Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
Or, the incredibly simple solution which would have avoided literally all of this drama - create a new product called Ledger Nano R, which is the only product in their range which provides this Recovery nonsense. People who want third parties to store their seed phrase can buy the R, and everyone else with a shred of sense can stay away from it.
Yesterday I was reading Ledger Recover FAQ and there is a similar question (but about second operating system) in their FAQ, it may be interesting for you:Quote
Why don't you build a second operating system without Ledger Recover?
In terms of security, there is no difference in having this part of the code in the operating system or not. In reality, it is up to the user to choose if they want to activate the feature or not. We have no doubt that implementing this feature in our firmware does not increase the threat model or the attack surface area.
Our OS implements plenty of cryptographic primitives. These primitives manipulate secrets. They all must be properly implemented and this is Ledger’s job. Finally, our contract with users is that whenever the OS touches any secret, the user is prompted to give his consent.
Running two operating systems is costly, and since there is no technical advantage to having a second operating system we would prefer to spend our funds developing and improving security and ease of use for our products for our current and future customers.
As we have also committed to make the code open source, meaning that people will soon be able to verify this code themselves.
In terms of security, there is no difference in having this part of the code in the operating system or not. In reality, it is up to the user to choose if they want to activate the feature or not. We have no doubt that implementing this feature in our firmware does not increase the threat model or the attack surface area.
Our OS implements plenty of cryptographic primitives. These primitives manipulate secrets. They all must be properly implemented and this is Ledger’s job. Finally, our contract with users is that whenever the OS touches any secret, the user is prompted to give his consent.
Running two operating systems is costly, and since there is no technical advantage to having a second operating system we would prefer to spend our funds developing and improving security and ease of use for our products for our current and future customers.
As we have also committed to make the code open source, meaning that people will soon be able to verify this code themselves.
I wouldn't even say that there is a plan in the sense that someone devised it, but that the plan is actually to let people do what they know best, which is to destroy themselves. Everything that is happening is just an indication of how wrong we were when we trusted companies like Ledger or Trezor, or that most Bitcoin trading is conducted through CEX. For the first time in history, we got a decentralized currency, and in fact we centralized it to such an extent that it is mostly stored in a centralized way.
Still, it's not too late to change, everyone can use DEX and store their coins in airgapped storage, and if the majority did that, people like Pascal, CZ or Brian Armstrong would become completely irrelevant.
Is there something wrong with Trezor at the moment? Just asking. It's an open-source and you can verify whether the code of bought hardware matches the publicly available open-source code.Still, it's not too late to change, everyone can use DEX and store their coins in airgapped storage, and if the majority did that, people like Pascal, CZ or Brian Armstrong would become completely irrelevant.
Yes, for the first time in history we got a decentralized currency but money and power always ruins the party. Decentralization is like an anarchy and in human life anarchy can't work because we, by nature, are social animals. People always try to form a group, to centralize and every group tries to gain as much power as possible and finally the strongest group takes over the weakest one and you know, then happens all the shit.
By the way, bitcoin gives us freedom but freedom comes with responsibilities, people don't like responsibilities, they want to give it away and when you give it away, you become a slave.
So there will be three companies holding your KYC data, duplicated across an unknown number of servers in an unknown number of locations with unknown security protocols and an unknown number of people with digital or physical access. Just like every other KYC, it will only be a matter of time before your information is leaked/hacked/shared/sold.
There is a country called Georgia and the data of their whole population is leaked and published online, maybe people from this country don't care about KYC anymore because it's already available for everyone for free 
What a shame man.Data Leak: Personal identifiable information of 4.9 million Georgians found online