Pages:
Author

Topic: Ledger's laying off employees. Thoughts? (Read 873 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 18, 2023, 11:03:10 AM
#82
Quote
0
Ledger Nanos have never been hacked
since they were launched
So they're finally honest about leaking all seed phrases to the internet :O
legendary
Activity: 2730
Merit: 7065
October 18, 2023, 10:45:22 AM
#81
The good news is, there are some amazing Bitcoin hardware wallets that are actually FREE and open source.  SeedSigner and Krux, for example.  Granted, you have to buy the hardware, but the hardware is off the shelf stuff which isn't crypto related, so you won't end up on a leaked address list (Eff you, Ledger!).
I have been looking at SeedSigner the last couple of days, and must admit I like what I see. I will most probably get a fully assembled device to move part of my stash onto it. It's affordable even if it is no longer valid to say you can get all the parts for under $50. I don't know how much the assembled SeedSigner used to cost in the past, but it's now $90-$100, depending on the colour of the case and extra accessories. Still, it's worth the money.

0 Ledger Nanos have never been hacked since they were launched
They have been doing that for some time. I remember seeing the same thing a few months ago.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
October 18, 2023, 08:28:21 AM
#80
I can guess they already got rid of everyone in marketing:

Got this yesterday, Oct 17, 2023:


But, one has to appreciate the honesty, right ?!

In case the picture is too small, the way they arranged the words it reads like:

Quote
0
Ledger Nanos have never been hacked
since they were launched
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 18, 2023, 07:05:14 AM
#79
The problem many people run in to is recurring payments and subscriptions just being taken from their bank accounts without them thinking about them. Steaming services, music services, gym memberships, food delivery services, Amazon Prime, phone contracts, internet contracts, the list is endless. You even hear stories of people paying for insurance contracts for vehicles they no longer own and other such nonsense. If people had to actually open their bitcoin wallet and manually sign these transactions every month, you can guarantee that they would all have far fewer users as well as putting an end to endlessly billing inactive users.
Without automated payments, many people will forget to pay, and find out they don't have car insurance when they need it.

Quote
Isn't it interesting that Ledger Recover can only be paid for using automatic fiat methods and not with bitcoin? Tongue
Touché!
legendary
Activity: 2268
Merit: 18711
October 18, 2023, 06:46:41 AM
#78
The timeline has many good things, but somehow corporate interests dictate almost everything nowadays.
Perhaps one of the benefits of bitcoin in this situation (beside the obvious self custody and actual ownership of your own property) is that there is no simple way to set up automatic recurring payments.

The problem many people run in to is recurring payments and subscriptions just being taken from their bank accounts without them thinking about them. Steaming services, music services, gym memberships, food delivery services, Amazon Prime, phone contracts, internet contracts, the list is endless. You even hear stories of people paying for insurance contracts for vehicles they no longer own and other such nonsense. If people had to actually open their bitcoin wallet and manually sign these transactions every month, you can guarantee that they would all have far fewer users as well as putting an end to endlessly billing inactive users.

Isn't it interesting that Ledger Recover can only be paid for using automatic fiat methods and not with bitcoin? Tongue
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 18, 2023, 06:28:27 AM
#77
The good news is, there are some amazing Bitcoin hardware wallets that are actually FREE and open source.  SeedSigner and Krux, for example.  Granted, you have to buy the hardware, but the hardware is off the shelf stuff which isn't crypto related, so you won't end up on a leaked address list (Eff you, Ledger!).
I've seen them, but never tried. If I have to go DYI, I can just as well sign offline. Most people want something convenient.

We really do live in the worst timeline.
~
You'll own nothing and be happy.
The timeline has many good things, but somehow corporate interests dictate almost everything nowadays. Isn't that one of the major flaws in capitalism: money gets more and more concentrated, until there's nothing left for most people and a few own everything?
legendary
Activity: 2268
Merit: 18711
October 18, 2023, 04:53:33 AM
#76
Do we know for a fact that X number of people are in fact boycotting Ledger products?
We can never put a hard figure on it, but you only have to look at the general feeling on here, Reddit, Twitter, etc., to see that large parts of the community are absolutely boycotting Ledger, and also (and perhaps more importantly in the long run) recommending to avoid Ledger to new users.

Don't forget the "extra power if you pay $60 or $90 per month" and "extra range if you pay extra" (I can't find back the link) features Cheesy
For actual fuck sake. I was going to post in reply to TSC's comment how it won't be long until you actually have to pay extra just to drive your car at full speed, but I see we are already there. We really do live in the worst timeline.

How long until we get FOSS car firmware which bypasses all this nonsense? There's going to be a great market for second hand "dumb" cars in the future.

We're moving more and more towards a future without ownership and monthly payments for everything you use. That's not something I like.
You'll own nothing and be happy.
full member
Activity: 128
Merit: 190
October 18, 2023, 04:01:18 AM
#75
I swear to god I hope people see through this chicanery and vote against it with their dollars, because that's the only way greedy corporations will get the message
People said the same thing when Microsoft started selling software subscriptions, now they're all using it. I think it started with anti-virus-subscriptions, then got worse. Streaming services got people used to paying instead of owning movies too. We're moving more and more towards a future without ownership and monthly payments for everything you use. That's not something I like. We now have (electric) bicycles and mopeds, paid by the minute. Car sharing paid by the hour. I live in a cycling country, and more and more people rent one. It's a strongly growing industry at the moment.
How did we get here from wallets?

The good news is, there are some amazing Bitcoin hardware wallets that are actually FREE and open source.  SeedSigner and Krux, for example.  Granted, you have to buy the hardware, but the hardware is off the shelf stuff which isn't crypto related, so you won't end up on a leaked address list (Eff you, Ledger!).

I REALLY like Krux.  Krux is firmware that runs on K210 devices like the M5StickV and Maix Amigo, converting them into airgapped devices that can sign transactions for multisignature and single-key wallets.

Krux on a Maix Amigo is incredible, for many reasons.  One: The Amigo is cheap but has a large touchscreen, so you see everything, including full addresses, upubs/zpubs, etc, which makes it easy to confirm everything to be exactly right.  But my favorite feature of Krux is that it's airgapped, and it can use encrypted QRs, which means you don't have to worry that somebody might find your SeedQR since it's encrypted.

Krux is a fantastic open source project.  I'm not affiliated with it in any way.  I just friggin' love it.  Krux & BlueWallet are currently my favorite combo.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 18, 2023, 02:03:52 AM
#74
Excuse me - why the hell do you need to buy a subscription for a $30,000 car, that is most likely already being paid for in installments with its own contract?
Because if you don't, you don't get to use all its features.
Don't forget the "extra power if you pay $60 or $90 per month" and "extra range if you pay extra" (I can't find back the link) features Cheesy

I swear to god I hope people see through this chicanery and vote against it with their dollars, because that's the only way greedy corporations will get the message
People said the same thing when Microsoft started selling software subscriptions, now they're all using it. I think it started with anti-virus-subscriptions, then got worse. Streaming services got people used to paying instead of owning movies too. We're moving more and more towards a future without ownership and monthly payments for everything you use. That's not something I like. We now have (electric) bicycles and mopeds, paid by the minute. Car sharing paid by the hour. I live in a cycling country, and more and more people rent one. It's a strongly growing industry at the moment.
How did we get here from wallets? Basically, we went from very cheap "paper wallets" in any possible form to very convenient "hardware wallets" to skip the trouble of manual offline signing, to a monthly subscription model. That reminds me of stock brokers, where you pay them an annual fee to keep your funds. I do indeed hope people vote with their wallet!
legendary
Activity: 3500
Merit: 6981
Top Crypto Casino
October 17, 2023, 01:07:08 PM
#73
You want to use your heated seats you already paid for? $18 a month please: https://www.theverge.com/2022/7/12/23204950/bmw-subscriptions-microtransactions-heated-seats-feature
You have got to be shitting me.  Years ago when my life didn't suck I had a car with heated seats, and though I didn't really care for them (it was a used car, so I just bought it with whatever options it had) I never would have guessed that any car manufacturer would use the "subscription" model for their automobile options.  

I swear to god I hope people see through this chicanery and vote against it with their dollars, because that's the only way greedy corporations will get the message--and if not, it's just going to be another way consumers are going to get their pockets picked.  And Leo, I appreciate you sharing that chilling tidbit.  It makes me hate the world we live in just a little bit more, but I need to know these things.

I guess sales must have hit them really hard with all this boycotting of Ledger Nano devices, because that's the only way I see their pockets taking a hit from that whole debacle.
Do we know for a fact that X number of people are in fact boycotting Ledger products?  Ledger doesn't have to report their financials, and the Recover shitstorm wasn't too long ago and I haven't heard anything about their sales tanking aside from what's implied from the layoffs.  I can't imagine they've gained many new customers, but I'm curious as to what the real state of the company is.
legendary
Activity: 2730
Merit: 7065
October 17, 2023, 11:04:01 AM
#72
I'm guessing you're not familiar with Ledger Recover, so here are some links you might want to check out.
I am familiar with their plans about launching Ledger Recover, however, you didn't specify in your previous reply that your post is about what could happen once that service goes live.

"You now have an API in your firmware to extract seeds"
It's hard to comment on something we still aren't 100% sure how it will work following the PR nightmare Ledger themselves created. Before I say anything else, let me state that the feature is an absolute no-go, and I have said that in the thread where we discussed Ledger Recover. Now, from what I understood reading about Ledger Recover in the past, the seed is divided into 3 shards and no party has ownership of any two shards. But one of the companies receiving one of the shards is directly linked to Ledger in some capacity.   

"Great, so now the Department Of Justice calls you and says "We are charging so and so with X, Y and Z.  Get two of your vendors to send us the Bitcoin keys."
That's a valid concern. These companies are required to cooperate with law enforcement and they will surely assist if a criminal's funds need to be seized. Another example that Ledger doesn't have their users best interest at heart.   

Here's the part about a hacker being able to connect the coins to a user's personal information (their KYC data):

Quote
Rodolfo Novak: "Isn't it an issue now that you have the KYC plus the Bitcoin, together?  Right, because just losing the KYC...  it's a problem, it sucks, right?  But you don't lose the Bitcoin.  Now, you have the KYC plus the coins."
I don't know who is 'you' in this context. You as in Ledger or you as in all the parties holding a shard. Neither of the two is an acceptable option for me. But like I said, we must wait until we know all the bits of the service that should have never happened.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
October 17, 2023, 10:07:28 AM
#71
This is the future of everything, because 99% of the population are morons who just accept this.

Unfortunately, this is true and the world is turning into a place where any different (critical) thinking is taken as something negative. Even that famous CEO Pascal says that everyone who speaks negatively about the Recover service is actually doing nothing but spreading FUD.

They will have ran some numbers and decided they will make more money from this subscription service than they will lose from people no longer buying their devices. It doesn't take much. Even if someone only buys Ledger products, then they will maybe spend $100-200 with Ledger every 5 years? With Ledger Recover they would spend $600 in the same 5 years. Gaining one Ledger Recover customer makes up for losing several normal customers.

Or maybe they've already made so much money that they don't care how the whole thing ends - and if the company fails in the future, they'll blame the people who didn't understand their genius. Your calculation definitely makes sense, and considering that the average user will most likely pay $9.99 a month to feel safe, Ledger would still be able to continue doing business.

Just like Netflix banning password sharing. They will have decided they will make more money from people signing up for their own plans than they will lose from people cancelling or downgrading their plans.

In some countries, they enabled profile sharing with the condition that you pay extra for that option - in some other countries, they went in the other direction and even reduced package prices, but did not enable profile sharing even with an additional fee. Allegedly, the results of the new business strategy are more than good, and another streaming service has announced that it will introduce the same measure from the beginning of next year (D+).
legendary
Activity: 2268
Merit: 18711
October 17, 2023, 08:27:08 AM
#70
Excuse me - why the hell do you need to buy a subscription for a $30,000 car, that is most likely already being paid for in installments with its own contract?
Because if you don't, you don't get to use all its features.

You want to use your heated seats you already paid for? $18 a month please: https://www.theverge.com/2022/7/12/23204950/bmw-subscriptions-microtransactions-heated-seats-feature

Or maybe you want the cameras on your car which you already paid for to actually record things? $19 a month. Or maybe you want to use the remote engine start which you already paid for? $30 a month!
https://www.bmw.co.nz/en/shop/ls/cp/connected-drive

This is the future of everything, because 99% of the population are morons who just accept this.

But in the case of hardware wallets specifically, what else were they expecting? This was the kind of reaction they were going to get from any kind of subscription plan.
They will have ran some numbers and decided they will make more money from this subscription service than they will lose from people no longer buying their devices. It doesn't take much. Even if someone only buys Ledger products, then they will maybe spend $100-200 with Ledger every 5 years? With Ledger Recover they would spend $600 in the same 5 years. Gaining one Ledger Recover customer makes up for losing several normal customers. Just like Netflix banning password sharing. They will have decided they will make more money from people signing up for their own plans than they will lose from people cancelling or downgrading their plans.

But perhaps Ledger got their numbers wrong, which is why they now have to fire a bunch of their employees.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
October 17, 2023, 07:42:04 AM
#69
It won't matter, the damage was done the moment they confirmed it's possible to extract the seed from the hardware wallet and send it through the internet.
They just couldn't be happy with customers buying their product, they just had to go down the route of "subscriptions". Just like more and more car manufacturers are doing now, just like software manufacturers are doing, and just like phone providers have been doing for decades.

Excuse me - why the hell do you need to buy a subscription for a $30,000 car, that is most likely already being paid for in installments with its own contract?

Quote
It used to be: "If you're not paying for a product, you are the product". Now, even if you buy a product and pay for it, you're still the product and they still want more money from you.

Jeez.  Undecided

But in the case of hardware wallets specifically, what else were they expecting? This was the kind of reaction they were going to get from any kind of subscription plan.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 17, 2023, 07:07:17 AM
#68
You know what the crazy thing about all this is? Ledger doesn't want to admit that they were wrong, and kill the Recover service. Then they wouldn't be where they are today.
It won't matter, the damage was done the moment they confirmed it's possible to extract the seed from the hardware wallet and send it through the internet.
They just couldn't be happy with customers buying their product, they just had to go down the route of "subscriptions". Just like more and more car manufacturers are doing now, just like software manufacturers are doing, and just like phone providers have been doing for decades. It used to be: "If you're not paying for a product, you are the product". Now, even if you buy a product and pay for it, you're still the product and they still want more money from you.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
October 17, 2023, 06:59:41 AM
#67
You know what the crazy thing about all this is? Ledger doesn't want to admit that they were wrong, and kill the Recover service. Then they wouldn't be where they are today.

I guess sales must have hit them really hard with all this boycotting of Ledger Nano devices, because that's the only way I see their pockets taking a hit from that whole debacle.
full member
Activity: 128
Merit: 190
October 17, 2023, 05:19:49 AM
#66
Don't be naive, the fact that they only recently announced that they will enable such an option, does not mean that this option did not exist in the past

I'm not naive.  I've been saying that exact same thing since the day Ledger Recover became known.  And I immediately felt foolish for ever having trusted Ledger in the first place.

Anyone who says what Ledger's hardware can or cannot do is either assuming or lying, and honestly I'm not sure which is worse.

No one can honestly say what Ledger hardware can or can't do, since Ledger's code is not open.  If somebody says "You have to confirm any actions by pressing buttons on the hardware" ask them if they're the author of Ledger's code, because if they're not, they have no way of knowing if what they said is actually true.

Assuming a device works the way the manufacturer says it does is dangerous.  If the code isn't open, the device can't be trusted.

Ledger cannot be trusted.  It's up to us to explain why, because noobs can't be expected to know better.  It's up to us to teach them.

EDITED to add, for crystal-clarity: I believe Ledger has been dirty for years and I regret ever buying one.  I've moved my coins from a seed that was used with Ledger hardware to a new seed.  I will never trust that company again.  I can't think of anything Ledger could do to ever regain my trust.  They're dirty, and my coins matter to much to me to ever trust them to Ledger hardware again.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
October 17, 2023, 05:01:32 AM
#65
the data leaks we saw from Ledger and other companies never included any addresses or xpubs.

That's because Ledger didn't have them.  Once they launch their Ledger Recover service, they will.  They and the companies they're partnering with will have the keys AND the KYC needed to recover the keys.

The amount of coins never leaked anywhere which means those who still have those databases can't know who owns what. But since their names are on a list of hardware wallet users, it's reasonable to assume they have coins whose keys they believe are worth protecting with such devices.

Again, Ledger Recover didn't exist back then.  Ledger Recover is a new service which extracts keys from users' hardware wallets and includes the user's personal information (KYC).

I'm guessing you're not familiar with Ledger Recover, so here are some links you might want to check out:

----

Don't be naive, the fact that they only recently announced that they will enable such an option, does not mean that this option did not exist in the past - and considering that their devices are not completely open source, no one could know if it was possible to extract the seed from the device. Their CEO confirmed that everything is based on trust, that is, that the whole thing is whether we believe that the company will not do something bad, regardless of whether there is (or not) the possibility that some feature will be misused in some way by someone who will get access to their systems.

I would not agree that @Pmalek is not familiar with the recover option, because all those links you posted have long been in the topic : Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
hero member
Activity: 714
Merit: 1298
October 17, 2023, 01:21:18 AM
#64
This is true  until fake and/or back-door firmware will not modify the data immunity inside Passport device otherwise they have the option to leave this wallet despite it is airgapped device.
This would require you to install said fake firmware first. Given Passport's firmware is entirely open source, and can be download and verified against multiple Passport keys prior to being installed, then the chance of this is extremely low. And even if you did install the fake firmware, you would still have to make further mistakes to transfer private keys or other sensitive information off the device and on to your computer.



I am aware of all the advantages of Passport's open-source firmware. However, even though it is entirely open source, there is still a possibility of intentionally embedded backdoors.Furthemore, being with backdoor, it can be verified against multiple Passport keys before installation. As I mentioned earlier, I prefer not to place all my trust in any manufacturer, regardless of their reputation.



I would not put all trust on a single manufacturer. In my view the best setup for your stash is a multisig wallet with at least two airgapped co-signers, say Passport and ColdCard MK4 (or coming ColdCard Q1).
That's certainly a very good option, but if I was doing this I would prefer to use a multi-sig between a Passport and an airgapped computer, rather than two different hardware wallets.

Using an airgapped computer as one of the cosigners for multisig is not a bad approach, especially if you are always at your desk in your home. However, it may not be optimal in certain cases, such as during emergency situations when you need to carry an emergency bag. In such situations, I would opt for lightweight and compact devices instead of a bulky and heavy airgapped machine.

Thus, airgapped computer is not universal approach.
full member
Activity: 128
Merit: 190
October 16, 2023, 02:16:10 PM
#63
the data leaks we saw from Ledger and other companies never included any addresses or xpubs.

That's because Ledger didn't have them.  Once they launch their Ledger Recover service, they will.  They and the companies they're partnering with will have the keys AND the KYC needed to recover the keys.

The amount of coins never leaked anywhere which means those who still have those databases can't know who owns what. But since their names are on a list of hardware wallet users, it's reasonable to assume they have coins whose keys they believe are worth protecting with such devices.

Again, Ledger Recover didn't exist back then.  Ledger Recover is a new service which extracts keys from users' hardware wallets and includes the user's personal information (KYC).

I'm guessing you're not familiar with Ledger Recover, so here are some links you might want to check out:

Youtube interview with Ledger CEO Pascal Gauthier:
https://www.youtube.com/watch?v=M3VjQUcyZSY

Quote
"You now have an API in your firmware to extract seeds"
Rodolfo Novak, discussing Ledger Recover with Ledger CEO Pascal Gauthier

https://youtu.be/M3VjQUcyZSY?t=1243

Quote
"If, for you, your privacy is of the utmost importance, please do not use that product, for sure."
Ledger CEO Pascal Gauthier

https://youtu.be/M3VjQUcyZSY?t=2342

I still can't believe Ledger's CEO said that about one of his own company's products.

Ledger's key extraction includes other companies.  What happens if those companies want to give up your keys?  Here's what Ledger's CEO says:

Quote
"These companies are not slaves to Ledger.  We just have commercial agreement."
Ledger CEO Pascal Gauthier

https://youtu.be/M3VjQUcyZSY?t=2393

Yikes.

Quote
"Great, so now the Department Of Justice calls you and says "We are charging so and so with X, Y and Z.  Get two of your vendors to send us the Bitcoin keys."
Harry Sudock, discussing Ledger Recover with Ledger CEO Pascal Gauthier

https://youtu.be/M3VjQUcyZSY?t=2608

Here's the part about a hacker being able to connect the coins to a user's personal information (their KYC data):

Quote
Rodolfo Novak: "Isn't it an issue now that you have the KYC plus the Bitcoin, together?  Right, because just losing the KYC...  it's a problem, it sucks, right?  But you don't lose the Bitcoin.  Now, you have the KYC plus the coins."

https://youtu.be/M3VjQUcyZSY?t=2306
Pages:
Jump to: