Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

[o_e_l_e_o]

How can one take loan with my identity? I mean, banks don't give away loan so easily, I can't really think that someone can do anything with pictures of my ID card, at least I'm unable to do things with it alone.

Depends on your bank and your jurisdiction. Some banks will happily let you open accounts, set up credit cards, take out loans, even take out mortgages, all over the internet. Often a picture of your ID is enough, and if they want more such as tax numbers, recent bills, etc., then these can be often be obtained by an attacker with a copy of your ID/passport/whatever and your other personal details.

[1714218423]

1714218423

[1714218423]

1714218423

[n0nce]

~snip~
But I will buy a Trezor T wallet because they promised that the secret phrase would not leave the wallet.

Don't be naive, Ledger said the same thing in the past, and today we know that the whole story they told is a simple lie. Trezor has its vulnerabilities, and even cooperation with companies that deal with spying on Bitcoin users and censoring transactions is not something that can position them as reliable producers.

There is one big distinction to be made. If you own a Trezor Model T, since it's completely free open-source (FOSS) as in 'freedom', you can refuse to upgrade the firmware, downgrade the firmware, write your own, and patch new firmware versions that have features you don't like.
You also are able to tell whether they try to sneak in some unwanted features and know whether new features are implemented securely, e.g. if any encryption used is secure.

If we just take one company who in a way betrayed its users and extrapolate it to all the companies, there is no wallet you can buy, no Linux distro you can install and no services you can use.

I would still not recommend a Model T right now, but at least if I got one, I knew what I'm getting, since code and hardware are open.

[RickDeckard]

How can one take loan with my identity? I mean, banks don't give away loan so easily, I can't really think that someone can do anything with pictures of my ID card, at least I'm unable to do things with it alone.

Depends on your bank and your jurisdiction. Some banks will happily let you open accounts, set up credit cards, take out loans, even take out mortgages, all over the internet. Often a picture of your ID is enough, and if they want more such as tax numbers, recent bills, etc., then these can be often be obtained by an attacker with a copy of your ID/passport/whatever and your other personal details.

Whenever I have to send some personal documents to some company (for setting up a bank account, utility services, amongst others) I always make sure to include a watermark with numerous information (such as which company I'm sending the data to, which data and why). In the event their security is weak and this data is stolen from them, probably no one will be able to open a credit line in my name due to the watermark, and if I ever see those documents floating online I'll know which company was the one responsible for the leak.

[m2017]

~snip~
But I will buy a Trezor T wallet because they promised that the secret phrase would not leave the wallet.

Don't be naive, Ledger said the same thing in the past, and today we know that the whole story they told is a simple lie. Trezor has its vulnerabilities, and even cooperation with companies that deal with spying on Bitcoin users and censoring transactions is not something that can position them as reliable producers.

There is one big distinction to be made. If you own a Trezor Model T, since it's completely free open-source (FOSS) as in 'freedom', you can refuse to upgrade the firmware, downgrade the firmware, write your own, and patch new firmware versions that have features you don't like.

How many Trezor device users are able to do this? - Units.

You also are able to tell whether they try to sneak in some unwanted features and know whether new features are implemented securely, e.g. if any encryption used is secure.

Can say whatever want, but doing it is completely different. You seem to overestimate the capabilities of hardware wallet buyers, as if every second person is able to understand the source code of the firmware and check the safety of new functions. Get down to the ground. Trezor (or any other hardware wallet) users are ordinary people, completely far from understanding the technical aspects of these devices.

No one will puzzle out in trezor devices (from the majority of users), and the words of those who do this (analyze and summarize) should also be questioned if this is not your close friend or public person with an impeccable reputation.

If we just take one company who in a way betrayed its users and extrapolate it to all the companies, there is no wallet you can buy, no Linux distro you can install and no services you can use.

But this one company, through its antics, exposed the weaknesses of the entire industry and led users to question the words and actions of these companies. Blind trust does not bode well.

I would still not recommend a Model T right now, but at least if I got one, I knew what I'm getting, since code and hardware are open.

Why don't you recommend Model T right now? Is it related to one company betrayed of its users? By chance, you don't extrapolate it to this firm?

[o_e_l_e_o]

-snip-

Smart move. I miss the old days where you could just show a person your ID in person, and they would sign a form to say it all checks out without having to actually keep a copy of your ID. And if they did keep a copy, it was a photocopy kept in a filing cabinet and not a digital copy leaked across the internet.

Why don't you recommend Model T right now?

Because Trezor are a deeply unethical company:

All their devices suffer from unfixable seed extraction vulnerabilities, which they deliberately sweep under the rug and do not tell their users how to mitigate against. They also have a very pro-government, pro-censorship, pro-surveillance, and anti-fungibility ethos, as shown by their support of AOPP and their partnership with Wasabi and blockchain analysis.

[Synchronice]

How can one take loan with my identity? I mean, banks don't give away loan so easily, I can't really think that someone can do anything with pictures of my ID card, at least I'm unable to do things with it alone.

Depends on your bank and your jurisdiction. Some banks will happily let you open accounts, set up credit cards, take out loans, even take out mortgages, all over the internet. Often a picture of your ID is enough, and if they want more such as tax numbers, recent bills, etc., then these can be often be obtained by an attacker with a copy of your ID/passport/whatever and your other personal details.

This is really interesting, I did some research and people have really been a victim of KYC leaks, couldn't really imagine if one was able to get loan and other service only by using some KYC documents without actually validating the person.
By the way, it's very interesting if one can sue the bank for giving a loan with only leaked KYC data, without actually verifying the person live. Logically, it is bank's mistake to give away a loan so blindly and another guilty one is the government for giving everyone right to ask us for KYC documents, without caring much about our data. It' robbery man! Holy shit!

How can one take loan with my identity? I mean, banks don't give away loan so easily, I can't really think that someone can do anything with pictures of my ID card, at least I'm unable to do things with it alone.

Depends on your bank and your jurisdiction. Some banks will happily let you open accounts, set up credit cards, take out loans, even take out mortgages, all over the internet. Often a picture of your ID is enough, and if they want more such as tax numbers, recent bills, etc., then these can be often be obtained by an attacker with a copy of your ID/passport/whatever and your other personal details.

Whenever I have to send some personal documents to some company (for setting up a bank account, utility services, amongst others) I always make sure to include a watermark with numerous information (such as which company I'm sending the data to, which data and why). In the event their security is weak and this data is stolen from them, probably no one will be able to open a credit line in my name due to the watermark, and if I ever see those documents floating online I'll know which company was the one responsible for the leak.

That's a clever idea but do companies accept watermarked personal documents? Especially ID card or passport? Also, isn't it easy to remove watermark via photoshop? Especially with some AI properties.

[LoyceV]

But I will buy a Trezor T wallet because they promised that the secret phrase would not leave the wallet.

Don't be naive, Ledger said the same thing in the past

By using a hardware wallet, you're basically trusting them with your money, while the security of "be your own bank" shouldn't rely on third-parties. I really hate this part, and even when using offline software wallets, you have to trust someone. It's impossible to verify all the software you're using, even if it's open source. "Trusting" goes against the basics of Bitcoin, but it's inevitable one way or another.

What is the actual problem in KYC? The fact that your identity is revealed to some 3rd parties or the fact that your bitcoin address is trackable?

The main problem I have with KYC is that I have to trust them for doing the right thing, while many companies (and governments) have leaked private data in the past. This will happen again. At least if they don't have my data, they can't leak it. And this scenario is already undesirable even if the company doesn't do bad things with the KYC data on their own.

your data is never safe, tons of people already have access to it and still you have to reveal it many times in real life.

All the more reason to share this data as little as possible. I've closed bank accounts because they wanted more data than I want them to have.

While it's true that three companies, including Ledger have access to your KYC documents, at some point we can say that revealing your KYC documents can't really affect your quality of life and personally the only threat I can see is that they'll know when and how I spend my crypto, they'll know it for sure. Besides this, is there any other reason to be afraid of KYC?

How about a $5 wrench attack? Ledger already leaked their customer data, which is a long list of people who own a hardware wallet. Add to that the balances of each wallet, and suddenly targeted attacks become very profitable.

That's a clever idea but do companies accept watermarked personal documents? Especially ID card or passport?

Here, it's officially recommended to write the purpose on copied documents, so they have to accept it. But I've seen many car rental companies worldwide easily dismiss all privacy concerns when they copy your passport.

Also, isn't it easy to remove watermark via photoshop?

Probably. A blue pen on a black and white copy shouldn't be that hard to remove digitally.

[o_e_l_e_o]

without actually validating the person.

Given how good AI generated fakes are getting, video or photo selfies will soon be easily fooled as well.

The solution is simple - avoid any platform which requires KYC.

[RickDeckard]

That's a clever idea but do companies accept watermarked personal documents? Especially ID card or passport? Also, isn't it easy to remove watermark via photoshop? Especially with some AI properties.

I always try to place the watermarks in places that the receiver still is able to read the necessary information (Numbers and names mostly), but make it so that the watermark is in an area that would make its removal very easy to spot (or even harder). I know that if someone is really interested in copying my information will eventually find a way to do it, but I find that it works great as a deterrent for most scenarios.

[dkbit98]

I would still not recommend a Model T right now, but at least if I got one, I knew what I'm getting, since code and hardware are open.

Same here.
I think there are currently much better hardware wallet options that are open source and their price is similar or less than Trezor Model T.
To name just a few of them like Passport (around $200), Keystone (around $100), and maybe even others that are cheaper and based on Trezor code but with secure element.

By using a hardware wallet, you're basically trusting them with your money, while the security of "be your own bank" shouldn't rely on third-parties. I really hate this part, and even when using offline software wallets, you have to trust someone. It's impossible to verify all the software you're using, even if it's open source. "Trusting" goes against the basics of Bitcoin, but it's inevitable one way or another.

It's the same thing (if not worse) if you are using computer as alternative for hardware wallet.
You are trusting computer hardware (closed source) and software (can be opensource), but we can all agree that old computers/laptops can have much more flaws, bugs, backdoors, security issues and more attack vectors.
Ask any security expert and he will tell you that hardware wallets (despite issues they have) and generally safer than using computers, if done correctly.
Whatever you are suing to improve security for larger amount of coins it's always better to use multisig setup.

[Synchronice]

What is the actual problem in KYC? The fact that your identity is revealed to some 3rd parties or the fact that your bitcoin address is trackable?

The main problem I have with KYC is that I have to trust them for doing the right thing, while many companies (and governments) have leaked private data in the past. This will happen again. At least if they don't have my data, they can't leak it. And this scenario is already undesirable even if the company doesn't do bad things with the KYC data on their own.

your data is never safe, tons of people already have access to it and still you have to reveal it many times in real life.

All the more reason to share this data as little as possible. I've closed bank accounts because they wanted more data than I want them to have.

You can't live in this world without revealing your KYC documents. House/hotel/car rentals, you need to reveal your KYC documents to get medical help, visit a doctor, get prescribed meds (if any). You have to reveal it to start work. I mean, there are many cases where you have to reveal your KYC documents and we can say for sure that our data isn't as protected as expected but still it's inevitable to give away all of these info. So, let's assume our data has been leaked, what's the point of rejecting other services that ask for KYC? Or do you hope that while your data was leaked, there is a chance that it got removed or lost and no one holds it? Or do you hope that it will be in hands of some people and isn't public? I mean, is your aim to keep this number of your KYC holders as narrow as possible?

Also, isn't it easy to remove watermark via photoshop?

Probably. A blue pen on a black and white copy shouldn't be that hard to remove digitally.

Of course it is Btw passports and some id cards have a lot of patterns and when you try to remove watermark from them, you can mess up with it but if one digs deep into pixels, can really do wonders.

The solution is simple - avoid any platform which requires KYC.

Life gets very hard if you do so, especially if you actively travel. But probably that's the price of privacy, just wonder how long can one keep living in such a discomfort.

You are trusting computer hardware (closed source) and software (can be opensource), but we can all agree that old computers/laptops can have much more flaws, bugs, backdoors, security issues and more attack vectors.

What makes you sure that modern hardwares aren't backdoored? Technology is developing rapidly, a lot of innovations are kept for a long time and released slowly in order to generate more profit, etc.
If you give me 2010's personal computer and 2023's personal computer, both of them offline, I would trust 2010's more than 2023's.

[RickDeckard]

The solution is simple - avoid any platform which requires KYC.

Life gets very hard if you do so, especially if you actively travel. But probably that's the price of privacy, just wonder how long can one keep living in such a discomfort.

Or you can choose to trust this fake messiah[1] (Ledger CEO). ~ 2 weeks have passed from the announcement of Ledger Recover and he's already going out and giving speeches in keynotes, sharing "his outlook for the future, the UX needed to enable mass adoption, and how crypto can protect our online identity. Thank you for the inspiring words!" They keep preaching about "how can crypto protect their online identity" when, at the same time, they are offering services that will link your own identity to the funds that you currently hold (optional, as always  ). Isn't this ironical?

What is even worse is that there are actually some providers that agree with Ledger stance on embracing more users by providing easier entry points[2]:

For instance, Madar highlighted that one of the biggest challenges associated with cryptocurrency is that it’s too complex for many users. “Specifically, keeping track of your physical device and seed phrase for years is far from trivial for the average person. Every user should be able to back up their keys somewhere,” he said.

Echoing this, Marvin Janssen, co-founder of hardware wallet provider Ryder, told Cointelegraph that Ledger Recover might appeal to mainstream customers. “It absolutely happens that people, especially those new to Web3, lose access to their wallet because of a faulty or complete lack of a backup. A feature like Ledger Recover can, therefore, definitely help,” he said.

How can anyone agree that, with a simple update, independently or not if I choose to take part of it, my device will have a "dormant" code that could be exploited in the future and thus voiding everything that the product & company stands for? That's madness!
[1]https://nitter.it/thecryptovalley/status/1664691045299376138
[2]https://cointelegraph.com/news/ledger-ceo-says-crypto-key-recovery-service-makes-self-custody-easier

[o_e_l_e_o]

I know that if someone is really interested in copying my information will eventually find a way to do it, but I find that it works great as a deterrent for most scenarios.

An attacker is going to take the path of least resistance. Are they going to spend several hours trying to edit out your watermark and end up with a result which might still be rejected by whichever service or bank they are trying to fool, or are they just going to move on and use someone else's KYC data instead? When KYC data is widely available to be bought on black markets for ten or twenty bucks for hundreds of users' worth of data, then an attacker is simply going to ignore the one user who has a difficult to remove watermark.

You can't live in this world without revealing your KYC documents. House/hotel/car rentals, you need to reveal your KYC documents to get medical help, visit a doctor, get prescribed meds (if any). You have to reveal it to start work.

Although obviously neither is good, there is a difference between something like a hospital leaking your documents and something like Ledger Recover leaking your documents. In addition to the risk of identity theft which is common in both scenarios, if Ledger Recover leak your data then you make yourself an instant target for crypto thieves, attackers, and scammers, as well as losing all privacy since your wallets/addresses/coins are now publicly linked to your real identity.

So, let's assume our data has been leaked, what's the point of rejecting other services that ask for KYC?

The usefulness of much of your data to an attacker is time limited. You can't take out a loan with an expired passport or ID card. If somewhere is asking for a copy of a recent bill, they usually want it within the last few months. Every time you complete KYC, you reset the clock.

I mean, is your aim to keep this number of your KYC holders as narrow as possible?

Yes.

I have never once completed KYC with any crypto service, nor will I ever do so, yet I would wager I spend, trade, send, and receive bitcoin more frequently than 99% of the users on this forum. Bitcoin was designed precisely to avoid centralized third parties. KYC is not the default position - quite the opposite. Rather than asking why we avoid KYC, you should be asking why so many other people are happy to sacrifice their security, their privacy, and their sovereignty, by completing KYC.

[RickDeckard]

I know that if someone is really interested in copying my information will eventually find a way to do it, but I find that it works great as a deterrent for most scenarios.

An attacker is going to take the path of least resistance. Are they going to spend several hours trying to edit out your watermark and end up with a result which might still be rejected by whichever service or bank they are trying to fool, or are they just going to move on and use someone else's KYC data instead? When KYC data is widely available to be bought on black markets for ten or twenty bucks for hundreds of users' worth of data, then an attacker is simply going to ignore the one user who has a difficult to remove watermark.

That's precisely why I spend a little bit of time implementing those watermarks. I just assume that whatever entity that is holding my information will eventually leak it, so I might as well just try to use any kind of deterrent that I can. Other than that, I try to stay away as much as possible from KYC procedures but some people still haven't realized how much information they are giving away whenever they submit themselves to KYC...

[Wind_FURY]

The solution is simple - avoid any platform which requires KYC.

Life gets very hard if you do so, especially if you actively travel. But probably that's the price of privacy, just wonder how long can one keep living in such a discomfort.

Or you can choose to trust this fake messiah[1] (Ledger CEO). ~ 2 weeks have passed from the announcement of Ledger Recover and he's already going out and giving speeches in keynotes, sharing "his outlook for the future, the UX needed to enable mass adoption, and how crypto can protect our online identity. Thank you for the inspiring words!" They keep preaching about "how can crypto protect their online identity" when, at the same time, they are offering services that will link your own identity to the funds that you currently hold (optional, as always  ). Isn't this ironical?

What is even worse is that there are actually some providers that agree with Ledger stance on embracing more users by providing easier entry points[2]:

For instance, Madar highlighted that one of the biggest challenges associated with cryptocurrency is that it’s too complex for many users. “Specifically, keeping track of your physical device and seed phrase for years is far from trivial for the average person. Every user should be able to back up their keys somewhere,” he said.

Echoing this, Marvin Janssen, co-founder of hardware wallet provider Ryder, told Cointelegraph that Ledger Recover might appeal to mainstream customers. “It absolutely happens that people, especially those new to Web3, lose access to their wallet because of a faulty or complete lack of a backup. A feature like Ledger Recover can, therefore, definitely help,” he said.

How can anyone agree that, with a simple update, independently or not if I choose to take part of it, my device will have a "dormant" code that could be exploited in the future and thus voiding everything that the product & company stands for? That's madness!


[1]https://nitter.it/thecryptovalley/status/1664691045299376138

[2]https://cointelegraph.com/news/ledger-ceo-says-crypto-key-recovery-service-makes-self-custody-easier

Shower thought. Is it possible that if a user has enabled the recovery feature, and has his/her data held by a third party, then it's probable that a government entity could issue a written order telling the third party to give them access to then user's coins/savings?

Because I believe the user has given up some of his/her rights upon upload of his/her own data. Don't third parties always have Terms of Agreement that users never read?

 

[o_e_l_e_o]

Is it possible that if a user has enabled the recovery feature, and has his/her data held by a third party, then it's probable that a government entity could issue a written order telling the third party to give them access to then user's coins/savings?

Yes, absolutely. The Ledger co-founder stated as much here:

If you are a Recover user and have your shard into safeguarded by third parties, then yes, a government could subpoeana them and get access to your funds

Ledger also admit it here (under Data & Privacy at the bottom of the page):

Coincover will never pass your information to a third-party unless it has a legal obligation to do so. For example, law enforcement agencies often have extensive criminal investigation powers including the ability to obtain production orders requiring information to be produced. It may result in a criminal offense for any entity supporting Ledger Recover to fail to comply with a production order, but Coincover would always take all reasonable steps to verify a production order before complying with it.

[Synchronice]

Shower thought. Is it possible that if a user has enabled the recovery feature, and has his/her data held by a third party, then it's probable that a government entity could issue a written order telling the third party to give them access to then user's coins/savings?

Because I believe the user has given up some of his/her rights upon upload of his/her own data. Don't third parties always have Terms of Agreement that users never read?

 

Yes, that's unlikely to happen for an average user but definitely possible and that's another reason why someone should avoid Ledger Recover service.
By the way, ToS is a joke. If you read ToS of companies you frequently use or if you read the list of side effects of every meds, you are not going to use them ever in your life but the problem is that you need to use that particular service or product and because of that 99% of people just agree and move on.

There was a discussion about Ledger Recover and subpoena in podcast with the CEO of Ledger.
Have a look at these moments:
https://youtu.be/M3VjQUcyZSY?t=929
https://youtu.be/M3VjQUcyZSY?t=2610

[LoyceV]

Is it possible that if a user has enabled the recovery feature, and has his/her data held by a third party, then it's probable that a government entity could issue a written order telling the third party to give them access to then user's coins/savings?

Yes, absolutely.

The question is now which government will get to your coins first But that's not even my biggest concern: what are the odds 2 out of 3 "seed storage facilities" will get hacked, leak data, or have an inside job rob users? If this takes off, there are billions of dollars worth of crypto to steal.

[joker_josue]

The question is now which government will get to your coins first But that's not even my biggest concern: what are the odds 2 out of 3 "seed storage facilities" will get hacked, leak data, or have an inside job rob users? If this takes off, there are billions of dollars worth of crypto to steal.

The other day I saw a movie, where confidential information was kept inside a stone, and hardly anyone would suspect that it contained that information.
Well maybe, we need to start thinking about saving the seed in a rock. 

[Pmalek]

Theoretically, hackers can make a patch for Ledger Live to intercept the encrypted Seed, which is divided into 3 parts. Of course, without the decryption key stored on the Ledger, they can't do anything.

How can the encryption key be stored on your Ledger device, if you can recover your crypto on any other Ledger HW of your choosing? The other devices can't hold your encryption key. The original hardware device maybe, but it looks like Ledger gets a copy of it. How else do you explain recovering crypto on Ledger #2 if Ledger #1 that encrypted the shards is no longer working/in your possession? Either Ledger has the keys or the encryption key is also somehow shared among all custodians.

To name just a few of them like Passport (around $200), Keystone (around $100), and maybe even others that are cheaper and based on Trezor code but with secure element.

A secure element like in the Ledger or a similar chip that relies on whether or not the developers write the necessary code that makes code extraction possible? The one good thing in all this is that Ledger has proven that secure elements are not to be trusted and aren't safe. Not in a Ledger or any other hardware wallet.