Last month, Ledger launched its latest feature into a full-blown firestorm.
The French hardware wallet provider envisioned its paid, optional Ledger Recover subscription service as a safety net for users to recover their digital assets in the case of a lost or forgotten seed phrase. However, the company quickly found itself embroiled in controversy with critics claiming the service, which encrypts and stores fragments of user seed phrases with three parties, undermined its walletsā security and contradicted previous claims that private keys never leave the devices.
The blowback prompted CEO Pascal Gauthier to postpone the launch, accelerate the companyās open-source roadmap, and pen an open letter to Ledger users apologizing for the āunintentional communication mistake.ā
One month after the uproar, Ledger Chief Experience Officer Ian Rogers sat down with nft now for a reflective interview on lessons learned from the outcry, the challenges of communicating in web3, and the future of digital security.
Matt Medved: Ledger received significant backlash for the rollout of Ledger Recover. What did you learn from it?
Ian Rogers: The trouble that we got into with it was twofold. We really underestimated peopleās response, and I apologize for thatā¦ I would have loved to have had an argument about the merits of the product rather than the merits of Ledger. I wasnāt really prepared for the debate we ended up having. We were surprised that the main question was, āHow is this even possible?ā
If you sign transactions, your hardware wallet has your private key. It protects your private key and you confirm access on a secure screen with buttons connected to a secure element, but it does use your private keyā¦ There were lots of people in the music business that wanted digital rights management in the 90s and 2000s, and the joke was that the only way to really protect music so people canāt bootleg it is to make it so no one can hear it. Obviously, that wasnāt a real solution.
Exciting update, Ledger has a new product, Ledger Recover, thatās launching soon: https://t.co/nT1VHnnSYz
š§µHereās what Ledger Recover is and what it isnāt, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK
ā Ledger (@Ledger) May 16, 2023
If thereās a silver lining, itās that people now understand how Ledger works better. You need to have access to your private key to sign a transaction, so where do you want that to be? You could be on an exchange where you just have an account and let someone else worry about the back end, but now you have the challenge of āDo I really have any crypto?ā You have the FTX problem. Are you in a software wallet where your private key might be available to any app running in your web browser. Thatās scary. Are you in a piece of software on your phone where anyone can have access to your private key if your phone gets routed? Is it a secure enclave with the risk of being routed when you come out to do an operation? Or a hardware wallet with an open-source chip that isnāt secure? Or do you want a hardware wallet like Ledger, which has a purpose-built operating system that is always directly connected to a secure element and secure screen buttons that you are prompted to push anytime your private key is accessed? Thatās really your decision tree.
We were actually quite happy to be pushed to open-source by the community. Despite criticisms, Ledger is majority open-source. Weād like to open source as much as possible, with the exception of the secure elementā¦ Prioritization is the name of the game in any startup, no matter how big you are. Seeing the response, we said, āWeāre happy to share the code.ā After all, our motto is āDonāt trust, verify.ā
Ledgerās mission is, and will always be, to provide our users with the right tools to own their digital value securely.
We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.
A thread š§µ pic.twitter.com/Dv0jBCM4Ys
ā Charles Guillemet (@P3b7_) May 23, 2023
Respected devs like 0xfoobar were saying, āStop using Ledger hardware wallets.ā How do you address the challenge of communicating these concepts in this fast-paced, 24-7 space?
Thatās a great question. Iād handle it differently. Timing matters. Weāve been talking about it publicly for so long and received only good feedback. People say, āOh yeah, thatāll bring a lot of people to self-custody.ā But the way you tell people really matters. Thatās also where we screwed up here because this leaked out a week ahead of when we were planning to announce it through some vague release notes. So people didnāt really know what we were offering and jumped to conclusions. We were on our back foot trying to explain what it was. Where I think if weād have come out saying, āHey, hereās the service. Itās optional, itās 10 bucks a month.ā People might say, āDonāt use that service,ā which is different than saying āDonāt use Ledger.ā
So, we could have approached this differently. There are two separate markets: those who have known us and our product for a long time, mainly on Reddit and Twitter, and the newcomers. The lesson for me and Ariel is that itās impossible to communicate effectively with both groups at once. They have different expectations and levels of knowledge. A newcomer might thank us for Ledger Recover, while a long-standing Ledger user might vow never to provide their government ID onlineā¦ A fundamental belief of Ledger is that participation is always your choice.
I want to address the feedback over Ledger Recover, the way it was communicated, and share our path forward. Read my letter and join our town hall with our leadership team to learn more.
š§µš https://t.co/2hlPrMwzaN pic.twitter.com/juVBOpWeeG
ā Pascal Gauthier @Ledger (@_pgauthier) May 23, 2023
Part of our mission at nft now is seeing this technology go mainstream. The debate was interesting because I understood the concerns of crypto purists around a new potential attack vector, while also understanding that retail users are not going to go through convoluted op-sec steps. How do you reconcile that?
Ledger is almost 10 years old at this point. When they added Ethereum support in 2016, people lost their minds. When Bluetooth was introduced to Ledger, people saw it as another attack vector. Itās not and you can read endless security things on why it isnātā¦ But the reality is that having access to your private key is not an additional attack vector. Itās hard to get people to understand that as they didnāt understand how it worked to begin withā¦ Iām totally empathetic. It shouldnāt be on every user to understand that.
But Iām in the same boat as you where I had a board meeting with Dr. Martens last week and talked to them about what Nike is doing with dotSWOOSH. Iām having meetings with artists and talking about how important it is that they think about the security of where their contracts are protected. Iām having dinner with a couple of folks from the NFT community tonight, including Betty from Deadfellaz and Benoit from RTFKT. Their security is literally the security of their communities, right? They have a lot of people in their communities who have one NFT. Do we need to care for those people too? Thatās the challenge.
āOne of my fundamental beliefs is that we donāt have a mass culture. We havenāt for a long time.ā
Ledgerās Ian Rogers
The lesson is that we really need to have a different communication plan for each of those audiences. One of my fundamental beliefs is that we donāt have a mass culture. We havenāt for a long time. Nike talks to skateboarders differently than they talk to footballers. That makes sense. Weāre not an infinite number of people, so thatās not always practical, but thatās whatās required.
The ERC 4337 standard has the potential to simplify the use of wallets and also store private keys on a smartphoneās security module. How does that potentially impact Ledgerās business?
I think account abstraction is a real boon for hardware wallets down the road because now youāve got this scenario where you can just add security. You can go from having a software wallet to having another factor. As a consumer, youāll be able to program what you can do with what, and you would be crazy not to set those rules with a hardware wallet.
I picture a world like the world we live in now, which is quite heterogeneous. If I open my wallet, I have a bunch of different ways of identifying myself and ways of paying for things that have different rules around themā¦ Iāve got a checking account and a savings account and a brokerage account and a little bit of cashā¦ I think weāll have that same thing just with digital value and youāll be able to set all kinds of user-defined and user-generated rules around that. There will be certain things you will protect with hardware, for example, a huge sum of value. Setting those rules with a software wallet would not be wiseā¦ There will be other things where you set a daily limit or whatever youād like. Itās going to take some time before itās really something that the average person is using. But I think itās a bit of a promised land and secure hardware has an important role to play there. Itās really important that people realize there is no software that will make your insecure hardware secure. You need to get that idea out of your head.
āItās not all just about monetary value. People who donāt understand the space miss this one.ā
Ledgerās Ian Rogers
If you have 20 bucks in your wallet, thereās no security on that. Thatās fine. Itās not the end of the world if you lose it. I always remind people, especially in the NFT space, that itās not all just about monetary value. People who donāt understand the space miss this one. They think that the whole world of crypto is just about money and get-rich-quick. I donāt see it that way at all. When my mom was born, there was not much plastic in the world. Now thereās a lot of plastic in the world. Itās hard to imagine a world without plastic. When we were born, there was no digital stuff in the world. When weāre our parentsā age, thereās going to be a lot of digital stuff. Just like plastic, most of it wonāt be valuable but it will be useful in some way in our lives. It is a new class of stuff that will need different levels of security, depending on its overall value. Some of that value will be sentimental. In the 90s, if you smashed my car window and stole my CD wallet, itās not like I couldnāt pay rent anymore. You didnāt take my life savings, but Iām super bummed. I spent years collecting those. I love those records. And thatās how Iād feel if you took my Tezos wallet. Those are a bunch of artists that I love and I have relationships with.
This interview transcript has been edited for concision and clarity.
For the full and uncut interview, listen to ourĀ podcast episodeĀ with Ledgerās Ian Rogers.
