Bitcoin Forum
March 28, 2024, 10:18:13 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 »  All
  Print  
Author Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities  (Read 4589 times)
m2017
Legendary
*
Offline Offline

Activity: 1764
Merit: 1280


keep walking, Johnnie


View Profile
May 23, 2023, 05:31:31 PM
Merited by o_e_l_e_o (4), vapourminer (1)
 #141

The CTO just shared this on Twitter. Ledger's open source roadmap:



Your thoughts?

You are all aware that Ledger screwed up very badly with their latest firmware update and the announcement of a new feature, suffered a very serious loss of reputation. I see this open source roadmap as an attempt to rehabilitate themselves in the eyes of current and potential customers, to show that this company can be trusted again, everything is open and transparent with them. I don't see this as a desire on their part to really do better for their clients, because if they were, this tweet would have been made before all these community-shaking events and the Ledger would have been open to their clients sooner.

I see it this way: Ledger is trying to justify itself, restore the trust of customers and put their hands in their pockets again, because they felt that they could be left without their money. To be honest, I don't believe them. This company systematically arranges unpleasant surprises, messes with the personal data of customers, lies openly over and over again, believing their customers are mentally retarded, unable to compare their past and current statements.

Ledger doesn't appreciate its customers and doesn't value them. That's what I think. If they treat us like a piece of shit, how should we treat them? What trust can there be?

Do they really think that the guys who broke their devices after this tweet will begin to collect the broken parts of the devices and glue them together? It seems this firm still has no idea how painful their own shot in the leg would be.

.BEST..CHANGE.███████████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
███████████████
..BUY/ SELL CRYPTO..
1711621093
Hero Member
*
Offline Offline

Posts: 1711621093

View Profile Personal Message (Offline)

Ignore
1711621093
Reply with quote  #2

1711621093
Report to moderator
1711621093
Hero Member
*
Offline Offline

Posts: 1711621093

View Profile Personal Message (Offline)

Ignore
1711621093
Reply with quote  #2

1711621093
Report to moderator
1711621093
Hero Member
*
Offline Offline

Posts: 1711621093

View Profile Personal Message (Offline)

Ignore
1711621093
Reply with quote  #2

1711621093
Report to moderator
"Bitcoin: the cutting edge of begging technology." -- Giraffe.BTC
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711621093
Hero Member
*
Offline Offline

Posts: 1711621093

View Profile Personal Message (Offline)

Ignore
1711621093
Reply with quote  #2

1711621093
Report to moderator
HeRetiK
Legendary
*
Offline Offline

Activity: 2884
Merit: 2061



View Profile
May 23, 2023, 06:28:47 PM
Merited by o_e_l_e_o (4), Pmalek (2), RickDeckard (2)
 #142

To be honest, here 'open source' is thrown around wildly (blog posts and whitepapers are no 'source' of anything).. Grin

They are taking credit for their '+150 applications' being open source, meanwhile are not writing those themselves, right? The individual coins' developers make them, don't they?

The SDK pretty much has to be open-source if they want altcoin developers to make the accompanying Ledger app for them (for free?); so nothing to take much credit for there, either.

A whitepaper cannot be 'open / closed source' since (1) it's not a source of anything (neither software, nor hardware), (2) you don't write a whitepaper if you don't intend to publish it.

All these blogposts, little tools and whatever they want to provide are just fillers for the big void on the infographic: the firmware remains closed.
As long as that doesn't change, their ability to include backdoors doesn't change. No matter how many blogposts they publish, whether they open-source some dashboard or individual apps. We need the firmware source code; anything else is pointless.

Well said. Lots of fluff, nothing that actually changes anything. Just a continuation of bullshittery, and not a good one at that.

I mean let's look at that step for step.

Already Open Source -- Yeah, I guess congratulations for using an open source cryptography library like any sane person would? Mentioning 150+ third party applications is just obvious padding. To be fair, not all SDKs are open source, but it's a really low bar and pretty much standard unless you are aiming for a very small niche and don't care about fostering a community of developers.

In the Coming Days -- A whitepaper and a few blog posts. *slow clap* Admittedly I am curious about the whitepaper though.

In the Coming Weeks -- Providing "tools to implement your own shard backup provider" is the first (and only) thing that sounds remotely like a step in the right direction (ignoring the core of the problem that is the devices' capability to send the seed over the internet, but that ship has sailed). "Open sourcing of the dashboard which is a specific part of the OS containing Recover implementation" is practically useless and just a thinly veiled diversion. But hey, maybe they get to out source the development of a dark theme for the dashboard to the community. Win-Win.

In the Coming Months -- "Modularize even more the OS in order to keep as little as possible the part that must be trusted." That's the sort of sentence that you dictate your intern to quickly jot down as a talking point, only for them to just use it word for word in the official communication without a second thought. Either way, that part of the roadmap is the most interesting to translate:

"In the Coming Months" => "We don't plan to actually do this, but if you keep pestering us we'll eventually have to throw you guys a bone in a year or two."

"Modularize even more the OS in order to keep as little as possible the part that must be trusted." => "Refactor the code in a way that keeps the nasty bits out of sight."
RickDeckard (OP)
Legendary
*
Offline Offline

Activity: 980
Merit: 2771



View Profile
May 23, 2023, 07:13:16 PM
Merited by o_e_l_e_o (4), vapourminer (1)
 #143

To be honest, here 'open source' is thrown around wildly (blog posts and whitepapers are no 'source' of anything).. Grin

They are taking credit for their '+150 applications' being open source, meanwhile are not writing those themselves, right? The individual coins' developers make them, don't they?

The SDK pretty much has to be open-source if they want altcoin developers to make the accompanying Ledger app for them (for free?); so nothing to take much credit for there, either.

A whitepaper cannot be 'open / closed source' since (1) it's not a source of anything (neither software, nor hardware), (2) you don't write a whitepaper if you don't intend to publish it.

All these blogposts, little tools and whatever they want to provide are just fillers for the big void on the infographic: the firmware remains closed.
As long as that doesn't change, their ability to include backdoors doesn't change. No matter how many blogposts they publish, whether they open-source some dashboard or individual apps. We need the firmware source code; anything else is pointless.

Well said. Lots of fluff, nothing that actually changes anything. Just a continuation of bullshittery, and not a good one at that.

I mean let's look at that step for step.
(...)
I agree. To me it looks like they are just throwing sand into people's eyes and aren't addressing the issue directly (and considering the reputation damage that they got, this current issue isn't their only problem). Their last phrase on the tweet[1] is loaded with irony - "We believe open source brings openness, transparency, audibility, and trust" - mostly due to the fact that they didn't never cared about going OS as far as I'm aware, they are just trying to shed a very limited light within their code due to this horrible PR mess and hoping that people get satisfied by their "open source plan".

For the few people that still believe in Ledger, do note that I am also unsure whenever you'll see this full plan being implemented as their CTO also admitted[2] that "The other parts will take a little more time since it needs to be refactored to abstract the chip-specific characteristics under NDA from our OS.", meaning that this will be a long(tm) journey before getting everything ironed out within their NDA...

[1]https://nitter.it/pic/orig/enc/bWVkaWEvRncwWDRscGFBQVlqX0JwLmpwZw==
[2]https://nitter.it/P3b7_/status/1661012225073745929

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
dkbit98
Legendary
*
Offline Offline

Activity: 2184
Merit: 7019


SATOCHIP.io


View Profile WWW
May 23, 2023, 09:04:26 PM
Merited by o_e_l_e_o (4), vapourminer (1)
 #144

"Opening more source" "over time" can mean anything and is something I'll believe when I see it. And even if they start opening more of their source code -- as long as parts of their code stays closed source there will always be insecurity.
Here we go again... same old story of semi-open source, little tiny bit of closed source, mostly open source, etc...
This sounds to me like they are just buying some time and hoping people will forget about this issue in few days, so they can continue business as usual  Tongue

Case in point, Ledger's software is already mostly open source, except for the firmware. And that's where the bodies were buried. So even if part of it gets open sourced, as long as some parts stay hidden, they will always have room for burying bodies. "Welcome to my basement officers, feel free to look around, just don't open the freezer, that one's off-limit."
Nobody cares about their stupid buggy ledge live app, they can open source that up in their asses.
I understand that it's not easy to have open source secure element, but why the heck would someone hide firmware code, unless they have hidden plans with it.

With Trezor you can download the source code and compile it yourself. Heck, if you feel especially nifty you can just go ahead and make your own Trezor clone [1]. Can't get much more trustless than that.
I think this is also possible with Passport wallet, but it's much harder to assemble all parts to make your own device.
Another open source wallet you can make is Jade, and it's super easy.

It also doesn't fix past 'mistakes'. For instance, they could have spied on users for the last few years, patch it out and then open-source the firmware.
It is easy to see that if you used the firmware before it was fully open, there will always be a risk that some of your information has been compromised (by Ledger or others).
They spied in last few months for sure.
Someone found out early code was pushed in several previous releases for ledger nono X, possibly for other models as well.

Your thoughts?
Bullshit.
They postponed Recover crap and posted this as a distraction.
Let me tell you now and check back if I was right in few months/years, ledger will never be true open source wallet, but they could put another open source false advertisement label.

I agree. To me it looks like they are just throwing sand into people's eyes and aren't addressing the issue directly
This reminds me on exact strategy main stream media is using, or magicians in circus, or tricksters on street with matches   Roll Eyes
Putting down fire is never an easy task...

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
Synchronice
Hero Member
*****
Offline Offline

Activity: 812
Merit: 742


Watch Bitcoin Documentary - https://t.ly/v0Nim


View Profile
May 24, 2023, 09:20:56 AM
Merited by o_e_l_e_o (4), vapourminer (2)
 #145

With Trezor you can download the source code and compile it yourself. Heck, if you feel especially nifty you can just go ahead and make your own Trezor clone [1]. Can't get much more trustless than that.

[1] https://www.instructables.com/Making-My-Own-Trezor-Crypto-Hardware-Wallet/
I didn't know that, thank you!

Yes, you can and should.
A good hardware wallet manufacturer will actually advise and instruct its customers how to download the firmware, verify its integrity and flash it. It should also make sure to have reproducible builds; this means being able to easily check that the firmware download matches the code.
It should also be easily possible to compile it yourself, alternatively.

The guys over at WalletScrutiny check popular wallets from time to time to see whether their builds (firmware blobs / binaries) match the open-source code. In case someone cannot / doesn't want to do it themselves, and they trust them, that's a good resource.
I can't access that website, seems it's down due to a DMCA takedown notice. But I found a good guide on Reddit.

Honestly I find it downright malicious that Ledger's defensive message control boils down to lying about the current state of the hardware wallet ecosystem (ie. claiming that consumers always have to trust hardware wallet manufacturers while that's decidedly not the case). They are trying to normalize bad practices in terms of both security and privacy, making them the very antithesis of what one should expect from a hardware wallet company.
I really suggest you to watch podcast with Pascal Gauthier, the CEO of Ledger. Pascal Gauthier basically says that 99% of people can't check and analyze open-source code and they have to trust other guys, so he sees no point in it. Also, he says that crypto users think that KYC procedure is a very normal procedure and almost 95-99% of people have already done KYC on crypto exchanges or in other services.
Basically, he says that people in crypto world have accepted KYC and it's a normal here.


Available for a new signature campaign
Lucius
Legendary
*
Offline Offline

Activity: 3192
Merit: 5543


Fortis Fortuna Adiuvat⚔️


View Profile WWW
May 24, 2023, 10:59:09 AM
Merited by o_e_l_e_o (4), Pmalek (2), vapourminer (1)
 #146

~snip~
Basically, he says that people in crypto world have accepted KYC and it's a normal here.

There is some truth in the fact that the majority have accepted KYC as a standard procedure, but still mostly when it comes to CEX, but this was never the case with hardware wallets, even though Ledger leaked data of hundreds of their clients, and the company is swept it under the carpet and tried to convince clients that there was actually no danger in it.

This is just a continuation of everything that happened, because if we read between the lines, then the message that Ledger sends is something along the lines of "you are not ready to be your own bank anyway, your backup is safer in our hands", which is very similar to what said comrade CZ, when he called practically 99% of his users "stupid" and asserted that they are not capable of being their own bank.

If you look at the bigger picture and all the regulations, especially in the US and the EU, then it is much clearer in which direction all this is going. Let no one be surprised if in the future any HW will be impossible to use without detailed KYC, and the so-called "recovery" will also be mandatory, which will mean that most of the bad-informed will keep their BTC in a custodial service.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18497


View Profile
May 24, 2023, 11:37:18 AM
Merited by Lucius (1)
 #147

There is some truth in the fact that the majority have accepted KYC as a standard procedure, but still mostly when it comes to CEX, but this was never the case with hardware wallets
This x1000. I do not believe that the Ledger team do not understand the difference between KYC on a centralized exchange where you already have zero privacy and zero security and are well aware the centralized exchange has complete control of your coins and is monitoring everything you do, versus KYC on a hardware wallet where the vast majority of people are going to want complete security and a reasonable amount of privacy. The vast majority of people do not want their hardware wallet addresses KYCed or their wallets linked to their real identity and that information shared with blockchain analysis companies, governments, and whoever else pays for the data.

I'm sure Ledger know this, but are being deliberately misleading in the defense of their new vulnerability feature.
Pmalek
Legendary
*
Offline Offline

Activity: 2716
Merit: 7030


Farewell, Leo. You will be missed!


View Profile
May 24, 2023, 11:52:47 AM
 #148

Especially since this is a USB-connected hardware wallet, you could easily get a virus on your PC which asks the wallet for the seed phrase 'shards', just the same way Ledger Live will do it when you initiate the Ledger Recover setup. And the wallet will just hand them out.
It won't if it works the same way transaction broadcasting works. You need physical confirmation to broadcast a transaction, and Ledger has said you will also have to physically allow the sharing of the shards. Whether or not that is true is another topic of discussion. 

Honestly I find it downright malicious that Ledger's defensive message control boils down to lying about the current state of the hardware wallet ecosystem (ie. claiming that consumers always have to trust hardware wallet manufacturers while that's decidedly not the case).
Putting aside the open-source vs closed-source war, I think the trust lies in the fact that the developers and security experts did their job properly to not mess up the code or introduce vulnerabilities that someone can exploit. That's what most people have to trust because most of us don't know how safe a code is whether we can view it publicly or not.

Trezor's open-source code means very little to me because I can't go through it and I don't understand what it does. I still have to trust Trezor and everyone that has verified the code that it's bulletproof and can't be abused. That's the trust part.   

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
Synchronice
Hero Member
*****
Offline Offline

Activity: 812
Merit: 742


Watch Bitcoin Documentary - https://t.ly/v0Nim


View Profile
May 24, 2023, 12:26:14 PM
Merited by vapourminer (2), Pmalek (2), Lucius (1), stompix (1)
 #149

~snip~
Basically, he says that people in crypto world have accepted KYC and it's a normal here.

There is some truth in the fact that the majority have accepted KYC as a standard procedure, but still mostly when it comes to CEX
I don't think people have accepted KYC, people have no other choice. That is the reason why there is a demand on decentralized exchanges and why people use so many non-kyc casinos/instant-exchanges/mixers.

but this was never the case with hardware wallets
In the first place, that was never a case with crypto exchanges at first. KYC become implemented over time, the same happens with hardware wallets over time.

This is just a continuation of everything that happened, because if we read between the lines, then the message that Ledger sends is something along the lines of "you are not ready to be your own bank anyway, your backup is safer in our hands", which is very similar to what said comrade CZ, when he called practically 99% of his users "stupid" and asserted that they are not capable of being their own bank.
He said that a lot of people write him and tell him that they can't carry the responsibility of keeping 24 word seed phrase safely and ask them for recovery options. Basically, what he says is 100% true for majority of users. I have even stated earlier that Ledger wouldn't do such a risky move without research and confidence. At the moment a lot of people are angry about their decision but it's a business, Ledger aims to satisfy upcoming millions of users instead of a current tiny userbase.

If you look at the bigger picture and all the regulations, especially in the US and the EU, then it is much clearer in which direction all this is going. Let no one be surprised if in the future any HW will be impossible to use without detailed KYC, and the so-called "recovery" will also be mandatory, which will mean that most of the bad-informed will keep their BTC in a custodial service.
We know where its going, they want to know how you earn, how you spend, they want to control everything, that is the aim.


There is some truth in the fact that the majority have accepted KYC as a standard procedure, but still mostly when it comes to CEX, but this was never the case with hardware wallets
This x1000. I do not believe that the Ledger team do not understand the difference between KYC on a centralized exchange where you already have zero privacy and zero security and are well aware the centralized exchange has complete control of your coins and is monitoring everything you do, versus KYC on a hardware wallet where the vast majority of people are going to want complete security and a reasonable amount of privacy. The vast majority of people do not want their hardware wallet addresses KYCed or their wallets linked to their real identity and that information shared with blockchain analysis companies, governments, and whoever else pays for the data.

I'm sure Ledger know this, but are being deliberately misleading in the defense of their new vulnerability feature.
He said in a podcast that a lot of people tell them that they can't handle the responsibility of keeping 24 words seed phrase safely and they want a recovery option. To be honest, I believe in what he said. It's you, me and one or two other guys who cares, majority doesn't care. I genuinely believe that they have done research and backed this decision of theirs.

Available for a new signature campaign
HeRetiK
Legendary
*
Offline Offline

Activity: 2884
Merit: 2061



View Profile
May 24, 2023, 01:27:19 PM
Merited by n0nce (1)
 #150

Honestly I find it downright malicious that Ledger's defensive message control boils down to lying about the current state of the hardware wallet ecosystem (ie. claiming that consumers always have to trust hardware wallet manufacturers while that's decidedly not the case).
Putting aside the open-source vs closed-source war, I think the trust lies in the fact that the developers and security experts did their job properly to not mess up the code or introduce vulnerabilities that someone can exploit. That's what most people have to trust because most of us don't know how safe a code is whether we can view it publicly or not.

Trezor's open-source code means very little to me because I can't go through it and I don't understand what it does. I still have to trust Trezor and everyone that has verified the code that it's bulletproof and can't be abused. That's the trust part.    

Yes and no. Ledger is deliberately setting up a false equivalence of trust.

Yes, there's always a certain degree of trust required: If you can verify the code, you still need to trust the compiler. If you can verify the compiler, you still need to trust your CPU. If you can verify the CPU, you still need to trust the laws of physics.

But.

Contrary to what Ledger is trying to sell, trusting a single company to "do the right thing" is not even remotely the same as having thousands of developers and hackers -- independent and contracted alike -- making sure that there's nothing fishy going on. It simply isn't.
Lucius
Legendary
*
Offline Offline

Activity: 3192
Merit: 5543


Fortis Fortuna Adiuvat⚔️


View Profile WWW
May 24, 2023, 01:38:45 PM
Merited by Synchronice (1)
 #151

He said that a lot of people write him and tell him that they can't carry the responsibility of keeping 24 word seed phrase safely and ask them for recovery options. Basically, what he says is 100% true for majority of users. I have even stated earlier that Ledger wouldn't do such a risky move without research and confidence. At the moment a lot of people are angry about their decision but it's a business, Ledger aims to satisfy upcoming millions of users instead of a current tiny userbase.


In recent posts, the "geniuses" from Ledger refer to their mothers and some future 100 million clients, and to me it looks like senseless and cheap propaganda, and by no means some kind of story that is based on the fact that Ledger is overwhelmed by requests from thousands of users who literally ask the company to allow them to share their backup with some unknown companies.

All those supposed users who are looking for such a risky feature actually have no idea what kind of nonsense they are looking for, and Ledger as a company turns out to be an even bigger fool if they enable this feature. In my opinion, the intention (although I think it is not true that a large number of users asked for it) of enabling such a service only shows that Ledger does not care that they try to present risk as a benefit, as long as their additional profit is behind it.

I also wouldn't call the millions of current users "tiny userbase", nor would I agree that some new users will rush to buy their devices in the future, although I may be living in the illusion that the average Bitcoin user will wise up with time and realize that Ledger has become bad product.



~snip~
The vast majority of people do not want their hardware wallet addresses KYCed or their wallets linked to their real identity and that information shared with blockchain analysis companies, governments, and whoever else pays for the data.

Just to add that it might be more correct to say that the vast majority of those who don't want it actually belong to that small percentage of people who understand the basic difference between a bank account and actually owning Bitcoin in the sense of "not your keys, not your coins". If a person does not understand the essence of Bitcoin, then it does not matter to him how the backup is stored, and if Ledger remains the leader in the sale of hardware wallets after all, it will only confirm that even the best ideas in the wrong hands do not make much sense.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
Synchronice
Hero Member
*****
Offline Offline

Activity: 812
Merit: 742


Watch Bitcoin Documentary - https://t.ly/v0Nim


View Profile
May 24, 2023, 02:16:39 PM
Merited by Lucius (1)
 #152

In recent posts, the "geniuses" from Ledger refer to their mothers and some future 100 million clients
Haha, I laughed a lot Cheesy You made my day

All those supposed users who are looking for such a risky feature actually have no idea what kind of nonsense they are looking for, and Ledger as a company turns out to be an even bigger fool if they enable this feature. In my opinion, the intention (although I think it is not true that a large number of users asked for it) of enabling such a service only shows that Ledger does not care that they try to present risk as a benefit, as long as their additional profit is behind it.

I also wouldn't call the millions of current users "tiny userbase", nor would I agree that some new users will rush to buy their devices in the future, although I may be living in the illusion that the average Bitcoin user will wise up with time and realize that Ledger has become bad product.
In podcast, the CEO of Ledger said that they have 6 million customers. That's a tiny number if they have calculated that up to 100 million users are in queue in near future and are exactly looking for this service.
I want to ask you, how many people use Facebook? Google search? Keep in mind that these companies don't give a shit to users personal information and it has been proven for many times and still their profit and userbase increases every day. Millions of facebook users post what and where they eat, where they work, what movie they watch, send sensitive information in messenger, etc.
Don't you think that these people aren't going to somehow step in a crypto world? And don't you think that they can be that 100 million users and will willingly use Ledger Recover service?
Let's say that Ledger has two options: A. Their profit will increase slightly if they keep their current crypto enthusiast customers happy and B. Their profit will dramatically increase if they lose some of their customers but attract a lot of new customers who will pay them $9 every month.
Ledger is a business, a corporative company, right? And it's clear to see that this company wasn't founded by a crypto enthusiast but by a person who is a businessman and wants money. They go with option B.

Einstein once said: Two things are infinite: the universe and human stupidity.

Available for a new signature campaign
dkbit98
Legendary
*
Offline Offline

Activity: 2184
Merit: 7019


SATOCHIP.io


View Profile WWW
May 24, 2023, 09:19:57 PM
 #153

I'm sure Ledger know this, but are being deliberately misleading in the defense of their new vulnerability feature.
But it's only $9.99 per month, plus lifetime access to your keys, and you are safu up to $50k.  
Sounds like a ''great'' deal, right Cool

Yes and no. Ledger is deliberately setting up a false equivalence of trust.
Let me remind everyone that Chinese hardware wallet Safepal is currently doing exactly the same thing as ledger, they are sending keys to google and iCloud  Roll Eyes

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
RickDeckard (OP)
Legendary
*
Offline Offline

Activity: 980
Merit: 2771



View Profile
May 24, 2023, 09:35:26 PM
 #154

I'm sure Ledger know this, but are being deliberately misleading in the defense of their new vulnerability feature.
But it's only $9.99 per month, plus lifetime access to your keys, and you are safu up to $50k.  
Sounds like a ''great'' deal, right Cool
You forgot to mention that you'll also get KYC during the whole process and you might even be unable to access the funds considering how wonky the KYC recognition procedures currently are Smiley. Now that's a "incredible" deal Cool.

Besides CTO roadmap announcement, Ledger CEO & Chairman Pascal Gauthier also shared a letter yesterday regarding Ledger Recovery[1] which is basically saying what every top chairman on the company is spreading at the moment - "we'll open source as most as we can regarding Ledger OS". This[2] particular tweet is also interesting:
Quote
The main concerns that you expressed are around transparency, censorship resistance, and security. I think we’ve done a good job to address all of your concerns, but again, it’s for you to tell us, so please don’t hesitate to like, comment, share our clarified service
Is it just me, or so far they have failed in every aspect mentioned by him?

  • Transparency - They are always dodging the real questions and only give half answers;
  • Censorship Resistance - Considering the fact that, as soon as you have your shards in external entities you could have your shards, a government can subpoena them, how "censorhip resistance" is this?
  • Security - I think we all agree to disagree on this one Cool.

[1]https://nitter.it/_pgauthier/status/1661012614753943559
[2]https://nitter.it/_pgauthier/status/1661012625575272453

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
satscraper
Hero Member
*****
Offline Offline

Activity: 686
Merit: 1210


View Profile
May 25, 2023, 07:21:35 AM
Last edit: May 25, 2023, 09:07:52 AM by satscraper
 #155

^

And what are your thoughts on  Christopher Allen statement expressed to CoinDesk that "Secure element chips can’t perform the kind of cryptography needed to completely encrypt user keys on-device". If it is true then all hardware wallets are not safe because that "kind of cryptography"  mentioned by Allen  they have to perform outside SE.

o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18497


View Profile
May 25, 2023, 08:44:38 AM
Merited by Synchronice (2), Lucius (1)
 #156

In recent posts, the "geniuses" from Ledger refer to their mothers and some future 100 million clients
It is an interesting talking point because it is exactly the same talking point that Square/Block have been using to promote their hardware wallet which has no seed phrases and shares custody of your back up with third parties.

For example, here is their business lead Lindsey Grossman using the 100 million figure, and then talking about her "friends and family": https://youtu.be/WbjzZQwDozw?t=355

Ledger is a business, a corporative company, right? And it's clear to see that this company wasn't founded by a crypto enthusiast but by a person who is a businessman and wants money. They go with option B.
Or, the incredibly simple solution which would have avoided literally all of this drama - create a new product called Ledger Nano R, which is the only product in their range which provides this Recovery nonsense. People who want third parties to store their seed phrase can buy the R, and everyone else with a shred of sense can stay away from it.
Synchronice
Hero Member
*****
Offline Offline

Activity: 812
Merit: 742


Watch Bitcoin Documentary - https://t.ly/v0Nim


View Profile
May 25, 2023, 09:36:27 AM
 #157

Ledger is a business, a corporative company, right? And it's clear to see that this company wasn't founded by a crypto enthusiast but by a person who is a businessman and wants money. They go with option B.
Or, the incredibly simple solution which would have avoided literally all of this drama - create a new product called Ledger Nano R, which is the only product in their range which provides this Recovery nonsense. People who want third parties to store their seed phrase can buy the R, and everyone else with a shred of sense can stay away from it.

If Ledger Recover was a mandatory service, then that would make sense but since its optional, there is no logical reason to produce another series of hardware wallets. You can either subscribe it and pay $9 monthly or just ignore it and use Ledger in a traditional way.
P.S. Don't remind me that an optional service is bullshit and there is a chance that they may have already created a backup of our seed, I know that. But not everyone thinks so.

Available for a new signature campaign
LoyceV
Legendary
*
Offline Offline

Activity: 3262
Merit: 16315


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
May 25, 2023, 10:02:21 AM
 #158

Or, the incredibly simple solution which would have avoided literally all of this drama - create a new product called Ledger Nano R, which is the only product in their range which provides this Recovery nonsense. People who want third parties to store their seed phrase can buy the R, and everyone else with a shred of sense can stay away from it.
And miss out on millions of existing Ledger users who can all be convinced to pay $9.99 per month to compromise their keys? Doing the right thing doesn't earn you money.

they may have already created a backup of our seed
This is why I never fully trusted hardware wallets. I can't possibly know for sure what happens inside the black box.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Synchronice
Hero Member
*****
Offline Offline

Activity: 812
Merit: 742


Watch Bitcoin Documentary - https://t.ly/v0Nim


View Profile
May 25, 2023, 10:32:26 AM
 #159

they may have already created a backup of our seed
This is why I never fully trusted hardware wallets. I can't possibly know for sure what happens inside the black box.
This is why I only trust old equipment but sadly in near future I'll won't be able to use them. I personally believe that when computers, mobiles and softwares were at an early stage of development, real aim and priority was to improve the technology and make things better but once there is a lit of potential to earn billions, then this takes over every positive thinking and real aim becomes to improve technology in order to gain more control and influence.

I simply can't trust modern hardware, I'm afraid highest percentage of them are backdoored. I prefer to create and hold my bitcoin wallet in a 2008s personal computer than in modern Intel Core i5-13400 with RTX 4090 GPU.


Btw I have mentioned many times that the level of security depends on the level of asset value but the hardware wallet and KYC accident really makes me think twice for now.

Available for a new signature campaign
joker_josue
Legendary
*
Offline Offline

Activity: 1610
Merit: 4426


**In BTC since 2013**


View Profile WWW
May 25, 2023, 11:49:52 AM
 #160

This is why I only trust old equipment but sadly in near future I'll won't be able to use them. I personally believe that when computers, mobiles and softwares were at an early stage of development, real aim and priority was to improve the technology and make things better but once there is a lit of potential to earn billions, then this takes over every positive thinking and real aim becomes to improve technology in order to gain more control and influence.

It is because of this that civil aviation systems, at airports and in radars, use technology that is more than 50 years old. Of course they are making some updates, but always based on the technology designed for over 50 years.

They thus manage to ensure greater security, as hackers have more difficulty in invading these systems, which are "outdated" compared to what is used today.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!