Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

Quote from: joker_josue on Today at 10:42:01 PM

Right. But approve what?
Does the person have to repeat the passphrase in order to be registered in this "recovery program"? Or is it just a mere question, which person answers "yes"?

From what I can comprehend from Ledger replies all over Twitter, it seems that a prompt will appear on the device screen asking you if you want to subscrive to the service (or a similar message). If you decide to approve by means of physically pressing the button on your Ledger then this circus happens[1]:

Quote

If a user decides to subscribe to Ledger Recover, then his/her SRP will be encrypted, fragmented into three parts, and each part will be sent end-to-end encrypted between your Ledger product and the backup providers' secure Hardware Security Models (HSMs – not in the cloud).

Basically they are, once again, saying that a copy of your Secret Recovery Phrase will be encrypted and then sent over to 3 entities by E2E encryption channels. What they keep claiming is that without a user concept, Ledger isn't able to proactively access their users SRP[2]:

Quote

Ledger acts as backup provider for only one encrypted fragment, and a single fragment doesn't allow the SRP to be recovered.
Ledger cannot access any user’s SRPs, nor will it be able to do so at any point in the future.

Remember o_e_l_e_o previously linked tweet[3]? I'll like you to introduce you to the following statement by Ledger about 4h ago:

Someone correct me if I'm wrong, but isn't Ledger openly admitting that enabling this feature was always possible from the beginning? Isn't this mocking their userbase?

[1]https://nitter.it/Ledger_Support/status/1658828387807264772
[2]https://nitter.it/Ledger_Support/status/1658824425192521728
[3]https://bitcointalk.org/index.php?topic=5452900.msg62258795#msg62258795
[4]https://nitter.it/Ledger_Support/status/1658910942405566485