Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 13. (Read 5425 times)

                           ^
                           II
Fully agree with this  as no one  can envisage when  backdoor  will worm oneself into   his/her machine(it it is not  already there).

Just fresh  (as of May 31, 2023)  case:  millions of motherboard sold by well known maker such as  Gigabyte have  backdoor in firmware . It is not hard to  imagine  what would happen if those who wanna opt that Ledger Recover connect their  devices to   compromised motherboards like those from Gigabyte.

With the discussion of 2 out of 3 custodians being compromised, don't forget that this set up has a single point of a failure, and the breach of this single point of failure is enough to steal your coins.

Just like every other Shamir's Secret Sharing set up, there is a single point of failure in the device which is used to create and communicate the secret shares. For Ledger Recover, even if we assume that the Nano S/X hardware device itself is secure, the only way for those shares and the associated decryption key to leave the Nano device and reach the third party custodians is via your computer. Therefore, your computer must receive, store, process, and transmit all the information necessary to empty your wallets. If your computer is compromised while you do this, or if the data is stored in memory and recoverable, then your coins can be stolen by compromise of your computer alone. This is the exact same situation as any hot wallet.

Just as a cold wallet which has connected to the internet once or twice is no longer a cold wallet, a hardware wallet which has exposed your seed phase to the internet once or twice is no longer a hardware wallet.

The actual point isn't if it's possible or not. It's if your Bitcoins are still your Bitcoins while you're storing it in a Ledger. To which, if a government entity could coerce a third party to give up "your" keys/seed phrase, then it's most definitely NOT your Bitcoins.

Lol, maybe this is their new rogue business plan, I wouldn't be too surprised. How did Mark Karpeles kind of got away with his "Mt.Gox got hacked" story? It was shady beyond comprehension! Will we see a Mt. Ledger NoNo, oops we were hacked, sorry, your wallets are gone, bye bye, no time, private jet is waiting, salu, au revoir.     

And I mean, since we all know who the three companies are (one of them being Ledger), it wouldn't take much to have some high level employee going rogue from company A and another from company B and have free access to Ledger client funds. This is just another breach waiting to happen for Ledger, I'm surprised they still haven't learned after their previous breaches.

How can the encryption key be stored on your Ledger device, if you can recover your crypto on any other Ledger HW of your choosing? The other devices can't hold your encryption key. The original hardware device maybe, but it looks like Ledger gets a copy of it. How else do you explain recovering crypto on Ledger #2 if Ledger #1 that encrypted the shards is no longer working/in your possession? Either Ledger has the keys or the encryption key is also somehow shared among all custodians.

A secure element like in the Ledger or a similar chip that relies on whether or not the developers write the necessary code that makes code extraction possible? The one good thing in all this is that Ledger has proven that secure elements are not to be trusted and aren't safe. Not in a Ledger or any other hardware wallet.

The other day I saw a movie, where confidential information was kept inside a stone, and hardly anyone would suspect that it contained that information.
Well maybe, we need to start thinking about saving the seed in a rock. 

The question is now which government will get to your coins first But that's not even my biggest concern: what are the odds 2 out of 3 "seed storage facilities" will get hacked, leak data, or have an inside job rob users? If this takes off, there are billions of dollars worth of crypto to steal.

Yes, that's unlikely to happen for an average user but definitely possible and that's another reason why someone should avoid Ledger Recover service.
By the way, ToS is a joke. If you read ToS of companies you frequently use or if you read the list of side effects of every meds, you are not going to use them ever in your life but the problem is that you need to use that particular service or product and because of that 99% of people just agree and move on.

There was a discussion about Ledger Recover and subpoena in podcast with the CEO of Ledger.
Have a look at these moments:
https://youtu.be/M3VjQUcyZSY?t=929
https://youtu.be/M3VjQUcyZSY?t=2610

Yes, absolutely. The Ledger co-founder stated as much here:


Ledger also admit it here (under Data & Privacy at the bottom of the page):

Shower thought. Is it possible that if a user has enabled the recovery feature, and has his/her data held by a third party, then it's probable that a government entity could issue a written order telling the third party to give them access to then user's coins/savings?

Because I believe the user has given up some of his/her rights upon upload of his/her own data. Don't third parties always have Terms of Agreement that users never read?

 

That's precisely why I spend a little bit of time implementing those watermarks. I just assume that whatever entity that is holding my information will eventually leak it, so I might as well just try to use any kind of deterrent that I can. Other than that, I try to stay away as much as possible from KYC procedures but some people still haven't realized how much information they are giving away whenever they submit themselves to KYC...

An attacker is going to take the path of least resistance. Are they going to spend several hours trying to edit out your watermark and end up with a result which might still be rejected by whichever service or bank they are trying to fool, or are they just going to move on and use someone else's KYC data instead? When KYC data is widely available to be bought on black markets for ten or twenty bucks for hundreds of users' worth of data, then an attacker is simply going to ignore the one user who has a difficult to remove watermark.

Although obviously neither is good, there is a difference between something like a hospital leaking your documents and something like Ledger Recover leaking your documents. In addition to the risk of identity theft which is common in both scenarios, if Ledger Recover leak your data then you make yourself an instant target for crypto thieves, attackers, and scammers, as well as losing all privacy since your wallets/addresses/coins are now publicly linked to your real identity.

The usefulness of much of your data to an attacker is time limited. You can't take out a loan with an expired passport or ID card. If somewhere is asking for a copy of a recent bill, they usually want it within the last few months. Every time you complete KYC, you reset the clock.

Yes.

I have never once completed KYC with any crypto service, nor will I ever do so, yet I would wager I spend, trade, send, and receive bitcoin more frequently than 99% of the users on this forum. Bitcoin was designed precisely to avoid centralized third parties. KYC is not the default position - quite the opposite. Rather than asking why we avoid KYC, you should be asking why so many other people are happy to sacrifice their security, their privacy, and their sovereignty, by completing KYC.

Or you can choose to trust this fake messiah[1] (Ledger CEO). ~ 2 weeks have passed from the announcement of Ledger Recover and he's already going out and giving speeches in keynotes, sharing "his outlook for the future, the UX needed to enable mass adoption, and how crypto can protect our online identity. Thank you for the inspiring words!" They keep preaching about "how can crypto protect their online identity" when, at the same time, they are offering services that will link your own identity to the funds that you currently hold (optional, as always  ). Isn't this ironical?

What is even worse is that there are actually some providers that agree with Ledger stance on embracing more users by providing easier entry points[2]:
How can anyone agree that, with a simple update, independently or not if I choose to take part of it, my device will have a "dormant" code that could be exploited in the future and thus voiding everything that the product & company stands for? That's madness!

---

[1]https://nitter.it/thecryptovalley/status/1664691045299376138
[2]https://cointelegraph.com/news/ledger-ceo-says-crypto-key-recovery-service-makes-self-custody-easier

You can't live in this world without revealing your KYC documents. House/hotel/car rentals, you need to reveal your KYC documents to get medical help, visit a doctor, get prescribed meds (if any). You have to reveal it to start work. I mean, there are many cases where you have to reveal your KYC documents and we can say for sure that our data isn't as protected as expected but still it's inevitable to give away all of these info. So, let's assume our data has been leaked, what's the point of rejecting other services that ask for KYC? Or do you hope that while your data was leaked, there is a chance that it got removed or lost and no one holds it? Or do you hope that it will be in hands of some people and isn't public? I mean, is your aim to keep this number of your KYC holders as narrow as possible?

Of course it is Btw passports and some id cards have a lot of patterns and when you try to remove watermark from them, you can mess up with it but if one digs deep into pixels, can really do wonders.

Life gets very hard if you do so, especially if you actively travel. But probably that's the price of privacy, just wonder how long can one keep living in such a discomfort.

What makes you sure that modern hardwares aren't backdoored? Technology is developing rapidly, a lot of innovations are kept for a long time and released slowly in order to generate more profit, etc.
If you give me 2010's personal computer and 2023's personal computer, both of them offline, I would trust 2010's more than 2023's.

Same here.
I think there are currently much better hardware wallet options that are open source and their price is similar or less than Trezor Model T.
To name just a few of them like Passport (around $200), Keystone (around $100), and maybe even others that are cheaper and based on Trezor code but with secure element.

It's the same thing (if not worse) if you are using computer as alternative for hardware wallet.
You are trusting computer hardware (closed source) and software (can be opensource), but we can all agree that old computers/laptops can have much more flaws, bugs, backdoors, security issues and more attack vectors.
Ask any security expert and he will tell you that hardware wallets (despite issues they have) and generally safer than using computers, if done correctly.
Whatever you are suing to improve security for larger amount of coins it's always better to use multisig setup.

I always try to place the watermarks in places that the receiver still is able to read the necessary information (Numbers and names mostly), but make it so that the watermark is in an area that would make its removal very easy to spot (or even harder). I know that if someone is really interested in copying my information will eventually find a way to do it, but I find that it works great as a deterrent for most scenarios.

Given how good AI generated fakes are getting, video or photo selfies will soon be easily fooled as well.

The solution is simple - avoid any platform which requires KYC.

By using a hardware wallet, you're basically trusting them with your money, while the security of "be your own bank" shouldn't rely on third-parties. I really hate this part, and even when using offline software wallets, you have to trust someone. It's impossible to verify all the software you're using, even if it's open source. "Trusting" goes against the basics of Bitcoin, but it's inevitable one way or another.

The main problem I have with KYC is that I have to trust them for doing the right thing, while many companies (and governments) have leaked private data in the past. This will happen again. At least if they don't have my data, they can't leak it. And this scenario is already undesirable even if the company doesn't do bad things with the KYC data on their own.

Here, it's officially recommended to write the purpose on copied documents, so they have to accept it. But I've seen many car rental companies worldwide easily dismiss all privacy concerns when they copy your passport.

Probably. A blue pen on a black and white copy shouldn't be that hard to remove digitally.

This is really interesting, I did some research and people have really been a victim of KYC leaks, couldn't really imagine if one was able to get loan and other service only by using some KYC documents without actually validating the person.
By the way, it's very interesting if one can sue the bank for giving a loan with only leaked KYC data, without actually verifying the person live. Logically, it is bank's mistake to give away a loan so blindly and another guilty one is the government for giving everyone right to ask us for KYC documents, without caring much about our data. It' robbery man! Holy shit!

That's a clever idea but do companies accept watermarked personal documents? Especially ID card or passport? Also, isn't it easy to remove watermark via photoshop? Especially with some AI properties.