tldr; The article discusses the launch of Ledger's "Recover" option, which provides a backup for users' recovery seed phrase. This option has faced criticism from some crypto users who believe it undermines Ledger's commitment to privacy and security. The Recover option involves encrypting and duplicating users' private keys and dividing them into three pieces held by Ledger, Coincover, and an independent backup service provider. Despite the criticism, Ledger's CEO argues that this service meets the demand from users who struggle to remember their recovery seed phrase and want to ensure the safety of their crypto holdings.
*This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
> users who struggle to remember their recovery seed phrase
You’re not supposed to remember it, but write it down and keep it in a safe place. Or two. Or five?
Note that not all Ledger models get this update, for example the older Nano S doesn't have enough memory, so they don't implement recovery into that firmware.
They are completely changing their messaging from "not your keys, not your coin", to "you can't trust yourself anyway, so it doesn't matter". Anyone who gives this company money is directly advocating for the removal of the core mantra of this space - and they should be ashamed of themselves.
😂 this made me laugh, the accuracy.
I want to switch but I also don’t feel the issue opens me up to vulnerability. At least not in the immediate future ti go out, get a new device, seed phrase, transfer, and create redundant and safety protocols in the event of a fire etc etc
From a business perspective i caters to a ton of people who’s barrier to entry would be.. misplacing their keys and losing their entire life’s savings haha
You're not forced to consent to it.
However, the truth is that your seed phrase can be extracted in the first place. Whether or not you consent to this happening, the point is that it's possible for it to happen.
So yes, you can "opt in" to whether or not you allow this. But regardless of whether you allow it or not, it's possible to happen.
Your [comment](https://www.reddit.com/r/CryptoCurrency/comments/17fglbl/crypto_wallet_maker_ledger_officially_rolls_out/k6dmlu3/?context=3) was automatically removed because you [linked](https://www.reddit.com/r/CryptoCurrency/comments/17fglbl/crypto_wallet_maker_ledger_officially_rolls_out/k6dmlu3/?context=3) to an external subreddit without using an NP subdomain for no-participation mode. When linking to external subreddits, please change the subdomain from `https://www.reddit.com` to `https://np.reddit.com`. This simple change substantially reduces [brigading](https://www.reddithelp.com/en/categories/rules-reporting/account-and-community-restrictions/what-constitutes-vote-cheating-or).
**NOTE:** The AutoModerator will not reapprove your content if you fix a URL. However, if it was a post which had considerable activity in its comment section, you can message the modmail to request manual reapproval. If it was a comment, just make a new comment.
---
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
I have a Trezor too. Unfortunately it needs a software update to be able to show my Ethereum balance. That’s the most annoying thing about Trezor because I like to be able to view my balance without going to block explorer.
Ledger Live bullies you into doing the update, but you could use the Ledger hardware wallet without Ledger Live (directly with Metamask or other interfaces).
only if you upgrade to a certain version of live; then it won't let u don anything unless u upgrade. With that said, currently it only backups the entropy which means that it can only recreate the seed and not our passphrase. So for those who are using this service keep that in mind and for those that wants to avoid this shit storm, then at the very least have a passphrase.
This. I don't get the drama, I'm a bit confused. People speak of this as if it got forced down their throats, rather than being a voluntary, manual *opt IN* feature.
The issue is that it means (despite Ledger claiming the contrary for years) that it’s technically possible to retrieve the seed from the device. This opens up new attack possibilities that were not there before, for example:
- malicious Ledger employee adding a backdoor and draining wallets
- compromised computer potentially extracting the seed
It breaks a fundamental pillar of crypto: “trust no one, because you don’t need to”.
After so many rug pulls, FTX, Mt Gox, and countless other insiders jobs, one would think people are cautious with entrusting a 3rd party.
Do you want to get the drama? Because I can explain it to you.
Its "optional" as in, I can do it if I want. But it can also be done if I don't want. That's the problem. Software exists to take keys off the device. If you don't fully expect some "criminal" to have their keys force exfiltrated with a warrant you're stupid, it *will* happen. Then it will happen without a warrant. Then it will become standard. Then it will become required. Have you been awake the last 2 decades man?
In the past and as per Ledger's original advertising "The private key is safely stored offline and can never be accessed by Ledger".
Now with a FW update they can.
After that FW update you can "opt in" to use the feature via Leder Live app but after that FW update who says the private keys are not at risk even if you don't "Opt In"?
Not only is it optional it requires the user explicitly confirm sending their recovery data on their own device, which somehow the article failed to mention.
Still, hopefully there'll be less ginned-up outrage now that people can't make moons out of it.
Er, yes, that is the situation right now. Trezor's latest firmware doesn't post your recovery phrase to X as soon as you install it "for now" either. Why speculate over things they haven't done and have given no indication that they'll ever do?
Because Trezor doesn't control the firmware, the community does. You can be rest assured that Trezor will never, ever release a firmware that exfiltrates keys. And if they did, somehow decide that it was a good idea, we could all just remove that bit and use the firmware without it. Can't do that with Ledger.
I'd say creating firmware that makes this possible, giving you no option to not install the firmware or install your own, and the CEO outright saying "yes if a government demands your keys we have to give it to them" are clear indications that they'll do it. Predicting the inevitable isn't speculation.
What should have been optional is the firmware update that contains the software (activated or not - it poses a new attack vector). If you use Ledger Live, you basically have to do the firmware update, even if you don't want to use the recovery functionality.
... What's the novel attack vector, in your mind? That can't also be used to just sweep your wallet because both require someone to unlock and confirm an action on their hardware wallet.
A malicious firmware update is an attack vector all hardware wallets share. Going to Trezor doesn’t change that. This is an opt-in service for those who want a way to recover funds without having to rely on not losing their seed phrase.
Not all customers will want this. In fact at this early juncture in crypto I doubt hardly any will use it, but as crypto gains more adoption I think it can gain more users.
If they haven’t already they need to make their firmware updates open source so the community can analyze any updates before updating. That should negate any fears over a malicious firmware attack. I believe Trezor already does this. And from what I hear Ledger is making plans to do this as well if they already haven’t.
Yes, they should. This has been the gripe for a long time, but they successfully made people think "nah closed source is no big deal" and look now. Back your seed to the cloud! How is that not nuts?
They won't open source anything of course. This is opt in *for now.* I will bet you your full stack for mine that this will not be optional indefinitely, and I'll bet you that someone at some point in the near future will have their keys force exfiltrared at the behest of a government.
Yes, I think most users simply weren't aware of it and due to Ledger marketing believed it would be impossible to extract a seed from the device and send it out. What I am upset about is that Ledger is now forcing that firmware that includes the export functionality on everyone, although many users have explicitly said they don't want this in their device and see it as a potential attack vector. They should have 2 branches of firmware with and without recovery or an entirely separate device for those who want this.
Well the thing to understand is that Ledger is paying a PR team to post some of these comments, and buying vote brigades. That's what reddit is, an ad service designed to masquerade as organic interaction. You're not arguing with people, not most of the time.
I bet it’s come about because they are sick of being messaged by people saying they’ve lost their seed phrases so therefore all their money. Then having to fend off the lawsuits from those same people.
tldr; The article discusses the launch of Ledger's "Recover" option, which provides a backup for users' recovery seed phrase. This option has faced criticism from some crypto users who believe it undermines Ledger's commitment to privacy and security. The Recover option involves encrypting and duplicating users' private keys and dividing them into three pieces held by Ledger, Coincover, and an independent backup service provider. Despite the criticism, Ledger's CEO argues that this service meets the demand from users who struggle to remember their recovery seed phrase and want to ensure the safety of their crypto holdings. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
This bot saved me so many countless clicks. Thank you, bot!
> users who struggle to remember their recovery seed phrase You’re not supposed to remember it, but write it down and keep it in a safe place. Or two. Or five?
They literally give you like 3-5 private key papers so you can remember it
Good bot.
obviously knowing PKs of customers is of greater value than value in losing some customers.
Is this a forced update?
Yes, but you don’t have to turn that function on.
Thanks, this is important.
Note that not all Ledger models get this update, for example the older Nano S doesn't have enough memory, so they don't implement recovery into that firmware.
The recover option should be the seed phrase. WTF is ledger doing xD
They are completely changing their messaging from "not your keys, not your coin", to "you can't trust yourself anyway, so it doesn't matter". Anyone who gives this company money is directly advocating for the removal of the core mantra of this space - and they should be ashamed of themselves.
The new slogan "Yoink, not yours any more!"
😂 this made me laugh, the accuracy. I want to switch but I also don’t feel the issue opens me up to vulnerability. At least not in the immediate future ti go out, get a new device, seed phrase, transfer, and create redundant and safety protocols in the event of a fire etc etc
And then that wallet company will implement a recovery system as well.
From a business perspective i caters to a ton of people who’s barrier to entry would be.. misplacing their keys and losing their entire life’s savings haha
Yeah. I do get it. I have mixed feelings. But I do like that they’ve split it up across multiple entities for a complete recovery to happen
Not open source, not audited and they can extract your private key.
You are not forced to do it though..
You're not forced to consent to it. However, the truth is that your seed phrase can be extracted in the first place. Whether or not you consent to this happening, the point is that it's possible for it to happen. So yes, you can "opt in" to whether or not you allow this. But regardless of whether you allow it or not, it's possible to happen.
crypto went mainstream. Their target audience changed, so their message did too.
While I agree this is stupid. They are trying to get the people who aren’t crypto or tech savvy. I don’t think it will work out for them.
Recommendations to what I should get instead? Bc I'm not gonna stick with ledger after this.
Trezor, Gridplus Lattice1
Is Trevor the bastard redneck uncle of Trezor?
So clezer
[удалено]
Your [comment](https://www.reddit.com/r/CryptoCurrency/comments/17fglbl/crypto_wallet_maker_ledger_officially_rolls_out/k6dmlu3/?context=3) was automatically removed because you [linked](https://www.reddit.com/r/CryptoCurrency/comments/17fglbl/crypto_wallet_maker_ledger_officially_rolls_out/k6dmlu3/?context=3) to an external subreddit without using an NP subdomain for no-participation mode. When linking to external subreddits, please change the subdomain from `https://www.reddit.com` to `https://np.reddit.com`. This simple change substantially reduces [brigading](https://www.reddithelp.com/en/categories/rules-reporting/account-and-community-restrictions/what-constitutes-vote-cheating-or). **NOTE:** The AutoModerator will not reapprove your content if you fix a URL. However, if it was a post which had considerable activity in its comment section, you can message the modmail to request manual reapproval. If it was a comment, just make a new comment. --- *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
Oof. Well I guess it's finally time to get a trezor
I just bought an ellipal. Looking forward to trying it out honestly
I have a Trezor too. Unfortunately it needs a software update to be able to show my Ethereum balance. That’s the most annoying thing about Trezor because I like to be able to view my balance without going to block explorer.
does it force the firmware update or can i just ignore it ?
Ledger Live bullies you into doing the update, but you could use the Ledger hardware wallet without Ledger Live (directly with Metamask or other interfaces).
I was forced to update the firmware in order to move some some gala maybe 2 weeks ago.
I moved coins today with ledger, no forced update for me, just the option to.
If you don't change LL version then you wouldn't be forced to update FW.
How would you verify the answer?
only if you upgrade to a certain version of live; then it won't let u don anything unless u upgrade. With that said, currently it only backups the entropy which means that it can only recreate the seed and not our passphrase. So for those who are using this service keep that in mind and for those that wants to avoid this shit storm, then at the very least have a passphrase.
If you want to send btc or other coins from your wallet through ledger live, then yes it makes up update firmware
as long as its optional
This. I don't get the drama, I'm a bit confused. People speak of this as if it got forced down their throats, rather than being a voluntary, manual *opt IN* feature.
The issue is that it means (despite Ledger claiming the contrary for years) that it’s technically possible to retrieve the seed from the device. This opens up new attack possibilities that were not there before, for example: - malicious Ledger employee adding a backdoor and draining wallets - compromised computer potentially extracting the seed It breaks a fundamental pillar of crypto: “trust no one, because you don’t need to”. After so many rug pulls, FTX, Mt Gox, and countless other insiders jobs, one would think people are cautious with entrusting a 3rd party.
Do you want to get the drama? Because I can explain it to you. Its "optional" as in, I can do it if I want. But it can also be done if I don't want. That's the problem. Software exists to take keys off the device. If you don't fully expect some "criminal" to have their keys force exfiltrated with a warrant you're stupid, it *will* happen. Then it will happen without a warrant. Then it will become standard. Then it will become required. Have you been awake the last 2 decades man?
In the past and as per Ledger's original advertising "The private key is safely stored offline and can never be accessed by Ledger". Now with a FW update they can. After that FW update you can "opt in" to use the feature via Leder Live app but after that FW update who says the private keys are not at risk even if you don't "Opt In"?
Not only is it optional it requires the user explicitly confirm sending their recovery data on their own device, which somehow the article failed to mention. Still, hopefully there'll be less ginned-up outrage now that people can't make moons out of it.
For now.
Er, yes, that is the situation right now. Trezor's latest firmware doesn't post your recovery phrase to X as soon as you install it "for now" either. Why speculate over things they haven't done and have given no indication that they'll ever do?
Because Trezor doesn't control the firmware, the community does. You can be rest assured that Trezor will never, ever release a firmware that exfiltrates keys. And if they did, somehow decide that it was a good idea, we could all just remove that bit and use the firmware without it. Can't do that with Ledger. I'd say creating firmware that makes this possible, giving you no option to not install the firmware or install your own, and the CEO outright saying "yes if a government demands your keys we have to give it to them" are clear indications that they'll do it. Predicting the inevitable isn't speculation.
What should have been optional is the firmware update that contains the software (activated or not - it poses a new attack vector). If you use Ledger Live, you basically have to do the firmware update, even if you don't want to use the recovery functionality.
... What's the novel attack vector, in your mind? That can't also be used to just sweep your wallet because both require someone to unlock and confirm an action on their hardware wallet.
[удалено]
As far as they all know I got out of crypto years ago.
That's what II was trying to get at with the "manual" part, but I guess I could have chosen my words better.
A malicious firmware update is an attack vector all hardware wallets share. Going to Trezor doesn’t change that. This is an opt-in service for those who want a way to recover funds without having to rely on not losing their seed phrase. Not all customers will want this. In fact at this early juncture in crypto I doubt hardly any will use it, but as crypto gains more adoption I think it can gain more users. If they haven’t already they need to make their firmware updates open source so the community can analyze any updates before updating. That should negate any fears over a malicious firmware attack. I believe Trezor already does this. And from what I hear Ledger is making plans to do this as well if they already haven’t.
Yes, they should. This has been the gripe for a long time, but they successfully made people think "nah closed source is no big deal" and look now. Back your seed to the cloud! How is that not nuts? They won't open source anything of course. This is opt in *for now.* I will bet you your full stack for mine that this will not be optional indefinitely, and I'll bet you that someone at some point in the near future will have their keys force exfiltrared at the behest of a government.
Yes, I think most users simply weren't aware of it and due to Ledger marketing believed it would be impossible to extract a seed from the device and send it out. What I am upset about is that Ledger is now forcing that firmware that includes the export functionality on everyone, although many users have explicitly said they don't want this in their device and see it as a potential attack vector. They should have 2 branches of firmware with and without recovery or an entirely separate device for those who want this.
Wish they'd officially roll out Stax..
The recover would make sense for a Stax ledger, but not nano x.
this was feature was specially made for the average r/cc user
Snark? More like disappointment, disdain, betrayal and anger. *I paid for cold storage.* The fucking thing has a backdoor.
So happy with my Blockstream Jade
Ledger is always watching 👁👁
[удалено]
Well the thing to understand is that Ledger is paying a PR team to post some of these comments, and buying vote brigades. That's what reddit is, an ad service designed to masquerade as organic interaction. You're not arguing with people, not most of the time.
I just want my ledger stax man
why mad? just customer options, not forced
Good bot! Nice summary.
I bet it’s come about because they are sick of being messaged by people saying they’ve lost their seed phrases so therefore all their money. Then having to fend off the lawsuits from those same people.
Why aren't these guys out of business yet....
I ordered my Trezor last week.