware wallet in the first Place and To a certain extent this makes sense Right what is the biggest problem with Cryptocurrency exchanges if we talk About cryptocurrency exchanges and know Your customer and all that this there's A there's a part you know the thing is They control your crypto right but this Isn't really too far off of controlling

Your crypto sure they split the seed Phrase into three they send it to three Different companies but you basically Just have three different entities now That control some form or fashion of Your cryptocurrency so then what's the Point right what's the point that at That juncture if you sign up for this Recovery phrase to go ahead and even Utilize that in the first place just Utilize a centralized exchange like Coinbase kyc yourself and move on with Life uh I guess the idea would be what Because If it almost seems as you're adding Additional third parties to this Equation meaning that you are now not Only dependent on one company right but You're dependent on multiple companies Right you are you're you're you're You're depending on three companies to Store Successfully store your data including Your your personal information and a Portion of your recovery and that they Will always have that and nothing will Happen to that data it'll never get Hacked the information will never get Destroyed all of that right at any point If any of that happens then you Basically have three new points of Failure of potentially losing your Cryptocurrency at the end of the day you Know if you don't back it up and you're

Relying on this Recovery Service you now Have three entities to depend on for the Recovery of this service it's it's kind Of weird it doesn't make much sense Some critics use the update as an Opportunity to bash Ledger's security Record in 2020 the company suffered from A data breach that exposed the emails of Nearly 10 000 customers although no Wallets were compromised as a result From the attack the incident left a bad Impression of the firm security Practices with its tech-minded user base And the only reason that and none of These other none of the other Information was taken is because none of That was stored by Ledger but if now They're going to be storing your Personal information you could have a Breach of your if a breach happened Again now at this point your personal Information is stored somewhere there on Their servers and you could be the Victim of identity theft right or much Worse getting doxed and whatever else Quote The Ledger the account that the Company that has experienced multiple Security breaches that expose personal Information of hundreds of thousands of Its customers now I want you to export Your private keys from your Hardware Wallet and give fragments to them coin Cover and an unnamed third party the NSA Once again just joking where any two can

Siphon funds uh tweeted chain link God.eth a community Ambassador for the Crypto infrastructure firm chain link to Facilitate recovery they need you to dox Yourself and give even more of your Personal information allowing anyone With your identity documents from other Data breaches to take your funds this Seems poorly thought out On a Twitter space responding to Concerns around the service Ledger's Leadership defended its security Practices emphasized that the new Recovery service was completely optional And denied allegations as new service Amounted to any sort of a back door now This is where things get a little Interesting because during this argument Ledger support was getting flustered and They actually tweeted this out by the Way caught by luckily coin Bureau here So shout out to coin Bureau says Technically speaking it is and always Has been possible to write firmware that Facilitates key extraction you have Always trusted Ledger not to deploy such Firmware whether you knew it or not so Um they say you know the official Announcement here you know we don't have That ability for a back door there's no Back door in this one but that's because You just need to trust us and don't Worry about it but if we wanted to we Could right the the idea here though

Excuse me at the end of the day Is that uh with any case updating Firmwares can be risky and in addition To that any auto updates of firmwares Could be risky at any point even if you Aren't worried about the actual official Firmware pushes there could be malicious Software on your computer that could Push a firmware update unbeknownst to You that you accept and then you could Be compromised in that way there are a Lot of ways that this could go through So to a certain extent Ledger support Here I think has a very valid claim but At the same time does that mean that you Should use their product because they Have a valid claim here no it just means That yes what they're saying is true What Pascal is saying is true in regards To essentially the future adopters of Cryptocurrency will want a service like This and what Ledger support here is Saying is true it's always been true in I.T that this is a a security Issue right so It's not wrong but obviously it's bad Optics so just keep that in mind they Did go on to say that it's not a back Door at all you stay in control nothing Will happen without your consent on Device that ledger co-founder Nicholas Baca adding that the team plans to open Source its code in the future so that Users can see how Ledger's recovery

Service Safely encrypts user data and operates Securely under the hood now Open sourcing everything is obviously a Good move so I would hope that they Would open source this in general and if I were to use it I would want it to be Open sourced and reviewed by people that I trust before I utilize the service Right Just in general quote people have had a Lot of fear which is perhaps unjustified Said Ian Rogers I disagree I think it's Justified Ledger's Chief experience officer said Rogers emphasized that ledger was making Its Recovery Service fully optional and Was transparent about Partnerships with Third-party custodians go as I can see Where you have a choice as you should Know who it is that you're trusting and That is the you know at the end of the Day I would just urge you to understand That as far as the principles of crypto Are concerned that your choice should be To take responsibility into your own Hands for custody of your cryptocurrency And to not utilize services like this Right I mean easy peasy we can say that And we can educate people as far as That's concerned But it does bring up other concerns Surrounding even utilizing any Ledger Device in general previously I'd say

Okay well utilize a ledger device as You're you know Warm wallet you can have funds in there That you plan to sort of trade in the Future but you want a custody it in a Safe manner but with ease of access so You can get it out for any sort of Trading that you want to do That sort of thing but as it sits now Excuse me I gotta get some water as it Sits now I don't think that Um I would trust utilizing any sort of Ledger device in general and maybe for The warm wallet features you do just go To that little bit more of a difficult Uh path but a safer one where you just Have a separate you know laptop that You're going to utilize for those Specific purposes right that you connect And disconnect as you see fit Gautier reiterated that its recovery Feature was a necessary step for Attracting new crypto users I'm sorry But a piece of paper is a thing of the Past and Ledger recover is a thing of The future he said there is no Compromise to security obviously I do Not think that is true there's clearly a Compromise to both security as well as Privacy in this particular s in this Particular form right if you utilize Recover you have now like I mentioned Three different security risks

Essentially you've added three points of Failure and you've given a company with A poor track record of security of Securing their data centers Um Your private information right that Can't you're fully doxxed that can be Utilized to steal your identity so there Are definitely compromises as an Individual utilizing The Ledger recover Service there are compromises to your Security and your privacy Regardless that's undeniable at this Point so I completely disagree with that Statement As far as that's concerned so he also Responded to critics of Ledger's track Record he said I've seen a lot of people On Twitter saying I'm sure this will be Hacked in the next 12 months and he said Okay let's see he added the company has Six million devices on the market and it Hasn't been hacked hasn't been Compromised and has no back doors Installed but we're talking about Individual devices we're not talking About the data that you're storing in Your data center to recover these Devices right there's a difference Because right now the product is they Have a hardware wallet And the user's connect ad it's much Difficult much more difficult to Compromise that than it is to compromise

You know a database that's sitting Within a ledger data center right or at This point probably some cloud service Provider like Azure or AWS So it it is different If Ledger gets ha ever gets hacked any Sort of credibility or reputation in the Company will be at stake he said so of Course we're not going to take the or Make those kinds of mistakes I think the Problem is Sir is those mistakes have Been made in the past and when we're Talking about kyc it's very clear that You're going to be storing that data More sensitive data than has previously Been stored right thanks for checking Out this clip from the crypto mining Show you can check out the full episode Here or more crypto content down here Also I'd like you to check out my locals Page at son of a tech.locals.com where You can become a member for free or Choose to be a five dollar a month Supporter that unlocks additional Content

You May Also Like