What To Do with Ledger...

2 66
Avatar for LateToTheParty
1 year ago

Co-published on Odysee and Publish0x.

By the time you read this, you may already have read several articles, videos, and blog posts about Ledger's major fuck-up. The announcement of its recovery service raised a lot of people's eyebrows. In particular, customers grew very concerned about the sharding of the private keys to 3rd parties and how it introduces a potential backdoor.

Ledger has always advertised its wallets to be secure because the private keys never leave the secure element chip and a firmware update cannot extract the private keys from the chip. However, with the way Ledger Recover works, the private keys can effectively be extracted. Sure, technically the shards are extracted, not the entire private key in .txt. Sure, the individual shard is useless according to Ledger. On the other hand, this runs contrary to what Ledger advertised. Presumably, the only way to get the private key is when you first generate them, write it down, and keep it in a secure place. That presumption turned out to be wrong.

While Ledger says it's optional and requires the user to opt-in, it did not instill confidence amongst the users. Today may be opt-in, but tomorrow it becomes opt-out. What if the firmware extracts your private key without you knowing? What if the government shakes down the 3rd parties that hold the shards and they rat you out?

Making matters worse is Ledger's lack of transparency. While Ledger states that sharding will not happen unless you perform a physical button press to give consent, how can we know that this is case? The firmware is closed source, so there is no way for users to check and verify that there is nothing nefarious built into the code.


Archive link


So what should be done with Ledger? The backlash is rather severe and while Ledger has been responding to feedback, its responses did little to directly address the privacy concerns. Some have made good suggestions such as make a totally separate hot wallet service with Ledger Recover and not involve the hardware wallets at all. Others have called for Ledger to open source the firmware to which I fully agree and I think more people should follow suit. Trust is a two-way street and giving customers the means to check the code may be Ledger's best option to salvage the PR disaster.

But let's say Ledger lost all of your trust, what is the alternative? Trezor has a similar problem with its partnership with Coinjoin. ColdCard is a good choice as its firmware is available on GitHub, but it only holds Bitcoin. Keystone may be a viable option as it can hold multiple coins and both its hardware and firmware designs are open source.

4
$ 1.02
$ 1.00 from @AlternativeJapan
$ 0.02 from @TheRandomRewarder
Avatar for LateToTheParty
1 year ago

Comments

When considering what to do with a ledger, it is essential to maintain accurate records and ensure financial transparency. Whether it pertains to personal finances or business accounts, a well-kept ledger provides a clear overview of income, expenses, and overall financial health. In the realm of sports, like the highly anticipated https://www.ivacy.com/blog/makhachev-vs-volkanovski/ fight, keeping a meticulous ledger is akin to strategizing for a match. Just as fighters meticulously plan their moves, financial records in a ledger require careful attention to detail, ensuring a solid foundation for informed decision-making and future success.

$ 0.00
1 year ago

When it comes to managing your finances, knowing what to do with your ledger is essential. A well-kept ledger is a financial compass, guiding you through income and expenses. It's crucial to regularly update it to maintain financial clarity. To enhance its power, consider utilizing online tools and resources like https://magicalkatrina.com/prediction for accurate financial predictions, helping you make informed decisions and secure your financial future.

$ 0.00
1 year ago