Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 16. (Read 4835 times)

I didn't know that, thank you!

I can't access that website, seems it's down due to a DMCA takedown notice. But I found a good guide on Reddit.

I really suggest you to watch podcast with Pascal Gauthier, the CEO of Ledger. Pascal Gauthier basically says that 99% of people can't check and analyze open-source code and they have to trust other guys, so he sees no point in it. Also, he says that crypto users think that KYC procedure is a very normal procedure and almost 95-99% of people have already done KYC on crypto exchanges or in other services.
Basically, he says that people in crypto world have accepted KYC and it's a normal here.

Here we go again... same old story of semi-open source, little tiny bit of closed source, mostly open source, etc...
This sounds to me like they are just buying some time and hoping people will forget about this issue in few days, so they can continue business as usual  

Nobody cares about their stupid buggy ledge live app, they can open source that up in their asses.
I understand that it's not easy to have open source secure element, but why the heck would someone hide firmware code, unless they have hidden plans with it.

I think this is also possible with Passport wallet, but it's much harder to assemble all parts to make your own device.
Another open source wallet you can make is Jade, and it's super easy.

They spied in last few months for sure.
Someone found out early code was pushed in several previous releases for ledger nono X, possibly for other models as well.

Bullshit.
They postponed Recover crap and posted this as a distraction.
Let me tell you now and check back if I was right in few months/years, ledger will never be true open source wallet, but they could put another open source false advertisement label.

This reminds me on exact strategy main stream media is using, or magicians in circus, or tricksters on street with matches  
Putting down fire is never an easy task...

I agree. To me it looks like they are just throwing sand into people's eyes and aren't addressing the issue directly (and considering the reputation damage that they got, this current issue isn't their only problem). Their last phrase on the tweet[1] is loaded with irony - "We believe open source brings openness, transparency, audibility, and trust" - mostly due to the fact that they didn't never cared about going OS as far as I'm aware, they are just trying to shed a very limited light within their code due to this horrible PR mess and hoping that people get satisfied by their "open source plan".

For the few people that still believe in Ledger, do note that I am also unsure whenever you'll see this full plan being implemented as their CTO also admitted[2] that "The other parts will take a little more time since it needs to be refactored to abstract the chip-specific characteristics under NDA from our OS.", meaning that this will be a long(tm) journey before getting everything ironed out within their NDA...

---

[1]https://nitter.it/pic/orig/enc/bWVkaWEvRncwWDRscGFBQVlqX0JwLmpwZw==
[2]https://nitter.it/P3b7_/status/1661012225073745929

Well said. Lots of fluff, nothing that actually changes anything. Just a continuation of bullshittery, and not a good one at that.

I mean let's look at that step for step.

Already Open Source -- Yeah, I guess congratulations for using an open source cryptography library like any sane person would? Mentioning 150+ third party applications is just obvious padding. To be fair, not all SDKs are open source, but it's a really low bar and pretty much standard unless you are aiming for a very small niche and don't care about fostering a community of developers.

In the Coming Days -- A whitepaper and a few blog posts. *slow clap* Admittedly I am curious about the whitepaper though.

In the Coming Weeks -- Providing "tools to implement your own shard backup provider" is the first (and only) thing that sounds remotely like a step in the right direction (ignoring the core of the problem that is the devices' capability to send the seed over the internet, but that ship has sailed). "Open sourcing of the dashboard which is a specific part of the OS containing Recover implementation" is practically useless and just a thinly veiled diversion. But hey, maybe they get to out source the development of a dark theme for the dashboard to the community. Win-Win.

In the Coming Months -- "Modularize even more the OS in order to keep as little as possible the part that must be trusted." That's the sort of sentence that you dictate your intern to quickly jot down as a talking point, only for them to just use it word for word in the official communication without a second thought. Either way, that part of the roadmap is the most interesting to translate:

"In the Coming Months" => "We don't plan to actually do this, but if you keep pestering us we'll eventually have to throw you guys a bone in a year or two."

"Modularize even more the OS in order to keep as little as possible the part that must be trusted." => "Refactor the code in a way that keeps the nasty bits out of sight."

You are all aware that Ledger screwed up very badly with their latest firmware update and the announcement of a new feature, suffered a very serious loss of reputation. I see this open source roadmap as an attempt to rehabilitate themselves in the eyes of current and potential customers, to show that this company can be trusted again, everything is open and transparent with them. I don't see this as a desire on their part to really do better for their clients, because if they were, this tweet would have been made before all these community-shaking events and the Ledger would have been open to their clients sooner.

I see it this way: Ledger is trying to justify itself, restore the trust of customers and put their hands in their pockets again, because they felt that they could be left without their money. To be honest, I don't believe them. This company systematically arranges unpleasant surprises, messes with the personal data of customers, lies openly over and over again, believing their customers are mentally retarded, unable to compare their past and current statements.

Ledger doesn't appreciate its customers and doesn't value them. That's what I think. If they treat us like a piece of shit, how should we treat them? What trust can there be?

Do they really think that the guys who broke their devices after this tweet will begin to collect the broken parts of the devices and glue them together? It seems this firm still has no idea how painful their own shot in the leg would be.

To be honest, here 'open source' is thrown around wildly (blog posts and whitepapers are no 'source' of anything)..

They are taking credit for their '+150 applications' being open source, meanwhile are not writing those themselves, right? The individual coins' developers make them, don't they?

The SDK pretty much has to be open-source if they want altcoin developers to make the accompanying Ledger app for them (for free?); so nothing to take much credit for there, either.

A whitepaper cannot be 'open / closed source' since (1) it's not a source of anything (neither software, nor hardware), (2) you don't write a whitepaper if you don't intend to publish it.

All these blogposts, little tools and whatever they want to provide are just fillers for the big void on the infographic: the firmware remains closed.
As long as that doesn't change, their ability to include backdoors doesn't change. No matter how many blogposts they publish, whether they open-source some dashboard or individual apps. We need the firmware source code; anything else is pointless.

The CTO just shared this on Twitter. Ledger's open source roadmap:



Your thoughts?

Honestly I find it downright malicious that Ledger's defensive message control boils down to lying about the current state of the hardware wallet ecosystem (ie. claiming that consumers always have to trust hardware wallet manufacturers while that's decidedly not the case). They are trying to normalize bad practices in terms of both security and privacy, making them the very antithesis of what one should expect from a hardware wallet company.

It also doesn't fix past 'mistakes'. For instance, they could have spied on users for the last few years, patch it out and then open-source the firmware.
It is easy to see that if you used the firmware before it was fully open, there will always be a risk that some of your information has been compromised (by Ledger or others).

Yes, you can and should.
A good hardware wallet manufacturer will actually advise and instruct its customers how to download the firmware, verify its integrity and flash it. It should also make sure to have reproducible builds; this means being able to easily check that the firmware download matches the code.
It should also be easily possible to compile it yourself, alternatively.

The guys over at WalletScrutiny check popular wallets from time to time to see whether their builds (firmware blobs / binaries) match the open-source code. In case someone cannot / doesn't want to do it themselves, and they trust them, that's a good resource.

"Opening more source" "over time" can mean anything and is something I'll believe when I see it. And even if they start opening more of their source code -- as long as parts of their code stays closed source there will always be insecurity.

Case in point, Ledger's software is already mostly open source, except for the firmware. And that's where the bodies were buried. So even if part of it gets open sourced, as long as some parts stay hidden, they will always have room for burying bodies. "Welcome to my basement officers, feel free to look around, just don't open the freezer, that one's off-limit."


With Trezor you can download the source code and compile it yourself. Heck, if you feel especially nifty you can just go ahead and make your own Trezor clone [1]. Can't get much more trustless than that.

[1] https://www.instructables.com/Making-My-Own-Trezor-Crypto-Hardware-Wallet/

Their firmware is completely closed source but as the CEO of Ledger said in that podcast, over time, they'll open more source of their code until they reach a level similar to Raspberry Pi.
I think it's okay if Hardware Wallet firmware remains closed source, at some point I even agree with that approach because on another hand, even if certain company has an open-source firmware, how can you be sure that they are actually using the open-source code? Is it possible to verify in case of hardware wallets? Maybe I lack technical knowledge here.

That is correct. To the best of my knowledge, their firmware is fully closed source, so there is no way to know whether they had code in it in the past, which extracts seed phrases from secure storage and uploads them somewhere.

Someone already mentioned that with their track record, if they had done such thing en masse, they would already have lost those seed phrases in a hack or data leak. But it's definitely possible that they had a backdoor to selectively extract some wallets' seeds and / or addresses (e.g. for tracking / surveillance purposes).

---

Another important point to consider that I think hasn't really been mentioned:
If the firmware now has an API to 'export' the seed phrase, attackers can access that API.

Especially since this is a USB-connected hardware wallet, you could easily get a virus on your PC which asks the wallet for the seed phrase 'shards', just the same way Ledger Live will do it when you initiate the Ledger Recover setup. And the wallet will just hand them out.

This is a huge security issue, since hardware wallets are meant to protect you from an infected PC. This is the whole idea behind using them over just storing the seed on your PC.

Ledger is a failure and I think no one should rely on their words anymore, at least since things are clear. Are you sure that your keys weren't even revealed before this latest firmware update and it wasn't backdoored the whole time you were using it?
It's not only okay but necessary to go brutal on own Ledger devices

---

Here is the podcast with Pascal Gauthier, the CEO of Ledger. He says that customers who talk to them, frequently say that they can't trust themselves with 24 words seed and that's the reason why Ledger came up with Ledger Recovery service. He also confirmed in live that technically, government will be able to subpoeana users and get access to their funds
But if you watch the podcast, one thing is clear, Ledger CEO and people around him think that KYC has become a normal procedure in crypto business that people have accepted and taken it normally. For that reason, he thinks that KYC procedure is very much okay for Ledger Recovery service users.
I don't know what to say, it's shit!

Good move... shame you didn't upload a short video while doing that  

People don't have to be so brutal with their devices, and if they still have old ledger nono S model, but I will suggest slowly migrating and starting to move coins to different open source devices.
Everyone who owns ledger nono X already have some parts of malicious firmware, because they released bits of code in older updates.
Don't update newer firmware because you could enable access to your keys, and some government could potentially seize coins from you in future, especially if you live in US, UK and France.

Good for everyone to listen and learn something from latest conversation between Andreas Antonopoulos and Jameson Lopp talking about aftermath of ledger Recovery incident:
https://odysee.com/@aantonop:8/ledger-recover-what-the-hell-is:8

You don't have to listen to me, but this two guys (JL and AA) are one of the biggest bitcoin security experts in the world today. 

It's a fair point, and I think this territory of law remains untested. For example we all know that exchanges can freeze funds, as they are the custodians. But do governments have the license to freeze funds and transfer them to another account, which would be required in order to seize those assets? The answer is almost certainly so. If you consider some of the darkweb busts, they involved seizing the assets, and thus transferring them to another account. As obviously otherwise leaving them in the same account (even with an exposed seed) could lead to those accused or accomplises transferring those assets elsewhere...

I otherwise think for a general "investigation" certain government agencies could gain access to your seed with subpoenas and otherwise not have license to transfer your funds elsewhere, but otherwise I don't think it would take much for them to get a warrant to seize those funds if they had a legal reasoning to do so, which can only be done by transferring them into their own custody. It also seems like it's not going to take long before US gov ends up gaining these seed phrases from users they deem to be criminals who have signed up for the recovery service, so we'll find out soon enough what happens to those assets.

Yeah, you got it in the right way. That was my personal protest against that terrible Ledger SAS initiative. And, besides, I did it with a view to not leave any temptation to use their devices again.

The lesson I got from Ledger's stupid step to breach the social contract in existence is   to choose at all times the open source,  airgapped hardware wallet whichever possible. My choice now is Passport 2 by Foundationdevices.


Flash mob has already started

Man man, what a window have you/them open here.

Im not a lawyer but i have some really good foundations and knowledge on that nad also i can say nobody neither a lawyer can know the answer to that. Because we are going to end in a more philosophical and constitutional discuss.

Because this requires a one more "positive" action made by the goverment and the law, lets me explain, freeze your assets its a "passive" action. For example i can freeze your assets in a bank account but i cant touch them until a full statement its made.

And in this case, what are the seeds? are data and a private thing? or they are an asset? can the IRS make a movement or they gonna need a full judgment?

Because nobody know how much you have in that, its very diferent to a exchange where the exchanges can share the balance info of you account, here its very difficult.....

It looks as if the Ledger is trying to dig its reputation even deeper with each new post. It’s even scary to imagine what might be in the next tweet and how these guys can shock even more..

Well, now enough reasons have accumulated for buyers not to do business with this company?


I think it's time to open a separate and new topic dedicated to just one, where users of the Ledger will post photos with smashed and broken hardware wallet. I believe this is not the last post of this kind.

First, I wanted to say that there is no need to break the device, because you have already transferred all crypto to another device and there is no danger. But then I came to the conclusion that this was indispensable in order to express protest against the actions of this company's management and warn new buyers of the Ledger. This is a kind of drawing public attention to this problem.

Is this the beginning for "#SmashTheLedgerWallet"?

He was pretty honest revealing that information, although we could have guessed it already. Maybe he did it as a sort of warning to Leger users. He seems pretty disappointed in what they did, and this could be his way of voicing that. Connecting KYC with your wallets and private keys and handing those keys for "safekeeping" to companies that have to adhere to government regulations and requests can only end exactly the way Éric said.

For those interested, 5 minutes ago Andreas Antonopoulos started a live on youtube to talk about Ledger, here is the link:

https://www.youtube.com/watch?v=9scIevuymZM

Obs - you can watch later

I am curious to see what he will say, it will probably be the same as what we are already talking about here, but it should reach more people watching