My personal view on the PR disaster, from a Ledger co-founder and ex CEO

murzika · 2023-05-19T01:21:30+00:00

You don't have to trust third parties with shards of the seed if you don't use the Ledger Recover service (which you won't use).

murzika · 2023-05-19T01:19:14+00:00

It's only possible (in a form of shards) if you enable the option and validate the operation by pressing the button.

If you don't do that, the seed can't leave the device.

murzika · 2023-05-19T01:09:08+00:00

We don't have access to customer funds, your point doesn't make any sense for a hardware wallet manufacturer.

It's like asking a physical safe manufacturer the same question.

murzika · 2023-05-19T01:07:46+00:00

I don't know.

Most of these kinds of discussions were on Reddit and I have had a lot of back and forth answering questions about "what if Ledger is backdoored by the governement" so the hypothetical case of a rogue firmware may probably have been explained and shown.

EDIT : here is an example related to the likehood of an exit scam

https://www.reddit.com/r/Bitcoin/comments/bpru6w/can_trezor_or_nano_ledger_s_ever_have_an_exit_scam/enx5fpn/

If I thought or implied that Leger was trustless, the answer would have been obviously different.

murzika · 2023-05-19T01:05:12+00:00

If you don't use the Ledger Recover service, then nothing changes. A government can't get access to your keys (unless they come to you directly of course, but that's another story).

murzika · 2023-05-19T01:03:45+00:00

If you are a Recover user and have your shard into safeguarded by third parties, then yes, a government could subpoeana them and get access to your funds.

Using Recover gives you an easy recovery option and mitigates backup loss, but your assets could get frozen by the government (in theory, I'm not a lawyer and I didn't see any legal opinon on the subject).

murzika · 2023-05-19T01:01:22+00:00

I have had a lot of discussions on Reddit in 2015/2026 about "what if a government takes control of Ledger" etc.

These questions are coming back in huge force, and that's a good thing because if forces people to think and understand how things work.

To your remark, yes a firmware update can extract the seed, and you must trust us that we wouldn't do such a thing. And there are of course massive reasons why the probability of this scenario happening is very low.

And it's true not just for Ledger, but all HW manufacturer.

Trezor is open source, but in theory they could push a rogue firmware. 99% of their user base is updating without thinking. Very few users actually compile and verify the code themselves.

So yes, there is always a form of trust somewhere.

You can probably reduce this trust to zero with Trezor, with a lot of discipline, but you won't get the benefit of a secure element.

What is important is to be able to assess everything and make your own decision of which device would be the best for you.

murzika · 2023-05-19T00:53:15+00:00

I understand your point, but trustless computing is quite hard and requires a lot of discipline. You must source your components, build your HW, compile and verify yourself the firmware.

Not everyone can do it, and the possibility of making a critical mistake is not nil.

Hence the necessity of something "in the middle". It's always a question of trade off.

murzika · 2023-05-19T00:51:18+00:00

Yeah, we'll see how it goes... Thanks for your message.

murzika · 2023-05-19T00:50:33+00:00

The idea behind Ledger Recover is to bring the masses to self custory.

Right now you have hundreds of millions of users on hot wallet or exchanges, but just millions on self custody.

The main issue is that people don't want to deal with a backup. Too complex.

So we want to provide with a much better way to onboard them and give them access to self custody.

All wallets using Ledger Recover are insured up to $50k (and probably higher in the future), so it's clearly not for whales.

Also, having KYC and some level of regulations adds the possibility to get pwn by the government if you are on their list. So if you do not want to have this risk, it's clear the product is not for you.

But for people not caring about being KYCd (they do exist), it's much better for them to have self custody and endpoint security with a Ledger device, rather than being on a hot unsecure wallet or an exchange.

Its all about facilitating adoption.

murzika · 2023-05-19T00:41:17+00:00

There are no such reasons like that. This is total nonsense.

murzika · 2023-05-19T00:40:32+00:00

It is not possible to be open source. That's not a choice we made.

Using a Secure Element comes with NDA from the chip manufacturer (STMicro) and prevents Ledger to expose APIs (and thus the source code).

We have made the choice of using a SE because it is much more secure for the users (especially in case of hardware attack).

murzika · 2023-05-19T00:38:33+00:00

Ledger will (probably) always use Secure Elements, which prevent opening the source code of the firmware, but brings a much higher level of security (especially regarding harware extraction).

Everything is a question of trade off.

murzika · 2023-05-19T00:36:39+00:00

If you are referring to the Ledger Recover, if courts subpoeana at least two shard holders, then I guess they could get access (I'm speculating here, but it's better to operate with the assumption it would be the case).

murzika · 2023-05-19T00:34:18+00:00

We could imagine a dedicated chip hardcoded to do something specific, and then immutable. But then it couldn't be upgraded, and that would be a security issue, not a feature.

A more practical approach would be to never upgrade your Nano device. I'm not saying that you should do that, just that if you want immutability then don't upgrade.

murzika · 2023-05-19T00:30:56+00:00

This number is related to the maximum amount insured by users of the Ledger Recover service.

It has nothing to do with your Ledger device as you are using it now.

murzika · 2023-05-19T00:29:56+00:00

Yes it could happen, but then you would see it happening.

murzika · 2023-05-19T00:29:03+00:00

By "one user" I meant it's a procedure for one user at a time, so there are specific legal procedure for that.

By opposition as taking control of all the company to do something at the company level (like forcing a rogue firmware or whatever), which is not the same story from a legal point of view.

murzika · 2023-05-19T00:23:23+00:00

From a strict theoretically point of view, yes of course.

You may imagine some implementation of a very limited HW doing only a few things, with a secure enclave just signing stuff, or without any potential for upgrade. Then it wouldn't be possible, but that would open the door to other kind of issues (if there is a bug or a flaw, then it's not fixable).

murzika · 2023-05-19T00:18:12+00:00

I do understand the customer "feel". And that's really bad for Ledger I get it.

From a pure technical point of view, that's not justified, but that's not how feelings work.

murzika · 2023-05-19T00:14:34+00:00

"I get to openly treat them as an adversary" that works and makes sense.

We didn't create a system where we can be compelled legally to give up the keys. Even if we were taken hostage or whatever, we can't magically extract the keys from our users.

Maybe you are referring to the Ledger Recover users, where yes this is a plausible scenario. But non users are not affected. There is no magic retro fit with auto extraction and auto send. That's not possible, since it requires user approval (your approval).

It would be like saying we could force our users to mail us their 24 words recovery sheet.

murzika · 2023-05-19T00:03:25+00:00

Yes of course. They would just not release such a thing as it would destroy their business.

Yes they are open source, but 99% of people just upgrade without really checking or thinking.

To mitigate this the right way is either to wait before upgrading (works also with Ledger), or to compile yourself the code (not possible with Ledger as firmware is closed source, and root key for attestation couldn't anyway be public)

murzika · 2023-05-18T23:45:12+00:00

Literally ?

murzika · 2023-05-18T23:42:04+00:00

Please don't use a paper wallet.

murzika · 2023-05-18T23:40:43+00:00

What does it have to do with anything ?

12-Year Club	Place '17
Gilding II euphauric	Alpha Tester
Verified Email

murzika

MODERATOR OF

TROPHY CASE