This “not a real concern,” according to CEO Paul Gauthier, is that custodians of Ledgers may be forced to reveal the secret seed phrases of Ledger users to governments.
If governments were to subpoena Ledger, CEO Pascal Gauthier stated, the company would comply and pass over customers’ private seed phrases who opted for Ledger’s contentious new Recover update.
The most recent firmware upgrade for the Ledger and hardware wallets, in general, have been controversial topics during the last week.
The company has announced a new optional firmware upgrade called “Recover,” which will enable users to back up their seed phrases with third-party organisations in the hopes of recovering the phrases in the event that the users forget them.
The seed phrase is divided into three encrypted pieces called “shards,” one of which is kept by Coincover, another by Ledger, and a third by an outside backup service provider if the user opts into the service.
In an interview on Peter McCormack’s What Bitcoin Did podcast, Gauthier acknowledged that users’ seed phrases might be disclosed to government authorities under the new Recover upgrade, but that this would be done only in cases of “serious acts” like drug and terrorist trafficking.
McCormack, the podcast’s presenter, refuted this assertion by noting that in 2018, Coinbase was subpoenaed by the United States Internal Revenue Service and had to send over the personal information of 13,000 users.
This analogy is flawed, according to Gauthier, therefore he dismissed it. He said that Ledger is not a bank like Coinbase and hence is not bound by the same regulations.
While some users, like Twitter’s pseudonymous crypto pundit 0xFoobar, see the change as an intolerable invasion of privacy, official Ledger commenters insist that these fears are unfounded.
Ledger spoke to Cointelegraph on what its latest Recover upgrade meant for its consumers.
According to Ledger, the original seed phrase itself still does not leave the device, despite the various allegations being flung at the firm over social media.
A SSS encrypted sharded backup is what you’re making if you go that route. These fragments are meaningless until the user recovers the backup on a Ledger device since decryption requires a combination of keys.
“We are legally required to open source as much of our code as possible, thus our goal is to get to the point where just a small amount of code pertaining to the Secure Element remains closed, like the Raspberry Pi.”
