Ledger’s “Recover” update sparks privacy controversy
The soon-to-be-launched Recover upgrade by the firmware, Ledger has been raising controversial dust. The CEO Pascal Gauthier stated that the seed phrases of users who agree to the update could be handed over to governments if in any case, they were to be subpoenaed.
Some users have expressed concerns about the Ledger’s new update, viewing it as a breach of privacy. However, Ledger representatives argue that these concerns are exaggerated. Just like the CEO mentioned, a spokesperson as well said Ledger’s core value of self custody and self-sovereignty remains unchanged.
Ledger clarified that the original seed phrase remains on the device and is not transmitted elsewhere. Instead, Ledger Recover creates an encrypted and sharded backup, which can only be restored on a Ledger device using multiple parts for decryption.
Ledger described the new upgrade as a paid opt-in service, not an opt-out, adding that users are not auto-enrolled nor do they have any obligation to use this service.
The new upgrade allows users to back up their seed phrases with a third-party entity for the purpose of easy recovery and remediate loss. Also, the Ledger Recover optional paid subscription service is available only for Ledger Nano X.
Three separate entities would get the phrases when a user subscribes to the service. The phrase broken in three called “shards,” are distributed to an independent backup service provider, Coincover, and Ledger.
However, the phrases can only be given out when terrorism, drug trafficking, or related crimes are involved which Gauthier referred to as “serious crimes.”
Further, he said, unlike Coinbase which is a banking institution, Ledger is not faced with the same legal restrictions, citing the 2018 event where the United States Internal Revenue Service requested the personal data of about 13,000 users.
Ledger highlighted that users’ Secret Recovery Phrase is stored in a secure element chip where the encryption happens. “Nothing external touches your entire Secret Recovery Phrase,” Ledger said. The CEO in a tweet assured users that no company has and will have access to their funds, including Ledger.
Users who do not want to use Ledger Recover will not experience any changes. Regarding open-sourcing their firmware code, Ledger explained that legal constraints from the chip manufacturer prevent them from making the inner workings of their secure element chip open source. However, Ledger intends to continue gradually open-sourcing more of their code.
VCs’ interest in Lightning Network “to drive” the next bull run – Michael Saylor
What do you think of this article? Share comments below.