Last month, Ledger launched its latest feature into a full-blown firestorm.
The French hardware wallet provider envisioned its paid, optional Ledger Recover subscription service as a safety net for users to recover their digital assets in the case of a lost or forgotten seed phrase. However, the company quickly found itself embroiled in controversy with critics claiming the service, which encrypts and stores fragments of user seed phrases with three parties, undermined its walletsâ security and contradicted previous claims that private keys never leave the devices.
The blowback prompted CEO Pascal Gauthier to postpone the launch, accelerate the companyâs open-source roadmap, and pen an open letter to Ledger users apologizing for the âunintentional communication mistake.â
One month after the uproar, Ledger Chief Experience Officer Ian Rogers sat down with nft now for a reflective interview on lessons learned from the outcry, the challenges of communicating in web3, and the future of digital security.
Matt Medved: Ledger received significant backlash for the rollout of Ledger Recover. What did you learn from it?
Ian Rogers: The trouble that we got into with it was twofold. We really underestimated peopleâs response, and I apologize for that⌠I would have loved to have had an argument about the merits of the product rather than the merits of Ledger. I wasnât really prepared for the debate we ended up having. We were surprised that the main question was, âHow is this even possible?â
If you sign transactions, your hardware wallet has your private key. It protects your private key and you confirm access on a secure screen with buttons connected to a secure element, but it does use your private key⌠There were lots of people in the music business that wanted digital rights management in the 90s and 2000s, and the joke was that the only way to really protect music so people canât bootleg it is to make it so no one can hear it. Obviously, that wasnât a real solution.
Exciting update, Ledger has a new product, Ledger Recover, thatâs launching soon: https://t.co/nT1VHnnSYz
đ§ľHereâs what Ledger Recover is and what it isnât, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK
â Ledger (@Ledger) May 16, 2023
If thereâs a silver lining, itâs that people now understand how Ledger works better. You need to have access to your private key to sign a transaction, so where do you want that to be? You could be on an exchange where you just have an account and let someone else worry about the back end, but now you have the challenge of âDo I really have any crypto?â You have the FTX problem. Are you in a software wallet where your private key might be available to any app running in your web browser. Thatâs scary. Are you in a piece of software on your phone where anyone can have access to your private key if your phone gets routed? Is it a secure enclave with the risk of being routed when you come out to do an operation? Or a hardware wallet with an open-source chip that isnât secure? Or do you want a hardware wallet like Ledger, which has a purpose-built operating system that is always directly connected to a secure element and secure screen buttons that you are prompted to push anytime your private key is accessed? Thatâs really your decision tree.
We were actually quite happy to be pushed to open-source by the community. Despite criticisms, Ledger is majority open-source. Weâd like to open source as much as possible, with the exception of the secure element⌠Prioritization is the name of the game in any startup, no matter how big you are. Seeing the response, we said, âWeâre happy to share the code.â After all, our motto is âDonât trust, verify.â
Ledgerâs mission is, and will always be, to provide our users with the right tools to own their digital value securely.
We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.
A thread 𧾠pic.twitter.com/Dv0jBCM4Ys
â Charles Guillemet (@P3b7_) May 23, 2023
Respected devs like 0xfoobar were saying, âStop using Ledger hardware wallets.â How do you address the challenge of communicating these concepts in this fast-paced, 24-7 space?
Thatâs a great question. Iâd handle it differently. Timing matters. Weâve been talking about it publicly for so long and received only good feedback. People say, âOh yeah, thatâll bring a lot of people to self-custody.â But the way you tell people really matters. Thatâs also where we screwed up here because this leaked out a week ahead of when we were planning to announce it through some vague release notes. So people didnât really know what we were offering and jumped to conclusions. We were on our back foot trying to explain what it was. Where I think if weâd have come out saying, âHey, hereâs the service. Itâs optional, itâs 10 bucks a month.â People might say, âDonât use that service,â which is different than saying âDonât use Ledger.â
So, we could have approached this differently. There are two separate markets: those who have known us and our product for a long time, mainly on Reddit and Twitter, and the newcomers. The lesson for me and Ariel is that itâs impossible to communicate effectively with both groups at once. They have different expectations and levels of knowledge. A newcomer might thank us for Ledger Recover, while a long-standing Ledger user might vow never to provide their government ID online⌠A fundamental belief of Ledger is that participation is always your choice.
I want to address the feedback over Ledger Recover, the way it was communicated, and share our path forward. Read my letter and join our town hall with our leadership team to learn more.
đ§ľđ https://t.co/2hlPrMwzaN pic.twitter.com/juVBOpWeeG
â Pascal Gauthier @Ledger (@_pgauthier) May 23, 2023
Part of our mission at nft now is seeing this technology go mainstream. The debate was interesting because I understood the concerns of crypto purists around a new potential attack vector, while also understanding that retail users are not going to go through convoluted op-sec steps. How do you reconcile that?
Ledger is almost 10 years old at this point. When they added Ethereum support in 2016, people lost their minds. When Bluetooth was introduced to Ledger, people saw it as another attack vector. Itâs not and you can read endless security things on why it isnât⌠But the reality is that having access to your private key is not an additional attack vector. Itâs hard to get people to understand that as they didnât understand how it worked to begin with⌠Iâm totally empathetic. It shouldnât be on every user to understand that.
But Iâm in the same boat as you where I had a board meeting with Dr. Martens last week and talked to them about what Nike is doing with dotSWOOSH. Iâm having meetings with artists and talking about how important it is that they think about the security of where their contracts are protected. Iâm having dinner with a couple of folks from the NFT community tonight, including Betty from Deadfellaz and Benoit from RTFKT. Their security is literally the security of their communities, right? They have a lot of people in their communities who have one NFT. Do we need to care for those people too? Thatâs the challenge.
âOne of my fundamental beliefs is that we donât have a mass culture. We havenât for a long time.â
Ledgerâs Ian Rogers
The lesson is that we really need to have a different communication plan for each of those audiences. One of my fundamental beliefs is that we donât have a mass culture. We havenât for a long time. Nike talks to skateboarders differently than they talk to footballers. That makes sense. Weâre not an infinite number of people, so thatâs not always practical, but thatâs whatâs required.
The ERC 4337 standard has the potential to simplify the use of wallets and also store private keys on a smartphoneâs security module. How does that potentially impact Ledgerâs business?
I think account abstraction is a real boon for hardware wallets down the road because now youâve got this scenario where you can just add security. You can go from having a software wallet to having another factor. As a consumer, youâll be able to program what you can do with what, and you would be crazy not to set those rules with a hardware wallet.
I picture a world like the world we live in now, which is quite heterogeneous. If I open my wallet, I have a bunch of different ways of identifying myself and ways of paying for things that have different rules around them⌠Iâve got a checking account and a savings account and a brokerage account and a little bit of cash⌠I think weâll have that same thing just with digital value and youâll be able to set all kinds of user-defined and user-generated rules around that. There will be certain things you will protect with hardware, for example, a huge sum of value. Setting those rules with a software wallet would not be wise⌠There will be other things where you set a daily limit or whatever youâd like. Itâs going to take some time before itâs really something that the average person is using. But I think itâs a bit of a promised land and secure hardware has an important role to play there. Itâs really important that people realize there is no software that will make your insecure hardware secure. You need to get that idea out of your head.
âItâs not all just about monetary value. People who donât understand the space miss this one.â
Ledgerâs Ian Rogers
If you have 20 bucks in your wallet, thereâs no security on that. Thatâs fine. Itâs not the end of the world if you lose it. I always remind people, especially in the NFT space, that itâs not all just about monetary value. People who donât understand the space miss this one. They think that the whole world of crypto is just about money and get-rich-quick. I donât see it that way at all. When my mom was born, there was not much plastic in the world. Now thereâs a lot of plastic in the world. Itâs hard to imagine a world without plastic. When we were born, there was no digital stuff in the world. When weâre our parentsâ age, thereâs going to be a lot of digital stuff. Just like plastic, most of it wonât be valuable but it will be useful in some way in our lives. It is a new class of stuff that will need different levels of security, depending on its overall value. Some of that value will be sentimental. In the 90s, if you smashed my car window and stole my CD wallet, itâs not like I couldnât pay rent anymore. You didnât take my life savings, but Iâm super bummed. I spent years collecting those. I love those records. And thatâs how Iâd feel if you took my Tezos wallet. Those are a bunch of artists that I love and I have relationships with.
This interview transcript has been edited for concision and clarity.
For the full and uncut interview, listen to our podcast episode with Ledgerâs Ian Rogers.