🟪 Trust and trustlessness

Weekly Recap

“Now go away, or I shall taunt you a second time.”

“Bonjour, thank you for calling Ledger support, how may I assist you today?”

“Hi. I own a Ledger to protect my crypto assets. Can you tell me more about this new Recover feature?”

“Oui, certainly. Recover is a feature that allows users to backup their secret recovery phrase so that in the event it is lost, you can get your assets back. It is très useful!”

“Ah, sounds great. And I assume this is safe?”

“Quite safe. Absolutely safe. Completely safe. In fact only you, and Ledger, have access to your secret recovery phrase.”

“I’m sorry, could you repeat that?”

“Yes, only you, and Ledger, have access to your…”

“Wait… you have access to my secret recovery phrase?”

“That’s right.”

“But I don’t want you to have access to my secret recovery phrase! It’s supposed to be… well… secret.”

“Oh, ce ne’st pas un problème, we have always had access to it. And we’ve always been careful not to expose it to other people.”

“Wait — again — you’ve *always* had access to my secret recovery phrase?”

“Mais oui. Technically speaking it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.”

“Okay, so I suppose if I’m trusting you, I can audit your code to make sure that this thing does what you say it does?”

“Ah, non, I’m afraid this is not possible. We have non-disclosure agreements in place, and we’re not disclosing anything to you.”

“Well I suppose it’s been safe this long, so fair enough. As long as nobody else can get my secret recovery phrase. And you are absolutely sure about this?”

“Absolutely sure, Monsieur Rice. Without a subpoena, nobody can get access to your recovery phrase.”

“That sounds terrif… wait… without a subpoena?”

“Yes, of course, chéri, we are a compliant company.”

“Chéri? Never mind. So with a subpoena… then what?”

“Please hold while I consult with our one-time CEO” (La Marseillaise plays.)

“Thank you for holding. Yes, according to Eric Larchevêque, our former CEO, a government official could in theory get access to your funds.”

“So let me get this straight. Your company built firmware that can send you my secret recovery phrase; you deployed it in existing hardware; you won’t allow me to audit the code; you tell me it’s *always* been possible to extract my recovery phrase; and now I’m hearing that you could deliver it to a government official armed with the right paperwork?

And… you want me to provide you with my government ID and charge me for this?”

“That is correct, sir. Is not the trustlessness wonderful?”

(Click.)

Top Insights

1. Exclusive, Divisive, Unwelcoming: Yes, This Is Crypto for Women — Read

2. Is All This Bitcoin Traffic a Good Thing? — Read

3. NFT Startup Americana Thinks It Can Take on eBay — Read

4. This Ethereum Proposal Wants to Bring Revenue Back to Developers — Read

5. Sandwich Attacks: Stealing or Just Playing the DeFi Game? — Read

Top News

1. Tax Experts Share Best Practices While We Wait for IRS Guidance — Read

2. Ethereum Devs Issue Final Report on Finality SNAFU — Read
   https://blockworks.co/news/btc-backed-sustainable-token
3. AI To Be ‘Revolutionary’ for Exchanges: Crypto.com Product Head — Read

4. Coin Cafe Settles With NY AG, Ordered to Pay $4.3M Back to Customers — Read

5. ‘American Innovation Will Suffer’: Lawmakers Demand Clear Rules For Crypto — Read

What's Trending

Was this issue forwarded to you? Sign up here.

Written by @JonRiceCrypto

Follow us on Twitter, LinkedIn, Instagram and YouTube.