MultiversX Tracker is Live!

Reality Check: Trust Still Matters, or Why I'm Leaving Ledger.

Bitcoin Reddit

More / Bitcoin Reddit 114 Views

The Trust Equation

Don't trust, verify. The mantra of the bitcoiner, with good reason. It's central to the design of bitcoin.

However, it seems to me that many in the space have this idea that trust can be absolutely eliminated. This is pure fantasy of the sort libertarians are rightly ridiculed for. Your tinfoil hat will never be big enough to offer absolute protection from the actions of everyone you transact with. You should instead think of trust, or rather safety, as a sort of math equation, where:

Safety equals (Credibility of trustee) divided by (amount of Trust required for nothing to go wrong). 

Or, S = C/T

What we're looking for is high (C)redibility while minimizing (T)rust needed. That should result in high (S)afety.

The Ledger Debacle

With Ledger, their announcement of a recovery service made people realize that it was possible for ledger firmware to extract the seed from the device. After further investigation, others have commented that this is most likely possible with the firmware of any hardware wallet, at least hypothetically. You need some amount of trust that the manufacturer won't push out a firmware update that steals your coins (malice) or contains an accidental exploit allowing a thief to do so (incompetence).

In another post, the former CEO of Ledger pointed out that people trust Tesla not to program their cars to kill people. A dubious analogy perhaps, but it's right insofar as it simply points out that in our equation, (T) is always above zero, in hardware wallets and in the rest of life.

Nonetheless, this incident was the push I needed to move away from Ledger devices. Why?

Mediocre Credibility

Revisiting our "safety" equation: credibility has been harmed by the following:

  • Factually wrong tweets and marketing in the past from Ledger saying that a firmware update couldn't extract keys, which went uncorrected until now. I don't think this was deliberate, but this isn't the sort of product where it's okay for customer service people to talk out of their ass when they don't know how something works.
  • Data breaches of customer data in the past. I know this is largely a failing of Shopify, but that still suggests that Ledger treats their business as if it is an ordinary retail outfit, which is not an acceptable level of security in the crypto space.
  • Arrogance and flippant comments from the team in response to peoples' concerns, doubling down in the worst way, especially from u/btchip. It suggests low conscientiousness, which is a bad indicator when it comes to credibility in security matters.
  • An overall design ethos that emphasizes convenience and a plethora of features and "flexibility" over the most important thing: security. Compare to Coldcard where its whole feature set revolves around it being ridiculously hard to get hacked or phished.

Now, Ledger does win some points for the wallets having never been hacked so far despite being one of the oldest players. That's great. But overall, I'd say the "C" or Credibility term in our equation is looking mediocre.

High Trust is Required

How about "T"? How much do we NEED to trust Ledger? I see two main reasons why the amount of trust needed is higher than competitors such as Bitbox, Coldcard, and Jade.

  1. Closed Source. With open source, most of us may not be able to inspect the code ourselves, but we can have some confidence that if there were a security flaw, somebody would find it quickly. So if I wait, say, a month before upgrading firmware, I can be reasonably certain it's been inspected by a bunch of people who have no conflict of interest regarding disclosing its security flaws. The same argument goes for using a standard open-source wallet like Sparrow instead of Ledger Live.
  2. The Existence of Recover. Here, I'm not treating Ledger as malicious. Instead, it seems intuitive that the existence of such a feature creates a new attack surface for hackers. There is an existing functionality for them to attempt to modify and trick the user into executing. So we are trusting that Ledger's implementation to be so brilliant that it doesn't increase risk at all. We are being asked to trust that this feature has flawless (yet unknown) security practices.

Conclusion

Ledger's credibility when it comes to security has been a mixed bag over the years, made worse by their recent comments. With closed sourced software and firmware designed to share your seed, they are asking for too much trust. As a result, I feel they are simply being outcompeted by other companies in terms of overall safety.

submitted by /u/PoeCollector
[link] [comments]
Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Comments