Ledger promises open-source code and added security after controversy

Ledger promises open-source code and added security after controversy


French wallet-maker Ledger plans to make part of its code open-source and add additional security protections after facing criticism over its upcoming key recovery service.

In a series of media appearances, executives stated the French wallet-maker would make part of its code open-source and add additional security protections.

After a week of controversy around its new seed- recovery service, French wallet-maker Ledger has been on a PR offensive, including a Twitter Spaces event with Ledger CEO Pascal Gauthier on Tuesday afternoon and appearance by the same executive on CoinDesk Television Wednesday morning.

The message? Ledger has listened to its critics and is prepared to make changes to its approach.

“Everybody is quite sad at Ledger when you yell at us. On the other hand, it’s okay because we get better and we will always strive to be good servants of the community,” Ledger CEO Pascal Gauthier stated within a Twitter Spaces session on Tuesday afternoon.

The yelling in question was the criticism Ledger faced after announcing its next key recovery service. The service will allow users to keep an encrypted backup of their wallets with a set of 3 custodians, including Ledger itself. Numerous Ledger users and observers questioned the safety of the proposed service regarding potential hacks, user data leaks and abuse of trust by Ledger itself.

On Tuesday, Ledger was released a letter saying that it heard its users’ concerns and decided to change course: it will open-source the Ledger Recover code before launching the service, Gauthier wrote.

READ NOW
Binances Surprising Move: Delisting and Updating 1000LUNCBUSD Perpetual Contract

Along with that, Ledger will offer additional security feature to the Recover setup: while the encrypted backup will be stored by 3 custodians, users will have an option to likewise create a passphrase, so that even if the custodians collude and recover the private key, they still will not able to move funds without the passphrase.

In the end, nothing is 100 percent trust-less for an average user, Gauthier stated in an interview with CoinDesk Television Wednesday morning.

There is always a minimum of trust that you must to have in any hardware wallet that you’re going to use. And we are attempting to make the part of the operating system as the one that you have to trust as small as possible and open everything else,” he said.

To open-source or not to open-source

The decision to open-source the code came as a response to the critics pointing that it’s impossible to audit Ledger’s new feature because the code is not public. Nonetheless, the open-sourcing pledge comes with a caveat: Ledger won’t be publish code for all of its firmware for security reasons, the company’s CTO Charles Guillemet stated in a Twitter thread.

READ NOW
GameStops Playr to Offer Telos-Based Web3 Games – New Opportunities for Mainstream Gaming!

The smartcard chip in the Ledger wallet, which is where all the operations happen and users’ private keys are stored, have built-in protections against physical tampering, Guillemet wrote. “Because this know-how is the IP of manufacturers, they do not want it leaked, preventing Ledger’s firmware from being fully open source,” he added.

Ledger will “gradually open-source” most of its operating system, beginning with the controversial Ledger Recover feature, Guillemet wrote, but “the other parts will take a little more time since it has to  be refactored to abstract the chip-specific characteristics under NDA from our OS.”

Ledger does not believe that open-source is a “silver bullet for security,” the firm’s co- founder Eric Larcheveque stated during the Twitter Spaces. “We chose closed source because we believed it brings a higher level of security,” he added

Guillemet likewise stated that in the end, even with the open sourced code, users have to trust the wallet manufacturer – Ledger or else – with the safety of their cryptocurrency. Otherwise, users would have to build their devices from scratch, including all the physical parts, the code and the compilers turning that code into working applications, Guillemet stated, and that’s of course not an option for the “millions of users” Ledger desires to onboard in the coming years.

READ NOW
Tethers Market Cap Surpasses $83 Billion, Dominating the Stablecoin Market

“Security theater”

For the same reasons, Ledger did not choose to create a completely new product for the users interested in the key recovery functions, instead making it an opt-in upgrade for existing wallets. Several participants of the Twitter Spaces event stated this may be a way to avoid the PR catastrophe Ledger went through over the new feature.

On the other hand, making a new product for the new feature would be “a security theater,” Ledger’s chief experience officer Ian Rogers stated: “I can take a Ledger and put it in a different box with a different name, but it would still have exactly the same sort of potential threat vector.”

That existing wallets can be upgraded for the new feature was the most controversial part of Ledger Recover. Numerous observers pointed out that Ledger’s main selling point has been that private keys never leave the device. And now it turns out that the same devices that are not supposed to reveal the private key essentially can broadcast the backup to the outside world.

To add insult to injury, Ledger’s Twitter account responded to this saying that “it is and always has been possible to write firmware that facilitates key extraction” in a Monday tweet that caused outrage and was thereafter deleted.

READ NOW
Bitcoin Experts Warn of Potential Dip Below $24,000

This should not be a shocker, Guillemet stated during the Twitter Spaces, because that’s the way Ledger works: to interact with different blockchains teck and smart contracts, the wallet’s operating system must access the private key. And the operating system has to  be upgradeable because blockchains teck themselves likewise upgrade and implement new features from time to time.

This implies that the programs running on Ledger always could have been changed in a way that concerns private key handling – that’s something a user has to  accept by default, and the fact that users did not realize that came as a surprise for Ledger itself, Guillemet said.

The ghost of the subpoena

Another controversial part of the Ledger Recover is the fact that the service, which is offered as a paid subscription, requires users to go through know-your-customer (KYC) checks. A Twitter user nicknamed @Zk_shark requested whether Ledger will readily respond to any Government subpoena requesting data of the Ledger Recover users.

He recalled the infamous case of 2018, when Coinbase Crypto exchange complied with the IRS’ request to provide data of 13,000 users. Thereafter, 10,000 Coinbase Crypto exchange users received a letter from the tax agency suggesting that they can potentially have failed to properly report their crypto-related taxes. The IRS did not disclose the source of the users’ data.

READ NOW
Finance Ministry warns against cryptocurrency savings for most Russians

Gauthier’s response was: if you fear this scenario, do not use Ledger Recover. Nonetheless, receiving such subpoenas is not something that is bothering the company. “We don’t think it’s very easy to subpoena a service like Ledger Recover,” Gauthier said.

Nonetheless, he added, “if you want to be definitely censorship resistant, you should just not activate the function.”



Source

Read Disclaimer
This page is simply meant to provide information. It does not constitute a direct offer to purchase or sell, a solicitation of an offer to buy or sell, or a suggestion or endorsement of any goods, services, or businesses. Lolacoin.org does not offer accounting, tax, or legal advice. When using or relying on any of the products, services, or content described in this article, neither the firm nor the author is liable, directly or indirectly, for any harm or loss that may result. Read more at Important Disclaimers and at Risk Disclaimers.




Follow us

Latest Crypto News

Share via
Share via
Send this to a friend