My personal view on the PR disaster, from a Ledger co-founder and ex CEO

• hardware-wallets

  15 1 10.0 HTML

  Discontinued Best Hardware Wallets. Comparing more than 30 Hardware Wallets feature by feature

  

My opinion about the new Ledger service and its implications The Issues There are two different issues with the new Ledger Recover service, let's explore them. 1- The Technical Decision The first issue is the technical decision of splitting your private key and sending each part to 3 companies. When you subscribe to Ledger Recover, the secure element encrypts and splits the Secret Recovery Phrase into three fragments. These encrypted fragments will be sent through 3 independent secure channels to these fragments backup provider. The secure channel allows mutual authentication and avoids man in the middle attack. During the process, the secure channel uses an ephemeral symmetric key to securely transport the fragments. Each fragment is then secured by a separate and independent company in different countries: Coincover, Ledger and Escrowtech. Probably is not a good idea to send parts of your private key through the internet to three different companies. In theory, we use a hardware wallet to guarantee that your private key never touches the internet. Other services like Casa, Unchained, or Nunchuk Honey Badger use multi-sig, which is a more standard approach and doesn’t require sending a private key through the internet. 2- The Identity Verification The second issue is the Identity Verification needed to use the service. Ledger Recover uses your ID and a selfie to verify who you are, via its Identity Verification provider, Onfido. Then, it links your identity to encrypted fragments of your Secret Recovery phrase. The identity providers store this ID data in an encrypted form. This way, the service can verify who you are in the event of a Recovery request, but your private information stays private. This ensures you alone can Recover your private keys. Ledger knows that this has some privacy implications, they said on their blog: If self-sovereignty is your priority, meaning you don’t want to trust a third party or hand over your identification, this product might not be for you. Casa and Unchained have a similar issue, they require Identity Verification. Instead, Nunchuk Honey Badger is private by design. Different Audiences The Ledger Recovery service is probably not bad (or at least it is better than having your money on an exchange) and could help lots of people to improve the custody of their funds. But probably, the kind of audience that buys a hardware wallet wants self-sovereignty and privacy, and this new service doesn’t represent that. Launching Ledger Recovery was a risky decision for Ledger. It defines what kind of company they want to be. One focused on self-custody or one that also offers non-private services. Probably there is no risk of continue using a Ledger device with this service disabled, but users would feel a bit more secure if Ledger at least put this service in a different firmware like other companies do when they split the BTC-only and Multicoin firmwares. Each Ledger user is going to decide what to do according to their preferences. Some are going to use this new Recover service, others will continue using their Ledger with Recover disabled and others will move to new wallets. Choosing a Hardware Wallet Choosing a hardware wallet is not an easy decision. You are not only choosing a device where you are going to deposit your money, but you are also choosing a company that produces that device and its firmware. So, you need to see if the values of that company match your values. In the crypto world, there are lots of different kinds of users: bitcoiners, altcoiners, traders, speculators, newbies, experts, etc. All of them would choose different kinds of wallets. That’s why we recommend doing deep research before buying a Hardware Wallet, and not only about the device but also about the company behind it. That’s why I created https://wallets.thebitcoinhole.com/. To help people in that decision. On the website, you will find not only all the features of each wallet but also lots of official blog posts references where you can see how the manufacturers think about different topics: open source, security, self-sovereignty, etc

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

Suggest a related project