Topic: Is there any workaround for using a Ledger on an airgapped PC? (Read 400 times)

EDIT: Just realized that I'm both going off-topic with my last posts & my previous idea to anonymize my coins makes no sense as my identity could probably still be linked back to me as soon as I move the funds again.

Will lock the topic & look further for ways to anonymize & unlink my personal information from the coins I'm holding. Thanks for the replies again!

---

   
I'm trying to unlink the personal data such as IPs from the coins and addresses I currently have. I'm honestly unsure how else to do it. I guess using Tor would make no sense if I'm using the same old addresses just like it makes no sense to use Tor with personal accounts, right?

I'd rather move to another seed to make sure I don't make some stupid little mistake (like forgetting about coin control and using one of my older addresses) that'd make my effort a waste.

Tl;dr: My first idea of having an anonymous medium to use Ledger on has now been achieved through Parrot OS + Anonsurf - but how do I anonymize my existing coins and unlink my existing data such as personal IPs, addreses etc from my Ledger wallets?

Can I ask what benefit you believe you are gaining from this?

Are you simply attempting to mitigate the risk of linking the coins together by using them in the same transaction(s) because Ledger Live doesn't provide proper coin control?

Thanks to everyone for the replies. Today I have finally tried achieving the offline workaround and it turns out you were all right - it's an unnecessary headache.

Fortunately, I found a workaround that does not work offline, but it does work anonymously through system-wide Tor on a pretty highly secure OS (at least that's what I believe). I'll leave my final results here:

1. First try: Ledger on Tails

• I have tried it but for some reason, I just don't feel safe when I install additional software on Tails. It gives a very strong feeling of unsafety when you push for something Tails isn't supposed to do. As soon as I started realizing I have to basically create a risk inside the system, I have stopped trying. Moreover, in order to get additional software, you need persistent storage. As everything is online and I want to leave no trace, I've moved to the next option:

2. Second try: Ledger on Qubes

• This one was a huge headache. I wanted to install it on an USB so that I could use it with different computers (all my hard disks are encrypted with strong passwords). I did achieve to install it on an USB, but it only worked on one PC out of 3. That was a big downside so I tried to install it on the same USB but from another PC - the other 2 did not recognize it. Otherwise, it would've potentially been the best (but not the easiest-to-use) option. Hence, I've moved on to the third and final option:

3. Final try: Ledger on Parrot OS Live
Not sure if it's the most secure one, but it certainly is my favorite. Here's how I've done it, beginner friendly (I'll leave links for easy access to tutorials and downloads):

• First of all, I have 2 USB sticks. One will be used as a bootable Live Parrot OS USB (you can find the ISO here and after you verify it, you can either flash it as they recommend using Balena Etcher or you can do it using the dd command; I have tried both and they worked flawlessly) and the other will be used only for the storage of the Ledger Live ".AppImage" file. The USB holding the ".deb" file has a physical lock switch I always have it on.
• As soon as the Parrot OS ISO is flashed onto the first USB and the second USB has the AppImage file on it, I turned off my PC, unplugged my Ethernet cable, ejected the second USB and booted my PC into the newly flashed OS (you have to use the Boot Menu key upon booting the PC to boot into the USB-flashed OS instead of your hard disk). As soon as a list of options appears on the screen, I chose "Live Mode" and let it boot properly. Live Mode lets you make changes, download files, install updates etc but as soon as you shut down or restart your PC, any change is gone and your OS returns to its initial, fresh stage.
• Once the system booted, I popped up the Terminal and entered the following command: sudo anonsurf start. You can also start Anonsurf from the menu in the upper-left corner of the screen. This option will enable system-wide Tor for anonymity.
• Now you can plug in the second USB and launch the AppImage file. Ledger will start. As soon as it starts, you can plug in the Ethernet cable or connect to your local Wi-Fi and use the Ledger app as intended.

Now before someone argues it makes no sense to use Tor if I've used my Ledger before on my personal computer, for now the best solution I can think of is creating a fresh new seed for my new setup, moving all my funds through decentralized apps and then probably using 5-10 different accounts for each crypto on my Ledger & sending random amounts to them (say I have 1 BTC => I'll split it into 0.3, 0.22, 0.20, 0.1 and 0.18BTC on 5 different accounts).

If someone has a simpler idea, I'd highly appreciate it. If you think I've made a mistake in the process, let me know

Someone gaining physical access to your HW wallet will not necessarily mean it is exploited. An attacker will need to have specialized (but cheap) equipment and technical skills to exploit a HW wallet they have physical access to. Upgrading firmware with security patches will result in a subset of methods to exploit a HW wallet to be ineffective.

HW wallets advertise themselves as being something that will not leak information via an internet-connected computer, even if the computer is compromised. To my knowledge, no one has been able to exploit a weakness in HW wallet hardware/firmware to trick the HW wallet into signing an unauthorized transaction, nor leaking private keys via a malware-infected computer.

If you ask my opinion if you are using a HW wallet to sign transactions on an offline computer, you are not getting any increased security benefits, but you are adding complexity to your procedures. This assumes you are not considering the risk of a physical attack.

Just like what HCP said, it's a problem that doesn't exist. I don't think having an air-gapped would help your Ledger in any way. Like, imagine creating your 24-word recovery phrase in your Ledger which is not connected to the internet and never has been input in a keyboard. You are pretty safe and that is the purpose of the hardware wallet right?

My experience with air-gapped PC's is using Electrum for BTC, using MEW to generate it offline and away from any connections. It's quite too much for a task just to transact that's why I prefer using Ledger now for transactions, etc.

Update us here if you manage to write your review with Airgapped + Ledger. Will be watching this thread from now on.

And here I was thinking jerry0 was the most paranoid person on the hardware wallet board! 

This is completely overkill from a "security" perspective, and likely to just create enormous headaches for yourself. However, I can understand why you might want to do this from a "privacy" perspective so that when transmitting the transactions, they're not traceable back to you/your IP etc.

However, if you were to simply use the Ledger device normally via TOR, that would pretty much achieve the same thing.


Personally, I think you're looking for solutions to problems that don't really exist.

Yes, critical thinking has been my way for a few months now, but I have never taken all the right steps to avoid any scenario such as intel possibly working with some of the companies. If we have authorities asking all exchanges and services (we now apparently have this obligation in Romania too) to send out to the gov information about customers and their trades/moves, I highly doubt there aren't more operations done in the background to identify us.

Anyway, I'm working right now on what I was trying to achieve in the OP. Will return when I get some results out of it.

---

That's good news I didn't know 'till now.

According to ledger, no:

It is clear to me in which direction you are thinking, and I think you are quite justifiably critical regarding privacy. From the moment you buy your hardware wallet, Ledger owns your information, such as your physical address, crypto address (in case you pay in BTC) or your bank card info. What I was interested in was whether each device sold had some unique identification code, by which each device could be identified via the Internet. In other words, can Ledger identify each user through its servers and using the unique tag of each hardware wallet?

Of course, this is just my reflection on the possible threat to privacy, not only by Ledger as company, but anyone who could get such information. If that were hypothetically possible, then such a database would be worth a great deal, for any country wishing to discover which of its citizens have a hardware wallet and what exactly they have on it. All of course for the purpose of paying taxes, preventing money laundering and terrorist financing.

Thanks for the reply. I do get it - once someone has physical access to your HW, consider it exploited. The fact that I have to go online to upgrade my Ledger makes, however, the idea of using it on an airgapped PC nonsense. I either use it fully offline or I don't. I'm not very afraid of it being possibly stolen. If someone gets to physically get my Ledger in their hands, there is much more stuff I have to worry about.

---

I'm not necessarily afraid of a physical or online attack. Here's part of my concern, more in-detail:

• As far as I know, Ledger is not fully open-source. Ledger Live isn't either, if my knowledge is right. If so, then how do I know that, while I am using my HW to verify my wallet balances or transfer funds, Ledger does not send any information to any third party such as intelligence agencies?

I have read countless posts and Reddit threads about this concern and the only thing I have to do, apparently, is trust. Well, we know how this 'trust' thingy went throughout all our history.

In consequence, I thought of doing this: setting up a completely airgapped PC and using my Ledger ONLY with it, so that the only information that ever leaves my PC or Ledger is fully controlled by me. In other words, why trust Ledger Live to check onto your wallet balances and addresses online when you can take complete control of it all and broadcast only the txs and addresses you want to be published somewhere online?

---

Privacy is one thing I have never studied or focused on, yet it's one of the sides we've apparently had invaded the most in the past few years. If we take a look at how much of our data is collected, stolen and sold all over the place, we'd probably get to the final conclusion that privacy isn't really there anymore.

I am willing to go fully paranoid. It's something I'm willing to do as part of a little "initiative" of mine to stop this personal info from leaking everywhere around me. Look at Microsoft with their Alexa & Windows, look at Zuckerberg with his Facebook, look at Google with all their services. Look at what they've done.

My big fear is that Ledger is not very different from them. I fear the day I might wake up and read this story about the most trusted Hardware Wallet company of cryptocurrencies allegedly collecting & transferring data to intel or who knows whoever else.

On the other hand, I do not want to quit using hardware wallets. I feel safer with them than with any other wallet, hence the creation of this topic.

I am sure that the reason for that is in fact that those who buy hardware wallets still trust these devices, at least as far as any remote manipulation is concerned. As PrimeNumber7 say, all attack vectors so far have included the need for physical access to device, and hardware wallets are even promoted as safe when used on infected devices. Any wallet used as cold storage on airgapped device is safe, so it doesn't really make much sense to do what you do now, but we never know what might happen in the future and in what ways can anyone endanger the safety of such devices.

I have no doubt that hackers are working to break through the protection of hardware wallets, and to get their hands on what is on them. I think the time will come when only cold storage will mean complete security.

To my knowledge, all of the known attack vectors involving HW wallets (the major ones)involve an attacker having physical access to the wallet. I am not aware of any successful attacks against major HW wallets that can be executed remotely. I also understand that a lot of effort has been put into researching possibly HW wallet attacks, in part because of the amount of coin stored in various HW wallets, and in part, because HW wallet manufacturers want to show their competitors have inferior security so they can gain market share.


HW wallet firmware security updates will generally protect against physical attacks. If you decline to update your firmware after a security update, the scope of attacks your device is vulnerable to may increase compared to other HW wallets.

I could always reset my ledger before plugging it into an online device to update it (idea that just came up in my mind), the point I was trying to make is that as soon as I'm only plugging it into an offline device, security risks are 0 (excluding physical security exploits, of course). Ledger always made their updates great, especially the last few ones that brought some features I always wished for. It's in my best interest to update it, of course.

---

Had it happen about two or three times. Besides the scary idea that you might've stored the wrong words somehow or that you might've lost the paper, all went fine.

As soon as I'll experiment with an airgapped PC + a Ledger, I'll possibly write a "review" of my experience in case all goes well. Haven't seen a single post anywhere on the internet yet about it

I think it would be more advisable to do so.
Firmware updates don't only provide security updates, but also fix bugs and add new features.

If you want to set up your cold wallet setup only once (i.e. install all necessary wallets and never update them), then you wouldn't need any firmware updates.
But updating the firmware doesn't really do any harm. It might be possible that once in a while an update will create some problems, but those are usually fixed in a relatively short timeframe.

Additionally, if you keep installing more wallets (for additional coins) or need to update those wallets, they might require an up-to-date ledger.

If you have a backup of your seed (which you always should have), i'd say just update it once in a while. It has more advantages than disadvantages.

I'll go for it, thanks. There are actually quite a lot of alts from the top 100 cryptos that have HW-supported core wallets so it could be an option. Do you think firmware updates would even be needed anymoe as soon as my PC is completely airgapped?


True. But I have some out here I've been a very long time hodler of and it feels kinda bad to think about selling them!

Why not, at least it works for BTC via Electrum, and it cost you nothing, just some extra time. Only problem I see there is that at some point Ledger will release new firmware, and I think only way for upgrade is to go online. I never try to use my Ledger with some Electrum forks (DASH, LTC) but maybe some of them would work with Ledger.


Not a bad idea, it would definitely simplify things for you considering what you want to do. BTC is for those serious, altcoins are for beginners

Alright, will look for such wallets and experiment with them.

---

I don't know how to precisely describe the reason I'm willing to go for a Ledger on an airgapped PC to be honest, but I'll give it a try.

Let's say I would never want any server to communicate in any way with my HW directly without my knowledge and accept. For 100% ensurance that nobody could ever get in touch with any data from my HW, I'll use my Ledger to sign and export a transaction on my airgapped PC. The broadcast will happen over Tor from a smartphone (or from Tails) and the only data my smartphone/Tails ever receives is the transactions to broadcast.

This is honestly a new side of the cryptocurrencies that I've never explored. I'm willing to explore it now, and this idea came up in my mind. In other words, my Ledger would only communicate with an offline computer and the only information that could ever get leaked online is the transactions I sign offline. I have Electrum and AFAIK I can do this through it, but the problem pops up when I have to do it with any altcoin.

Makes sense?

---

After all, this might be a sign to move everything to the King of cryptos and stay with it from now on.

I think you're a little too paranoid, because Ledger hardware wallets are designed to protect you not only because they use secure element, but every action you take must be confirmed by the push of a button. If you are a person who knows how to use hardware wallet, then at this time you have no reason to seek some extreme ways of additional protection.

You need to use a wallet for each altcoin which allows you to sign and export transactions (just as electrum for bitcoin).
This most likely won't work without such a wallet. Especially shitcoins altcoins which are only accessible via ledger live.

I mean.. you probably could write your own application to communicate with your ledger, but this would mean quite some additional work.

Call me paranoid, crazy or whatever you will - I'm looking for a method to use my Ledger to sign transactions on a completely airgapped PC.

As far as I know, using a crypto wallet on an airgapped computer means signing a transaction from it and broadcasting it from an online device. In my case, I can't find a way to do this by using my Ledger without having to go online on the computer I want to sign & broadcast my txs from.

I think I can do this for BTC by using Electrum. But what if I want to do this with all the altcoins I'm holding too? I've been looking for weeks already for ways but I still can't find one.

If anyone can find me a way to somehow make use of my Ledger on this airgapped computer, I'd be more than thankful.