Pages:
Author

Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities (Read 4819 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
the future firmware releases will add the ability to unsubscribe from this service
So they went from "the seed can never leave the secure element" to "don't worry, our software broadcasts your seed to our servers" to "trust me, we won't do that again if you don't want to"? Lol.
full member
Activity: 128
Merit: 190
I don't use my Ledger nano s+ since they introduced that controversial recovery service but sometimes become interesting  in what is going  on the relevant scene. Yesterday I have surprisingly learn that the future firmware releases will add the ability to unsubscribe from this service

Ask them to PROVE IT.

They can't, because their firmware isn't open.

Quote
There's no backdoor and I obviously can't prove it

-- btchip, Ledger owner & co-founder

Can't prove it, because their firmware isn't open.

They'll probably just add a fake option to turn Recover off that actually does nothing, in order to trick users into feeling safe.

There's no way to prove what their firmware can or cannot do.

There's no way to prove how they share your data and who they share it with.

If Trezor, ColdCard, SeedSigner, Krux, and others say they've added a feature & somebody says "Prove it!" they can say "Sure!  Here's the code.  Every single line."  Done.

All Ledger can say is "Trust Me Bro." but no one can trust them after they lied so many times about so many things.

Remember when Ledger said "Your keys are always stored on your device and never leave it" and then they wrote an API to allow them and other companies (!!!) to extract your keys out of your device over the internet?

Remember when a Ledger employee got phished & DeFi users lost over $600k?  ...and then Ledger later admitted it was a former employee who still had access to their codebase?  Why did an ex-employee still have access to the codebase?  Ledger wouldn't say.

Remember when Ledger got hacked & the hackers leaked Ledger's entire customer database, including users email addresses, home addresses & phone numbers?  Ledger can't even keep their own data secure.

The only truly safe use for Ledger hardware is as a decoy wallet, which is how I use mine.

The day they added key extraction to their firmware, they should have offered full refunds to customers they lied to.

What a terrible company.
hero member
Activity: 714
Merit: 1298
I don't use my Ledger nano s+ since they introduced that controversial recovery service but sometimes become interesting  in what is going  on the relevant scene. Yesterday I have surprisingly learn that the future firmware releases will add the ability to unsubscribe from this service, Are they going to be in retreat, what are your thoughts on this matter ?

legendary
Activity: 2730
Merit: 7065
What Trezor Did? why are you saying Both? are you saying that Trezor also not safe despite its open source ?
o_e_l_e_o is sadly no longer with us, so he can't answer any of your questions. Trezor didn't do what Ledger did by introducing seed extraction firmware and code, and that's not what o_e_l_e_o meant when he wrote that post. I remember o_e_l_e_o's issues with Trezor are the following:

- Trezor has an unfixable hardware vulnerability in their older devices, making it possible to extract PINs and private keys by someone who knows what they are doing. It's an attack that doesn't require expensive equipment but it does require physical access to the device. It can't happen remotely and over the internet. The hacker needs your Trezor in their hands. This can't be fixed with a software update. I think Trezor 3 and 5 don't suffer from this vulnerability due to the introduction of secure elements.

- Trezor introduced Wasabi coinjoins through zkSNACKs. This was an entity that portrayed itself as the savior of bitcoin and the ultimate privacy tool on the market. At the same time, they funded and partnered with blockchain analysis tools to try and deanonymize bitcoin transactions and they didn't treat all bitcoin equally. They considered some "dirty" and "tainted" and not fit to participate in their coinjoins. Other coins were "clean."   

I think Trezor is using Closed source Elemnt Chip on the safe 3 and safe 5 models its not open source
Right. I covered this in a different thread you posted in yesterday.
newbie
Activity: 48
Merit: 0
Both are complete and utter trash now, completely ruined by awful decisions such as this one. Seriously, do the management teams behind both wallets understand nothing about bitcoin?
What Trezor Did? why are you saying Both? are you saying that Trezor also not safe despite its open source ?

All secure elements are closed-source. Trezor and Tropic Square are the first ones that began experimenting with an almost 100% open-source secure element chip.  

does Foundation use an open-source secure element? If Trezor is the first one that's planning to develop one, it means Foundation doesn't have one either.  
I think Trezor is using Closed source Elemnt Chip on the safe 3 and safe 5 models its not open source
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
They should have certainly done some survey and have probably created a persona because I remember their CEO was talking about how many people lose their keys and they really want something that will give them option to recover lost keys.
To claim that there are many lost keys, proper research must first be done to understand the extent of the problem. Did they do this? I doubt. They are simply trying to promote their service on pain of losing their keys.

There is one way to recover lost keys and for this don't need Ledger at all. This function is called "make a backup". Who wants to buy this subscription service? Smiley

If they release statistics, I genuinely believe, they'll release the statistics that will favor this decision of theirs. Just write that hundreds of thousands of people use your subscription service and then a big wave of people will become your customers because they'll start thinking that if so many people use successfully, then this automatically means it's good. Even the dumbest idea can generate money if marketing is good.
That is why public statements by companies interested in disseminating information beneficial for marketing should not be taken at their word.

I believe that they will not face financial crisis because of Ledger recover service addition. There are many people who use centralized exchanges that will hear that hardware wallets are good and after a slight research they'll find Ledger that offers them private key protection via KYC, many new customers will find this feature amazing. Let's wait and see, I think it was financially wise decision if we talk about long-term.
I am also inclined to the point of view that recovery service is not yet a reason to bury a Ledger. There are many fools who will use this service and be satisfied. These are the people who will financially support this company for a long time to come.
legendary
Activity: 1722
Merit: 4711
**In BTC since 2013**
When the service turns one year old, they should release some service statistics and we will find out.
Unless the numbers are too much to disclose.  Roll Eyes
But they don't have to release any numbers, since they're not a publicly-traded company.  I don't know if they've ever released any kind of financial reports, but I suspect they'd only make their future income/earnings public if they were extremely successful--or they might not, since they'd be telling their competitors something they did "right".

Down with Ledger!!

When I say that they will disclose numbers, it is not in an official context, because as you said they are not obliged to do so.
They must disclose numbers within the marketing scope, to convey the idea that the service is being a success.

Now, whether these numbers are viable or real will be another question. Either way, it allows us to have an idea of greatness, because I also don't see much for them to come up with big numbers - it's better not to disclose anything.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
I'd like to know how many people actually fell for Ledger's subscription scheme. It must be enough to be worth wasting their reputation over.

When the service turns one year old, they should release some service statistics and we will find out.
Unless the numbers are too much to disclose.  Roll Eyes

But, they certainly did some kind of survey to understand whether this service would have subscriptions or not.
They should have certainly done some survey and have probably created a persona because I remember their CEO was talking about how many people lose their keys and they really want something that will give them option to recover lost keys.
If they release statistics, I genuinely believe, they'll release the statistics that will favor this decision of theirs. Just write that hundreds of thousands of people use your subscription service and then a big wave of people will become your customers because they'll start thinking that if so many people use successfully, then this automatically means it's good. Even the dumbest idea can generate money if marketing is good.

The fact is, we will never know the truth, so, for the sake of our safety, it's better to assume that what I said is true. This is just a shady company and everything is expected from them, I still think that they intentionally didn't update the Nano S firmware to make people think that it still actually backs their words and promises.
You're most likely right--but the first thing that popped into my head was that if Ledger went bust because of their idiotic Recover feature, some crypto journalist might do a deep-dive story on their collapse and report their financials (assuming the reporter could get their hands on the data).  Then again, 1) Ledger might not even suffer all that much because of this crap, and 2) I'm not sure about the state of journalism in crypto and whether there are any real journos who'd be motivated enough to do a real story on Ledger's demise if it actually came to be.  A lot of the stories I've read on sites like Coindesk seem to be puff pieces, and the level of writing is abysmal.  But that's true of a lot of news reporting.
I believe that they will not face financial crisis because of Ledger recover service addition. There are many people who use centralized exchanges that will hear that hardware wallets are good and after a slight research they'll find Ledger that offers them private key protection via KYC, many new customers will find this feature amazing. Let's wait and see, I think it was financially wise decision if we talk about long-term.
legendary
Activity: 3500
Merit: 6981
Top Crypto Casino
The fact is, we will never know the truth, so, for the sake of our safety, it's better to assume that what I said is true. This is just a shady company and everything is expected from them, I still think that they intentionally didn't update the Nano S firmware to make people think that it still actually backs their words and promises.
You're most likely right--but the first thing that popped into my head was that if Ledger went bust because of their idiotic Recover feature, some crypto journalist might do a deep-dive story on their collapse and report their financials (assuming the reporter could get their hands on the data).  Then again, 1) Ledger might not even suffer all that much because of this crap, and 2) I'm not sure about the state of journalism in crypto and whether there are any real journos who'd be motivated enough to do a real story on Ledger's demise if it actually came to be.  A lot of the stories I've read on sites like Coindesk seem to be puff pieces, and the level of writing is abysmal.  But that's true of a lot of news reporting.

When the service turns one year old, they should release some service statistics and we will find out.
Unless the numbers are too much to disclose.  Roll Eyes
But they don't have to release any numbers, since they're not a publicly-traded company.  I don't know if they've ever released any kind of financial reports, but I suspect they'd only make their future income/earnings public if they were extremely successful--or they might not, since they'd be telling their competitors something they did "right".

Down with Ledger!!
legendary
Activity: 1722
Merit: 4711
**In BTC since 2013**
I'd like to know how many people actually fell for Ledger's subscription scheme. It must be enough to be worth wasting their reputation over.

When the service turns one year old, they should release some service statistics and we will find out.
Unless the numbers are too much to disclose.  Roll Eyes

But, they certainly did some kind of survey to understand whether this service would have subscriptions or not.
legendary
Activity: 2212
Merit: 7064
I'd like to know how many people actually fell for Ledger's subscription scheme. It must be enough to be worth wasting their reputation over.
Just wait long enough for that database with all information to get leaked and you will found out  Tongue
I am sure there are more people who got involved in this scheme than it should be.

People often forget that the higher the security, the higher the responsibilities become. When someone tries so hard to protect their seeds, it will be that hard to recover them too and even harder to keep them safely, especially when instead of one paper, you depend on many of them.
And it will be much easier to screw something up.
Only good reason for doing something more complicated like multisig with good backup, is if you want to leave coins to your kids.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
I don't think so, and here is why. Nano X was the first wallet that received the Ledger Recover vulnerability and corresponding code. At the same time, Ledger announced that the Nano S Plus would be next. There was a lot of backlash and attacks on Ledger after that. That didn't make them change their mind, and a few days ago they added the Ledger Recover code to the Nano S Plus as well. Had they taken into consideration the community feedback and opinions, they wouldn't have done that, right? It's obviously not important to them.
The fact is, we will never know the truth, so, for the sake of our safety, it's better to assume that what I said is true. This is just a shady company and everything is expected from them, I still think that they intentionally didn't update the Nano S firmware to make people think that it still actually backs their words and promises.

Andreas Antonopoulos publicly said that many people contacted him and told they lost all coins by trying to be smart with their own complications.
People often forget that the higher the security, the higher the responsibilities become. When someone tries so hard to protect their seeds, it will be that hard to recover them too and even harder to keep them safely, especially when instead of one paper, you depend on many of them.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Nano X was the first wallet that received the Ledger Recover vulnerability and corresponding code. At the same time, Ledger announced that the Nano S Plus would be next. There was a lot of backlash and attacks on Ledger after that. That didn't make them change their mind, and a few days ago they added the Ledger Recover code to the Nano S Plus as well. Had they taken into consideration the community feedback and opinions, they wouldn't have done that, right? It's obviously not important to them.
I'd like to know how many people actually fell for Ledger's subscription scheme. It must be enough to be worth wasting their reputation over.
legendary
Activity: 2212
Merit: 7064
There are many alternative options to store those phrases online, without anyone even noticing it.

You just need to camouflage it a bit with clever techniques that will conceal it's real purpose. (Using templates and splitting it into many pieces that only you will be able to decipher)
This is the worst thing you can do!  Roll Eyes
Making your own ''special'' technique and splitting seed words on your own is recipe for disaster and ALL security experts strongly recommend against doing this.
Andreas Antonopoulos publicly said that many people contacted him and told they lost all coins by trying to be smart with their own complications.
One of the ways to correctly ''split'' seed words would be with shamir secret sharing, but there is single point of failure and not all wallets support it.
Multisig could be better but again I would not suggest regular people doing this, instead they should use multiple passphrases.
legendary
Activity: 2730
Merit: 7065
Do you allow the use of Ledger HW as one of the elements of a multisig, despite their shaky reputation (this topic is about ledger after all)? For example, HW #1 - Trezor, HW #2 - Trezor, and HW #3 - Ledger. Other similar variations, where HW #? can be any other manufacturer.
Ledger could be part of a multisig setup because one key (no matter which one) isn't going to be enough to make a transaction. So, even if the worst where to happen and Ledger or someone else gained access to your Ledger key, they wouldn't be able to steal your coins from a multisig wallet. It would reduce the overall security of your setup, though.

I am not as optimistic as you and I think that the only reason why they didn't update Nano S firmware is that they are afraid of another scandal online, they probably analyzed what happened when they announced Ledger Recover service, so, they probably decided it was better to sacrifice one line of production.
I don't think so, and here is why. Nano X was the first wallet that received the Ledger Recover vulnerability and corresponding code. At the same time, Ledger announced that the Nano S Plus would be next. There was a lot of backlash and attacks on Ledger after that. That didn't make them change their mind, and a few days ago they added the Ledger Recover code to the Nano S Plus as well. Had they taken into consideration the community feedback and opinions, they wouldn't have done that, right? It's obviously not important to them.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
No, not the Ledger Nano S. They aren't selling this model anymore and will eventually drop support for it. The Ledger Nano S Plus will have support for Ledger Recover. So far they haven't mentioned anything about the Ledger Stax.
Could it be the Ledger Nano S actually does what they promised back then? That would mean it's impossible for them to update the firmware to get your seed phrase out, because the hardware doesn't allow it. Maybe I'm too optimistic here, but it could be they were still trying to make a honest product back then, instead of going for maximum profit through subscriptions.
I am not as optimistic as you and I think that the only reason why they didn't update Nano S firmware is that they are afraid of another scandal online, they probably analyzed what happened when they announced Ledger Recover service, so, they probably decided it was better to sacrifice one line of production.

Trick them into signing up for one year of Ledger Recover, and you made almost as much money as if they purchased two new hardware wallets.
I expect the profit margin for each new subscription to be near 100%. Storing a million seed phrases doesn't have to be more expensive than storing just 1.
Probably the cost of saving one or hundred thousand keys will be the same, so, I expect their profit margins to be way higher than 100% because as the number of customers grow, the profit will increase while loses, i.e. saving costs will be almost the same. But I don't know how their contract with those two 3rd party service providers look like.
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
There are many alternative options to store those phrases online, without anyone even noticing it.

You just need to camouflage it a bit with clever techniques that will conceal it's real purpose. (Using templates and splitting it into many pieces that only you will be able to decipher)

Some people stay in areas where natural disasters are more prevalent, so you cannot store this in one geographical location.
Undoubtedly, there are huge advantages of storing seed phrase on the Internet. Starting from protection against the destruction of seedphrases from local offline disasters (natural and man-made disasters) to increased mobility, which will allow to gain access (for example, restore access to the contents of your wallet) from anywhere in the world.

One problem is the way to implement the plan. Disguise must be at a very good level and not arouse any suspicion, because no matter what online storage service you use, there are always risks of unauthorized access by unauthorized persons (both inside the service system and from outside).

If one person can cleverly encrypt his data, there will always be another who can decrypt it. Therefore, it is most important that seed phrase doesn't arouse any suspicion or interest on the part of others. That is, file should not stand out at all from the rest of your data. And also, I think that dividing it into several parts and distributing it over several points would also be nice. If someone gets access to your phrase, then half or a third will be useless to them.


Seed splitting is not that smart, though. There are multiple threads about it on here; especially with Taproot, multisig is the way to go.
Do you allow the use of Ledger HW as one of the elements of a multisig, despite their shaky reputation (this topic is about ledger after all)? For example, HW #1 - Trezor, HW #2 - Trezor, and HW #3 - Ledger. Other similar variations, where HW #? can be any other manufacturer.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
There are many alternative options to store those phrases online, without anyone even noticing it.

You just need to camouflage it a bit with clever techniques that will conceal it's real purpose. (Using templates and splitting it into many pieces that only you will be able to decipher)
Of course it's possible. But if enough people do this, I bet some of them lose their money, while others are unable to recover their seed on their own. And that's why it's generally not a good idea to create your own "system".
I agree; never roll your own crypto / encoding schemes! Over the years, I myself had to re-check my seed backups to even remember which backup belonged to which wallet. And these are just regular old steel washer and steel plate backups of BIP39 seed phrases.

Only issue is as with all 'custom crypto' (don't roll your own crypto), if let's say you pass away and your family knows nothing about this scheme, they won't randomly think to unzip a file from your cloud storage, take the image that is hung in your office and pass it through a program from GitHub to restore a Bitcoin wallet.
Instead, if they find some paper with 12 words, they might look online and find out this is a Bitcoin wallet seed.

Of course, you yourself might also forget how you generated that wallet if you find your backup again after decades and maybe already have symptoms of dementia.

Quote
Some people stay in areas where natural disasters are more prevalent, so you cannot store this in one geographical location.
Even a safe deposit box in a bank far from your home would be a better idea. Or 3 safe deposit boxes, each storing 16 out of 24 words.
Seed splitting is not that smart, though. There are multiple threads about it on here; especially with Taproot, multisig is the way to go.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
There are many alternative options to store those phrases online, without anyone even noticing it.

You just need to camouflage it a bit with clever techniques that will conceal it's real purpose. (Using templates and splitting it into many pieces that only you will be able to decipher)
Of course it's possible. But if enough people do this, I bet some of them lose their money, while others are unable to recover their seed on their own. And that's why it's generally not a good idea to create your own "system".

Quote
Some people stay in areas where natural disasters are more prevalent, so you cannot store this in one geographical location.
Even a safe deposit box in a bank far from your home would be a better idea. Or 3 safe deposit boxes, each storing 16 out of 24 words.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
There are many alternative options to store those phrases online, without anyone even noticing it.

You just need to camouflage it a bit with clever techniques that will conceal it's real purpose. (Using templates and splitting it into many pieces that only you will be able to decipher)

Some people stay in areas where natural disasters are more prevalent, so you cannot store this in one geographical location.
Pages:
Jump to: