Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 7. (Read 5735 times)

"These companies are not slaves to Ledger.  We just have commercial agreement."
-- Ledger CEO Pascal Gauthier
https://youtu.be/M3VjQUcyZSY?t=2393

"Great, so now the Department Of Justice calls you and says "We are charging so and so with X, Y and Z.  Get two of your vendors to send us the Bitcoin keys."
-- Harry Sudock, discussing Ledger Recover with Ledger CEO Pascal Gauthier
https://youtu.be/M3VjQUcyZSY?t=2608

"If, for you, your privacy is of the utmost importance, please do not use that product, for sure."
-- Ledger CEO Pascal Gauthier
https://youtu.be/M3VjQUcyZSY?t=2342

I was curious when they said that the other two parts of the key are in different jurisdictions. What jurisdictions will these be?

Of course they will. They will never protect anyone other than their own business interests. They are obliged to share such information with the right government agencies if it's requested from them. They explain that in the first sentence in the quoted part that you shared. The second sentence states it's a criminal offence not to cooperate with law enforcement. The third one means absolutely nothing and is only there to make you feel safe. Saying that they will verify if the requests are legitimate is of no importance.

In turn, Coincover says it will never give up its share of the key, even if it receives court orders. Unless it's extremely radical, but...

Good question.
This should be clearly written and explained on their website, like with any subscription services.
Maybe some ledger fanboy is willing to do a test sacrifice for all of us, and tell us what happens after cancelation

What happens if I stop paying my subscription?
If you don't update your payment info and pay the subscription within 7 days, you won't be able to restore your private keys using Ledger Recover. If you don't regularize your payment within 3 months, your subscription will be suspended. After your subscription is suspended, you have 9 months to contact Ledger Recover Support and reactivate your subscription. You will need to pay an administration fee of 50 EUR along with any outstanding balance.

Coincover will never pass your information to a third-party unless it has a legal obligation to do so. For example, law enforcement agencies often have extensive criminal investigation powers, including the ability to obtain production orders requiring information to be produced. It may result in a criminal offence for any entity supporting Ledger Recover to fail to comply with a production order, but Coincover would always take all reasonable steps to verify a production order before complying with it.

You should also note that the Recovery Seed Phrase (RSP) is encrypted and split into three fragments – all of which are held by independent companies established in separate legal systems. Since a minimum of two of three fragments would be required to gain access to your wallet, it is likely that an order would need to be obtained in at least two jurisdictions. These individual fragments are not exploitable on their own. Two of them would need to be recombined and decrypted with separate keys. Any order of this nature would realistically only ever be obtained in the most serious cases of criminality (such as where terrorist financing is suspected).

Coincover will never be able to access your seed phrase. Coincover or the other backup providers will only ever manage one encrypted fragment. We do not hold nor have access to the other fragments that make a complete seed phrase.

Keep in mind, those older devices use closed source firmware too, so you have no way of knowing if your device has a backdoor giving Ledger - or whoever - access to your seed:

On a serious note, this does bring up an interesting question. What happens if someone cancels their automated payment for Ledger Recover? Will they destroy the seed phrase from their storage and all their backups? I find that hard to believe, and you can't know for sure. Or will they just keep your seed phrase, but deny you acces if you ask for it? Or will they just charge you a much higher "manual recovery fee" when you need it? Either way, I'm not going to find out

Unless they have received new and updated instructions about what to say regarding technical questions about their Ledger Recover service. Ledger is sending vibes as if their internal departments are completely out-of-sync and not working together properly. A normal company would first train and instruct its support about what they need to do. There would also be coordination between marketing and development. Here, it's like everyone is doing their thing with no common goal. When all this nonsense started, Ledger support was basically, we have no idea what is going on, let's just wait for the marketing or development teams to tell us how to proceed.     

Ah so don't expect any sort of useful answer.

hope that support knows how to handle your inquiry.

Keep in mind, those older devices use closed source firmware too, so you have no way of knowing if your device has a backdoor giving Ledger - or whoever - access to your seed

Just curious, has ledger responded to any questions on the record about anything to do with how and where the encryption keys for these shards reside? Have they given any technical details in any literature interviews etc beyond just the "shards are encrypted" redundancy?

It will only land them in prison if it can be traced back to them. Otherwise it's indiscernible whether the keys leaked or an inside job happened.
But yes, andy.arden is right that in the big picture government control is probably the largest risk.

On a serious note, this does bring up an interesting question. What happens if someone cancels their automated payment for Ledger Recover? Will they destroy the seed phrase from their storage and all their backups? I find that hard to believe, and you can't know for sure. Or will they just keep your seed phrase, but deny you acces if you ask for it? Or will they just charge you a much higher "manual recovery fee" when you need it? Either way, I'm not going to find out

I sent you my seedphrases in DM, can you reply with the deposit address to pay for the first month?

Also, I am interested in the case that if I skip one month with the payment, will I lose my coins?

This doesn't apply to older devices that have been discontinued, but which can still be found on sale or have users. For example, Nano S. In their case, a firmware update may be mandatory.

"There's no backdoor and I obviously can't prove it"
btchip, Ledger owner & co-founder

i also read about the 'recover start' yesterday. what i find even more outrageous is that Ledger charges the user €10 for this service (after the first month is free) from the second month on.
will advise everyone in my circle of acquaintances and also here in the form against this service!

I'll lower my offer too:

This doesn't apply to older devices that have been discontinued, but which can still be found on sale or have users. For example, Nano S. In their case, a firmware update may be mandatory.

Why wouldn't they make a backdoor in this point? Users will still be forced to pre-install crypto apps.

Most likely, they simply don’t understand anything.

Ledger sends their hardware wallets with already installed firmware, and very often it's the latest version. So, you don't need the app to install the firmware.

That's true. You have to install the Ledger crypto apps before you can use any software wallet, be it Electrum, Ledger Live, or something else.

Are we allowed to call people who fall for this idiots?

If they fully understand what they are getting themselves into and still do it, yes.

On the other hand, if they fail to understand the whole concept of crypto, they should first be pointed towards a better path.

Are we allowed to call people who fall for this idiots?