Paul Gauthier, the CEO of Ledger, addressed concerns in a recent podcast interview about the privacy implications of Ledger. Ledger’s most recent firmware update has raised concerns about the potential disclosure of users’ secret seed phrases to the government. This disclosure could occur if the government issues subpoenas requesting access to the information. The private seed phases of users who choose Ledger’s contentious new “Recover” update might theoretically be made available to governmental organizations in certain situations, according to Gauthier.
Ledger’s Retrieve update enables customers to back up their seed phrases with external organizations, providing a convenient solution for recovering lost seed phrases. This feature aims to simplify the process of seed phrase retrieval and enhance user convenience. In this method, Coincover, Ledger, and a third backup service provider keep the seed phrase divided into three different encrypted “shards” separately.
Gauthier highlighted that sharing user seed phrases with governments will only take place in specific situations. It involves major crimes like drug trafficking and terrorism. This statement was made during the conversation with Peter McCormack on the What Bitcoin Did podcast. However, McCormack expressed his concerns about the US Internal Revenue Service in 2018, which led to the release of 13,000 users.
“It’s not true that the average person gets subpoenaed every day.”
Gauthier said that Ledger operates under distinct regulatory restrictions because it is a hardware wallet provider rather than a banking organization like Coinbase. He asserted that the contrast was unfair and that Ledger’s data security methods are different.
Exciting update, Ledger has a new product, Ledger Recover, that’s launching soon: https://t.co/nT1VHnnSYz
— Ledger (@Ledger) May 16, 2023
Despite complaints on social media, Ledger executives have made efforts to address alleged privacy concerns raised by users and detractors. Their response aims to reassure users and emphasize their commitment to privacy and security. They clarified the new Recover update’s purpose and emphasized that the original seed phrase stays on the Ledger device. The fundamental value proposition of self-custody and self-sovereignty remains intact as users have the freedom to choose the service. They can decide whether or not to sign up, preserving their control over their cryptocurrency assets.
The backup created by the Recover update is an encrypted and sharded SSS (Shamir’s Secret Sharing) backup. This ensures security by requiring multiple parts for decryption, adding an extra layer of protection. The user must restore the backup on a Ledger device to decode the shards, and until then, they are worthless.
“If you don’t want to use Ledger Recover, nothing changes for you.”
Ledger’s answer seeks to calm worries and restate its dedication to user security and privacy. The ongoing discussion over the company’s firmware update demonstrates how privacy concerns in the cryptocurrency business are always growing.