{"id":8407,"date":"2023-06-15T15:01:35","date_gmt":"2023-06-15T15:01:35","guid":{"rendered":"https:\/\/nft.runfyers.com\/index.php\/2023\/06\/15\/why-ledger-underestimated-the-recover-backlash\/"},"modified":"2023-06-15T15:01:35","modified_gmt":"2023-06-15T15:01:35","slug":"why-ledger-underestimated-the-recover-backlash","status":"publish","type":"post","link":"https:\/\/nft.runfyers.com\/index.php\/2023\/06\/15\/why-ledger-underestimated-the-recover-backlash\/","title":{"rendered":"Why Ledger &#8220;Underestimated&#8221; the Recover Backlash"},"content":{"rendered":"<p><\/p>\n<div>\n<p>Last month, Ledger introduced its latest feature into a <a href=\"https:\/\/nftnow.com\/features\/ledger-recover-is-your-seed-phrase-really-safe\/\" target=\"_blank\" rel=\"noopener\">full-blown firestorm<\/a>.<\/p>\n<p>The French hardware wallet provider envisioned its paid, optional <a href=\"https:\/\/www.ledger.com\/recover\" target=\"_blank\" rel=\"noopener\">Ledger Recover<\/a> subscription service as a safety net for users to recover their digital assets in the case of a lost or forgotten seed phrase. However, the company quickly found itself embroiled in controversy with critics claiming the service, which encrypts and stores fragments of user seed phrases with three parties, undermined its wallets\u2019 security and contradicted previous claims that private keys never leave the devices.<\/p>\n<p>The blowback prompted CEO Pascal Gauthier to postpone the launch, accelerate the company\u2019s open-source roadmap, and pen an <a href=\"https:\/\/twitter.com\/_pgauthier\/status\/1661012614753943559\" target=\"_blank\" rel=\"noopener\">open letter<\/a> to Ledger users apologizing for the \u201cunintentional communication mistake.\u201d<\/p>\n<p>One month after the uproar, Ledger Chief Experience Officer Ian Rogers sits down with nft now for a <a href=\"https:\/\/nftnow.com\/podcasts\/the-ledger-recover-backlash-and-lessons-learned\/\" target=\"_blank\" rel=\"noopener\">reflective interview<\/a> on lessons learned from the backlash, the challenges of communicating in web3, and the future of digital security.<\/p>\n<p><iframe loading=\"lazy\" title=\"The Ledger Recover Backlash &amp; Lessons Learned\" width=\"696\" height=\"392\" src=\"https:\/\/www.youtube.com\/embed\/Tm2bStTBGkU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe><\/p>\n<p><strong>Matt Medved: Ledger received significant backlash for the rollout of Ledger Recover. What did you learn from it?<\/strong><\/p>\n<p><strong>Ian Rogers:<\/strong> The trouble that we got into with it was twofold. We really underestimated people\u2019s response, and I apologize for that\u2026 I would have loved to have had an argument about the merits of the product rather than the merits of Ledger. I wasn\u2019t really prepared for the debate we ended up having. We were surprised that the main question was, \u201cHow is this even possible?\u201d<\/p>\n<p>If you sign transactions, your hardware wallet has your private key. It protects your private key and you confirm access on a secure screen with buttons connected to a secure element, but it does use your private key\u2026 There were lots of people in the music business that wanted digital rights management in the 90s and 2000s, and the joke was that the only way to really protect music so people can\u2019t bootleg it is to make it so no one can hear it. Obviously, that wasn\u2019t a real solution. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Exciting update, Ledger has a new product, Ledger Recover, that\u2019s launching soon: <a href=\"https:\/\/t.co\/nT1VHnnSYz\" target=\"_blank\">https:\/\/t.co\/nT1VHnnSYz<\/a> <\/p>\n<p>\ud83e\uddf5Here\u2019s what Ledger Recover is and what it isn\u2019t, explained by <a href=\"https:\/\/twitter.com\/P3b7_?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">@P3b7_<\/a> &amp; in the thread below. <a href=\"https:\/\/t.co\/RW1w07H6pK\" target=\"_blank\">pic.twitter.com\/RW1w07H6pK<\/a><\/p>\n<p>\u2014 Ledger (@Ledger) <a href=\"https:\/\/twitter.com\/Ledger\/status\/1658458714771169282?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">May 16, 2023<\/a><\/p><\/blockquote>\n<p>If there\u2019s a silver lining, it\u2019s that people now understand how Ledger works better. You need to have access to your private key to sign a transaction, so where do you want that to be? You could be on an exchange where you just have an account and let someone else worry about the back end, but now you have the challenge of \u201cDo I really have any crypto?\u201d You have the FTX problem. Are you in a software wallet where your private key might be available to any app running in your web browser? That\u2019s scary. Are you in a piece of software on your phone where anyone can have access to your private key if your phone gets routed? Is it a secure enclave with the risk of being routed when you come out to do an operation? Or a hardware wallet with an open-source chip that isn\u2019t secure? Or do you want a hardware wallet like Ledger, which has a purpose-built operating system that is always directly connected to a secure element and secure screen buttons that you are prompted to push anytime your private key is accessed? That\u2019s really your decision tree.<\/p>\n<p>We were actually quite happy to be pushed to open-source by the community. Despite criticisms, Ledger is majority open-source. We\u2019d like to open source as much as possible, with the exception of the secure element\u2026 Prioritization is the name of the game in any startup, no matter how big you are. Seeing the response, we said, \u201cWe\u2019re happy to share the code.\u201d After all, our motto is \u201cDon\u2019t trust, verify.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Ledger\u2019s mission is, and will always be, to provide our users with the right tools to own their digital value securely.<\/p>\n<p>We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.<\/p>\n<p>A thread \ud83e\uddf5 <a href=\"https:\/\/t.co\/Dv0jBCM4Ys\" target=\"_blank\">pic.twitter.com\/Dv0jBCM4Ys<\/a><\/p>\n<p>\u2014 Charles Guillemet (@P3b7_) <a href=\"https:\/\/twitter.com\/P3b7_\/status\/1661012196397305859?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">May 23, 2023<\/a><\/p><\/blockquote>\n<p><strong>Respected devs like 0xfoobar were saying, \u201cStop using Ledger hardware wallets.\u201d How do you address the challenge of communicating these concepts in this fast-paced, 24\/7 space?<\/strong><\/p>\n<p>That\u2019s a great question. I\u2019d handle it differently. Timing matters. We\u2019ve been talking about it publicly for so long and received only good feedback. People say, \u201cOh yeah, that\u2019ll bring a lot of people to self-custody.\u201d But the way you tell people really matters. That\u2019s also where we screwed up here because this leaked out a week ahead of when we were planning to announce it through some vague release notes. So people didn\u2019t really know what we were offering and jumped to conclusions. We were on our back foot trying to explain what it was. Where I think if we\u2019d have come out saying, \u201cHey, here\u2019s the service. It\u2019s optional, it\u2019s 10 bucks a month.\u201d People might say, \u201cDon\u2019t use that service,\u201d which is different than saying \u201cDon\u2019t use Ledger.\u201d<\/p>\n<p>So, we could have approached this differently. There are two separate markets: those who have known us and our product for a long time, mainly on Reddit and Twitter, and the newcomers. The lesson for me and Ariel is that it\u2019s impossible to communicate effectively with both groups at once. They have different expectations and levels of knowledge. A newcomer might thank us for Ledger Recover, while a long-standing Ledger user might vow never to provide their government ID online\u2026 A fundamental belief of Ledger is that participation is always your choice.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">I want to address the feedback over Ledger Recover, the way it was communicated, and share our path forward. Read my letter and join our town hall with our leadership team to learn more.<\/p>\n<p>\ud83e\uddf5\ud83d\udc49 <a href=\"https:\/\/t.co\/2hlPrMwzaN\" target=\"_blank\">https:\/\/t.co\/2hlPrMwzaN<\/a> <a href=\"https:\/\/t.co\/juVBOpWeeG\" target=\"_blank\">pic.twitter.com\/juVBOpWeeG<\/a><\/p>\n<p>\u2014 Pascal Gauthier @Ledger (@_pgauthier) <a href=\"https:\/\/twitter.com\/_pgauthier\/status\/1661012614753943559?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">May 23, 2023<\/a><\/p><\/blockquote>\n<p><strong>Part of our mission at nft now is taking this technology mainstream. The debate was interesting because I understood the concerns of crypto purists around a new potential attack vector, while also understanding that retail users are not going to go through convoluted op-sec steps. How do you reconcile that?<\/strong><\/p>\n<p>Ledger is almost 10 years old at this point. When they added Ethereum support in 2016, people lost their minds. When Bluetooth was introduced to Ledger, people saw it as another attack vector. It\u2019s not and you can read endless security things on why it isn\u2019t\u2026 But the reality is that having access to your private key is not an additional attack vector. It\u2019s hard to get people to understand that as they didn\u2019t understand how it worked to begin with\u2026 I\u2019m totally empathetic. It shouldn\u2019t be on every user to understand that. <\/p>\n<p>But I\u2019m in the same boat as you where I had a board meeting with Dr. Martens last week and talked to them about what Nike is doing with dotSWOOSH. I\u2019m having meetings with artists and talking about how important it is that they think about the security of where their contracts are protected. I\u2019m having dinner with a couple of folks from the NFT community tonight, including Betty from Deadfellaz and Benoit from RTFKT. Their security is literally the security of their communities, right? They have a lot of people in their communities who have one NFT. Do we need to care for those people too? That\u2019s the challenge. <\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201cOne of my fundamental beliefs is that we don\u2019t have a mass culture. We haven\u2019t for a long time.\u201d<\/p>\n<p><cite>Ledger\u2019s Ian Rogers<\/cite><\/p><\/blockquote>\n<p>The lesson is that we really need to have a different communication plan for each of those audiences. One of my fundamental beliefs is that we don\u2019t have a mass culture. We haven\u2019t for a long time. Nike talks to skateboarders differently than they talk to footballers. That makes sense. We\u2019re not an infinite number of people, so that\u2019s not always practical, but that\u2019s what\u2019s required.<\/p>\n<figure class=\"wp-block-image size-large\"><figcaption class=\"wp-element-caption\">Ledger Stax<\/figcaption><\/figure>\n<p><strong>The ERC 4337 standard has the potential to simplify the use of wallets and also store private keys on a smartphone\u2019s security module. How does that potentially impact Ledger\u2019s business?<\/strong><\/p>\n<p>I think account abstraction is a real boon for hardware wallets down the road because now you\u2019ve got this scenario where you can just add security. You can go from having a software wallet to having another factor. As a consumer, you\u2019ll be able to program what you can do with what, and you would be crazy not to set those rules with a hardware wallet. <\/p>\n<p>I picture a world like the world we live in now, which is quite heterogeneous. If I open my wallet, I have a bunch of different ways of identifying myself and ways of paying for things that have different rules around them\u2026 I\u2019ve got a checking account and a savings account and a brokerage account and a little bit of cash\u2026 I think we\u2019ll have that same thing just with digital value and you\u2019ll be able to set all kinds of user-defined and user-generated rules around that. There will be certain things you will protect with hardware, for example, a huge sum of value. Setting those rules with a software wallet would not be wise\u2026 There will be other things where you set a daily limit or whatever you\u2019d like. It\u2019s going to take some time before it\u2019s really something that the average person is using. But I think it\u2019s a bit of a promised land and secure hardware has an important role to play there. It\u2019s really important that people realize there is no software that will make your insecure hardware secure. You need to get that idea out of your head. <\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201cIt\u2019s not all just about monetary value. People who don\u2019t understand the space miss this one.\u201d<\/p>\n<p><cite>Ledger\u2019s Ian Rogers<\/cite><\/p><\/blockquote>\n<p>If you have 20 bucks in your wallet, there\u2019s no security on that. That\u2019s fine. It\u2019s not the end of the world if you lose it. I always remind people, especially in the NFT space, that it\u2019s not all just about monetary value. People who don\u2019t understand the space miss this one. They think that the whole world of crypto is just about money and get-rich-quick. I don\u2019t see it that way at all. When my mom was born, there was not much plastic in the world. Now there\u2019s a lot of plastic in the world. It\u2019s hard to imagine a world without plastic. When we were born, there was no digital stuff in the world. When we\u2019re our parents\u2019 age, there\u2019s going to be a lot of digital stuff. Just like plastic, most of it won\u2019t be valuable but it will be useful in some way in our lives. It is a new class of stuff that will need different levels of security, depending on its overall value. Some of that value will be sentimental. In the 90s, if you smashed my car window and stole my CD wallet, it\u2019s not like I couldn\u2019t pay rent anymore. You didn\u2019t take my life savings, but I\u2019m super bummed. I spent years collecting those. I love those records. And that\u2019s how I\u2019d feel if you took my Tezos wallet. Those are a bunch of artists that I love and I have relationships with.<\/p>\n<p><em>This interview transcript has been edited for concision and clarity.<\/em><\/p>\n<p><em>For the full and uncut interview, listen to our\u00a0<a href=\"https:\/\/youtu.be\/Tm2bStTBGkU\" target=\"_blank\" rel=\"noopener\">podcast episode<\/a>\u00a0with Ledger\u2019s Ian Rogers.<\/em><\/p>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><a href=\"https:\/\/nftnow.com\/features\/ledger-recover-backlash-ian-rogers-interview\/\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last month, Ledger introduced its latest feature into a full-blown firestorm. The French hardware wallet provider envisioned its paid, optional Ledger Recover subscription service as a safety net for users to recover their digital assets in the case of a lost or forgotten seed phrase. However, the company quickly found itself embroiled in controversy with [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":8409,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[10],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/nftnow.com\/wp-content\/uploads\/2023\/06\/061423_Ledger_Editorial_Graphics_feature_1-scaled.jpg","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/8407"}],"collection":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/comments?post=8407"}],"version-history":[{"count":0,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/8407\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/media\/8409"}],"wp:attachment":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/media?parent=8407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/categories?post=8407"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/tags?post=8407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}