Topic: Fuck you ledger - page 4. (Read 1022 times)

There are two possibilities here, both rely on trust. You can either have trust that the old firmware still makes physical button presses mandatory to the process, and that the option to bypass button presses doesn't exist in the old firmware versions. Or you can trust Ledger that their new code changes will never allow for the possibility to bypass button presses. The third option I didn't mention is completely abandoning Ledger HWs. 

Ledger has reveled something we initially thought was impossible because that's what we were told. And that's the way secure element chips function. In earlier years it was said that no sensitive data can even leave the chips. We know now that it isn't true. It can if the software tells it to. 

This is it right here. And the communication from Ledger so far has been particularly gaslighty where as they're trying to (and successfully have done so if you read the Reddit threads) make people equate the level of trust needed to feel safe with Ledger Recover with trusting any other hardware wallet to simply generate and store your seed. It's gaslighting and obfuscation. Trying to make people seem paranoid for questioning this since "every wallet needs trust bro what's the big deal?!"


A hardware wallet doesn't (shouldn't) need to connect to any manufacturer servers in order to work. You can use a Ledger with Electrum as well just as easily. You need to use Ledgers software in order to get coin-specific apps onto the device as well as firmware updates but once that's done there no need to ever touch their software again until it's time to update firmware.

The problem(s) here is that:

1. Their firmware is closed source so nobody has any way of knowing what the firmware is doing.

2. They've introduced a recovery service which places on your device code that makes it possible to extract your seed, shard it and have it sent through your computer to other custodial servers. This is being sold as a feature but is fraught with danger and is an absolutely horrid idea for dozens of reasons that have already been covered.

3. For all we know the actual code that enables this ability could've been rolled into previous firmware versions either as a placeholder or as a test. So it may technically already be there and there's literally no way of knowing because it's closed source. Saying "I just won't update then" isn't enough to be sure.

4. The idea that firmware can allow the secure element to reveal the seed really is a non-issue and is being used to obfuscate the issue by Ledger when they say "any hardware wallet can technically spit the seed out if firmware tells it to" - yes but they're not sending your keys through your PC which may or may not be malware infected, outward across the internet to 3rd parties which you now have to trust. However this did highlight the deep misunderstanding many people had about how hardware wallets actually work - this was due in part to most people being uneducated on the technicalities and also Ledger's fault for constantly using the wording that your seed could never leave the device. Now it's "oh well of course they can you should've known that but only if our firmware allows it which now it does"

5. Another point that has been stated to death but needs to be repeated is that the idea of "if you don't opt in what's the problem?!" is misleading because there is nothing permanent in the hardware that stops the need for a button press to allow key extraction from being removed in a firmware update. So technically - Ledger could force you into this through a firmware update and extract your keys without you doing a single thing. The ability is there. Even if today you had to press buttons to allow the recovery service there's nothing that prevents them from removing that requirement in the future. Or perhaps it's already removed and the button press is just theatre to make you think it's necessary. You can't know because they're closed source. "Trust me bro!".

Nah you are right. Its a hardware wallet which integrates with their software Ledger Live. All firmware updates are handled over Ledger Live. And since its closed-source no one knew that there is or was a "backdoor" to extract the mnemonic phrase of your device.
Yesterday they launched their service called Ledger Recovery which caused the drama. The thread about it was already mentioned here but I recommend reading it: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

Sorry, but I'm quite confused as I never owned a Ledger. Isn't it a hardware wallet? Doesn't that mean it cannot connect to any network except the computer that you'll plug it into? Doesn't that mean that the only manner to expose your private keys is by establishing a connection with their servers once you plug it into your PC and by sending your private keys to their server?

Does it require downloading closed-source Ledger software as well for it to work? Sounds pretty fucked up situation.

Perhaps there are things in the firmware they don't want anyone to know.  They've been talking about making their code open source, but they're also lying about what "open source" actually means.  In other words, they want to use the phrase Open Source while keeping some of their code closed...  which just raises more questions about what they're hiding.

Ledger is dirty.

Why don't they just open-source their firmware, at least with a restrictive license if they are not comfortable with unlimited freedoms of MIT or GPL or similar. That is the quickest way to dispel any fears that there is a backdoor in Ledger source code. But of course, they won't do that, so it's best to avoid any kind of wallet - hardware or software - where its operation cannot be independently verified.

Compare Ledger - closed source, connects to an internet enabled device, has the ability to send your seed phrase across the internet - to something like a Passport - open source, completely airgapped, communicates with QR codes - and the difference is stark. The difference in the amount of trust required, and the amount of independent verification which is possible, is astronomical.

It's like saying "all software wallets require trust" when comparing something like airgapped open source Sparrow wallet, to hot closed source Trust wallet. There is simply no comparison, and anyone claiming they are in any way similar is either naive or malicious.

The key is common to all Ledger devices, and therefore the encryption is utterly useless: https://bitcointalksearch.org/topic/m.62453002

The key issue here is that even if at this point you do need a physical button press to confirm/deny a Tx or seed sharding, there's is nothing inherent in the architecture of Ledgers hardware that restricts the device to operating this way forever. The required button presses are a firmware update away from not being needed at all. Which means that change could be made with or without your knowledge. "We promise we won't" Back to trust me bro.

Ledger keeps repeating that "all hardware wallets require trust" and people get lost in this because while on one hand it's true to some degree, not every wallet requires as much trust as one that's closed source which also has the ability via firmware to split and send seeds through your USB/Bluetooth connection, through your PC and then stored elsewhere.

"Oh but the shards are encrypted!" This only sounds good until you realize that Ledger themselves say that any device can restore the shards. So the encryption keys are either specific to ledger Hardware (meaning anybody with a Ledger has them) or they're stored at Ledger headquarters (meaning they have them and you have to hope they aren't leaked the way all those addresses and emails were). Any way you slice this it's frightening.

YES.

Anybody who says you have to use the buttons to confirm actions is assuming that to be true.  Since Ledger's code is closed, no one but Ledger knows for sure what their code actually does.  Even Ledger admitted they can't prove their code doesn't have any backdoors.  They lied, saying "...because you can't disprove a negative," but that's nonsense.  Ledger can't prove their code doesn't have backdoors because Ledger's code isn't open.

Anyone who tells you Ledger's code is safe is making assumptions about their code, and that's very dangerous.

First off, one aspect of this entire thing that seems to barely ever be discussed which bothers me far more than the concept of a recover feature is the fact that Ledger seems to be quite comfortable attending WEF retreats and rubbing elbows with the same people who want us to own nothing and be happy. I don't feel safe leaving my keys in the hands of a "trust me bro" CEO who attends WEF conferences and refuses to fully open source firmware that's possible of extracting keys from their devices via USB cable through a PC and over the internet.

Secondly, they keep beating the drum about how these shards are encrypted, but if anybody can restore their keys on a brand new ledger than clearly the encryption keys to these shards reside somewhere within Ledger. Where? Who has them? If any device can restore with 2/3 shards then that means it only takes collusion from 2 of these companies that store the shards to have access to every single key out there.

Thirdly, the idea of "just don't use it" may not be that simple as I recall seeing somewhere (I think within the other large thread on this topic) that the claim that you always have to physically press the buttons on a ledger to initiate an operation like sharding and sending your keys via recovery service is actually false, as the device can be updated via firmware to drop this necessity with ease. Somebody (sorry I can't remember who or where) posted evidence that proves the physical button press is not technically required for such an action to be engaged. If anybody knows the technicalities of this or can prove it true or false please reply with such info.

Edit I think it was this post I'm referencing.


So really the fact that its technically possible for Ledger to do this - that isn't the real issue (although their communication and prior marketing was abysmal) - any HW wallet can technically access the priv key if firmware demands it. The real issue is that there are a million things that haven't been answered on a technical level in the excruciating detail necessary for anyone to be able to feel good about this.

Yeah, this doesn't sound right. Could you tell us a bit more about how you created your offline wallet, and what you did with the OS before you generated your keys on it? To make sure you are doing it properly, how are you signing those transactions?

Is this a serious question? Do you expect a company that relies on the sale of hardware wallets to tell you not to use hardware wallets because you can get the job done with airgapped cold wallets? Even the marketing geniuses at Ledger wouldn't do that.

They also claim that keys can't leave the SE enclosure without your permission, meaning physical confirmation on your hardware wallet with the button presses. I have no idea if that is true or not, and even if it is, there is no publicly verifiable code for them to back up their words. And finally, even if there is, I wouldn't know how to read it and can only hope that those who know take the time to study it properly. Basically, it's a carrousel of fuckery. 

Ledger Live is open-source and the crypto applications you install on your wallet are open-source. Some of them are created by third-party developers, some by Ledger in-house. The firmware and hardware isn't open source. You have no way of knowing what the software on your hardware wallet does.

Using that same analogy, it would then be even easier to extract keys that aren't protected by a secure element chip. One example is Trezor's unfixable seed extraction vulnerability.

They exposed themselves. All everyone had to do was listen.

This is easily explained - their marketing department doesn't know what the engineering (development) department  does. The marketing department wanted to present this information as an innovation and as a cool feature for users, but it turned out that this contradicts the very concept of device security and previous public statements by past employees of the marketing department. In general, this “paradox” is a demonstration that ledger simply screwed up.

Any company sets itself up for failure the moment it thinks it knows what its customers want. Completely forgetting to ask them about it.


There is nothing more valuable than the trust of your clients and customers. It is necessary to satisfy their needs, and not pursue their hidden mercantile interests.

For some average user who can hardly understand the risks of such a feature, perhaps such a feature is even positive in the sense that they will feel safer if they lose their device or backup. There should be no doubt that it will be a salvation for some users, but the whole thing should not have been done in such a way as to cast doubt on the company's reputation (or what is left of it).

If they already wanted to do that, they could offer a firmware that would enable such an option and one that would not have such an option, or even better, a completely new device. What they managed to do is that I now feel safer having my private keys in Electrum than in their HW.

Ledger uses Secure Element chip. This is the chip that is used in passports and credit cards. Ledger uses Secure Chip to generate and store your private keys. In past, Ledger has said that your private keys never leave the Secure Element chip, that means, it's almost impossible to extract private keys from your wallet. Then they appeared with Ledger Recover news and this is the moment when everyone understood that ledger has been lying about its claims that keys never leave secure chip.
If you read Ledger Recover FAQ, you'll find paradox:
Claim 1 - No access to your private key was made to enable Ledger Recover to work.
Claim 2 - Ledger's Operating System allows access to the private key stored within the Secure Element, but only after you manually approve and confirm it.

My logical question is, how is that? Answer is, Ledger is a liar.

Actually, Ledger thinks that they didn't make a mistake by implementing Ledger Recover. They think that positive side of Ledger Recover will outweigh the negative sides and it's only a matter of time to see the success of this implementation.

/sign.


There was a big drama because of that a few months ago. That is the big disadvantage of closed-source projects like Ledger. 

They always said that there was no way to get the keys. So users could not do more than believe all that. Then in May they introduced a new feature: Ledger Recover.
The feature allows you to share the seed phrase with a cloud provider by storing a backup there. This is all optional but raises many questions, so sensitive data like the mnemonic phrase can be extracted from the ledger - so you have been lied to by Ledger for years.

Absolute no-go and another reason why you should never trust Ledger anymore. They make one fatal mistake after another, proving that nothing beats open source!

Nobody should be using Ledger to begin with.

- Closed-source.
- Their email database was leaked in the past, and phishing emails were sent across the globe.
- They support centralized shitcoins.

Recipe for disaster. Now I'm reading they can access private keys? Is that confirmed? Hopefully not. Otherwise, it is officially the worst piece of Bitcoin hardware you can get.

Ledger is not open source and it wasn't possible to know it was a lie that your seed phrase cannot leave the secure element, that was until they launched the Ledger recovery service, then their lies were exposed as well as many other flaws in the Ledger hardware wallet. Self custodial doesn't automatically mean safe, you have to also make sure the wallet is open source and the code has been widely reviewed, Ledger isn't a recommended hardware wallet and if you have their device, you should switch to other good alternatives.

I think instead of giving a fuck, you should say thank you Ledger LOL. If they were not offering this revolutionary key recovery feature then you would not want to find an alternative and try to learn all these new skills.

Ah, thank you!  You all know I just drive the bitcoin automobile without knowing how most things work under the hood, so I can't say I'd know how to do what you described--but it doesn't sound like something I couldn't easily learn, and I appreciate that explanation. 

Yeah....take a look at the links Findingnemo provided.  This was pretty big news, and I know it caused me to not trust Ledger anymore and left me questioning whether it's worth it to use any HW wallet.  Part of that could be my ignorance of what's under the hood of these devices, but I do believe I read a post by a member whose knowledge I respect saying that in theory private keys could be extracted from any device with a secure element.  It's just not worth it for me (even though I don't exactly have a large amount of crypto to lose).  In any case, most of my bubbling bile was caused by Ledger's treachery.  They are truly scumbags and are likely in bed with multiple government agencies--you could almost call it a governmental gangbang, but I'm just speculating.

I assume this is simply a translation error. Your transaction should not be "partially signed" online. Indeed, transactions can only be partially signed if you are using a multi-sig set up. With a standard single-sig cold wallet, the only thing that happens on your online machine is you create an unsigned transaction. That unsigned transaction is moved to your cold device to be signed, and then moved back again to be broadcast.

If you simply install Electrum on an internet connected device and use it as a hot wallet, then yes, it will not be as secure as a (good) hardware wallet. But you can also use Electrum as a cold wallet. What this means is that Electrum is installed on a computer which is permanently disconnected (airgapped) from the internet, meaning the device can never download malware and never be attacked via the internet since it is never connected to the internet. This airgapped computer stores your private keys, and your private keys never leave this airgapped computer so are never at risk of being exposed to the internet. You create unsigned transactions on your usual internet connected computer, move the unsigned transaction via a USB drive or QR code to your airgapped computer to be signed with your private keys, and then move the signed transaction back to your usual computer to be broadcast to the network.