Table of Contents:

· Ledger has launched Ledger Recover

· From planning to implementation, Ledger Recover has been controversial

Ledger has launched Ledger Recover

BlockBeats reported on September 20 that Ledger plans to launch its private key recovery service by the end of this year. The service aims to help users recover their private keys by splitting the seed phrase into three parts and sharing it with Ledger and two other security companies, CoinCover and EscrowTech.

Ledger CEO Pascal Gauthier has said that the Ledger Recover service is expected to be launched before the end of the year, with some open source features requested by users. In addition, Ledger is also considering how to provide privacy protection tools while providing identity information when needed. On October 26, Ledger officially tweeted that Ledger Recover has been launched.

Ledger CTO @P3b7_ discussed the Ledger Recover white paper, the open source code used for verification, and Ledger's vision for the product from a technical perspective in a tweet.

It is reported that Ledger Recover is an ID-based "subscription-based" key recovery service that provides backup for users' private key recovery mnemonics. Currently, Ledger Recover is compatible with Ledger Nano X and can be used on Android and iOS running the latest Ledger Live version. Users who can subscribe to the service now need to hold a passport/ID issued by the European Union, the United Kingdom, Canada or the United States. In the future, the user subscription range will cover more countries.

And Ledger also explained the details of the service. The feature divides the wallet mnemonics (keys) into three parts (encrypted sharding technology) and will distribute them to three custodians: Ledger, cryptocurrency custodian Coincover, and code custodian EscrowTech. If someone loses the key, two of the three shards can be combined-pending identity checks-to regain access to locked funds. The price of subscribing to the service is $9.99 per month.

From planning to implementation, Ledger Recover has been controversial

Hardware wallets generally store private keys in secure hardware devices, which are isolated from network computers and other environments. Private keys are not leaked and are plug-and-play. Ledger's move completely breaks our perception of traditional hardware wallets.

Ledger believes that although the setting of storing one's own secret recovery phrase allows users to enjoy all the benefits of self-custody and full control of assets, it also makes users fully responsible for the protection of assets. Ledger Recover is designed for users who want to add an enhanced security layer in case their secret recovery phrase is lost or they cannot access it.

Of course, it was this “well-intentioned help” that sparked controversy, with the product receiving a lukewarm response from users when it debuted in May. BlockBeats summarized some of the user opinions against the service:

Related reading: 《Ledger’s newly launched Ledger Recover, why was it criticized? 》

-As a hardware wallet, it is fundamental that the key does not leave the wallet, and Ledger's new service is obviously unacceptable to many users who can keep their own keys. After subscribing to the service, you need to entrust all your keys and personal identities to other institutions. Once these institutions have problems (hacker attacks, information theft), the entrusted information is unlikely to be intact;

-Subscribing to this service requires national passport and ID verification. Anything protected by "identity authentication" is inherently unsafe. Identity is too easy to forge, and identity authentication is required to confirm the user's key reconstruction request. Today, identity authentication forgery and theft are too common, so this is not a safe way;

-The service will divide the key into three parts, which is fine, but the problem is that the service sends the three parts of the user's encryption key to three physical companies, and they can completely rebuild the user's key. In terms of mathematical probability, the more third-party custodians there are, the probability of problems will increase exponentially; - Most Ledger users use Ledger Live, which uses Ledger nodes to synchronize all wallets, revealing every detail of the user's encryption activities. Your assets and transaction details are exposed to third parties, and after subscribing to the service, your keys and identity are also managed by a third party. In this way, will your cryptocurrency still be your own?

-We can't be sure if Ledger has built-in security measures to prevent someone from sending all three parts of the key to one entity, nor can we be sure how they were distributed to the three entities, so it is even more unclear how the decryption process during the recovery process actually works;

-In theory, I know that you used Ledger Recover and obtained identity information. It is not difficult to pass identity verification with current technical means, and your crypto assets can also belong to others;

-From a macro perspective, regulatory conditions need to be considered. EscrowTech and Ledger are American companies, and Coincover is a British company. These institutions are under the jurisdiction of the United Kingdom and the United States, and the regulation of encryption in the United States and the United Kingdom has always been a problem. It is easy for the government to come to the door to ask for the identity information of all holders and then seize funds at will.

The center of the user's dispute is whether Ledger Recover will compromise the security of private keys. Ledger officials said, "The Ledger Recover service follows the same principles as signing transactions on the blockchain, which is safe and only done with your permission. Your private key will not be accessed to enable Ledger Recover."

Despite the controversy, Ledger's CEO Pascal Gauthier still launched the Ledger Recover service with some open source features requested by users. Ledger Recover includes an extensive identity verification process, which is performed by Coincover in a secure environment built by Ledger. Therefore, Ledger proposes additional protection measures, and if problems arise, Coincover may provide $50,000 in compensation.

However, the community is still not optimistic about this feature. Crypto researcher @ChrisBlec said, "If you use Ledger Recovery, you are no longer using true cold storage, nor true self-custody. Once recovery is enabled, your cryptocurrency can be taken away by the government without your consent. Obviously, Ledger doesn't want you to know this."

In response, Ledger said "Coincover will never pass your information to a third party unless there is a legal obligation to do so. Any order of this nature will only be obtained in the most serious criminal cases, such as suspected financing of terrorism."

Previously, Ledger On October 6, layoffs 12%. The company's CEO Pascal Gauthier said in a letter to employees: "We must continue to make decisions for the long-term development of the company. Macroeconomic headwinds limit our ability to generate revenue. In order to respond to current market conditions and business realities, we must reduce layoffs by 12%."

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia