I love listening to What Bitcoin Did by nostr:npub14mcddvsjsflnhgw7vxykz0ndfqj0rq04v7cjq5nnc95ftld0pv3shcfrlx but man, those Ledger ads are getting annoying.
The ad read says Ledger is the "world leader in Bitcoin security" but that couldn't be farther from the truth.
Is a company that openly admits they can steal your #bitcoin at any time really a world leader in security?
Come on Peter, it's time to drop Ledger.
You payin Pete’s bills ?
Yes, I stream sats to him via nostr:npub1v5ufyh4lkeslgxxcclg8f0hzazhaw7rsrhvfquxzm2fk64c72hps45n0v5 when I listen
A few sats don’t pay tha bills bruh
That doesn't mean he should be misleading plebs into an insecure device. Plenty of advertising opportunities out there.
Then make the connections and hook him up with one! Don’t complain unless you got an answer lined up and ready lol
Ok how about Strike, River, Coinkite, Foundation, SeedSigner - I could go on.
I should not have to run his ad business for him for my critique to be valid. Ledger is a bad actor and his viewers are being misled.
Hypothetically if one wants to never open the ledger again and has been avoiding updates for over a year or more. Would a secure temporary solution be to open the seed on a Cold Card and add an encrypted password?
Adding a passphrase to a seed generates an entirely new wallet, so either way you would need to send your funds to the new wallet.
You are better off leaving the existing seed on Ledger (since it may be compromised), generating a new seed on a new wallet, and then transferring funds to the new wallet.
I bet if you can find a replacement, he'd switch. I don't know much in this arena, but I see the names River and Swan quite a bit. I bet they have some ad revenue. Maybe competitors to Ledger can make a co-op to afford ad space?
+1
watch one the other day and thought the same thing. ewww
Ledger’s DonJon is pretty great at security but the Ledger device is shit with the cucked keys.
How long does Ledger have to operate without anyone getting rugged before people stop shitting on them? Honest question.
My guess is sometime before peter schiff stops saying bitcoin has no value, but we shall see.
As long as they are complicit in making their customers keys vulnerable to capture, they will not stop getting shit on. And rightly so.
One can argue their customer (who choose to participate in that program) keys are not any more vulnerable than someone who is holding a key/seed with a family member or at a locker at the office/gym/etc.
This product may not be for everyone, but it’s for some people. Especially those doing multisig and those who don’t have a good place to store their seed phrase.
Pointing out the trade off is one thing, but the unnecessary FUD is cringe tbh.
multi-sig would be the only time I would consider this an option.
Why is multisig even a necessary solution?
It's not for 99% of people. What needs to stop is this convoluted idea that more keys is more secure for individuals cold storage. It's not.
Multi sig is for anyone that doesn’t want to have a single point of failure. There are many products and services that make this user friendly.
Just because you have one key doesn't mean you have 1 point of failure You can keep a single key and multiple spots. multi-Sig arguably is the single point of failure are missing one of any of the keys You have failed
Multisig is for multiple people (institutions) or more complex, trust less 2nd layer protocols (lightning) it's inherently worse than a single key for the individual.
It’s not without trade offs, but it’s not objectively worse than single sig for individuals. For some ppl single sig is a better option. I hope those people are strapped tho. Don’t want to fall prey to a $5 wrench attack
Sorry bud but you are objectively wrong. I hope those reading can understand and learn from your misconception
Sure pal
Have fun rugging yourself by introducing unnecessary complexity to your cold storage solution.
It's harder to secure multiple keys than it is to secure one key. That is a fact. Stop misleading people with your lack of understanding.
Be Dre
Get $5 wrench attack on your multisig.
Lose access to one of your keys
Attacker cannot get your coins
But now neither can Dre
Don't be like Dre
Lmao no one does m of m multisigs. But sure I should go to single sig, that will really protect against an attacker 😂 you crack me up. Top notch trolling or maybe you’re serious idk bless your heart either way
If you have a two of three multisig wallet you need two of three private keys and three of three public keys to move the fund If you do not have backups of your public keys then your funds are gone. Multi-Sig is not inherently more secure. You are just leaving more room for error yourself. There is no reason to use multi-sig if it is just funds for your individual use.
Bro what 🤨 it sounds like you’re assuming incompetency or imminent failure from individuals
If you lose just one key, you will lose access to your coins. This is not for individuals cold storage. I don't assume incompetency, I assume people make mistakes or forget things. Recommending multisig for individuals cold storage solutions shows your lack of understanding what multisig use case is actually for. If you would just listen to Anton in the video I linked maybe you will find some clarity.
There are multisig setups for individuals with no single points of failure
Except for losing one of the keys... Seems like a single point to me.
Wow. I guess I have to spell it out for you. By no single point of failure setup I left the door open to imply a multisig setup with redundant and robust backups for EACH key. Where failure of 1 backup would be time and space isolated.
If you are making backups of multiple keys, why have multiple? The only reason to have multiple is if you need more than one party to have access to funds. If you are an individual. 1 person. It is much more secure to have one key. It's the whole entire ethos behind the master password (bip-44). If you are an individual, multisig is introducing complexity to access funds for no reason. It is inherently easier to secure one key than it is to secure multiple. That's not really debatable.
Valid points. What about a security breach of your single key?
My single key that doesn't even exist on an electronic device and has never been on one that's touched the internet. The single key that can only be constructed with the seed words etched in titanium and kept in my personal safe. That would be one hell of a security breach.
Also valid. I appreciate the reminder to consider probabilities while assigning or forgoing redundancies.
It's not that I think multisig isn't a great technology or something that fortifies Bitcoin. But the truth is the vast majority of coins are lost to self rugging. That is a fact. I just want people to understand when it's necessary. Antonopolis explains it very well in the video I linked as well. Most people simply do not need it and have a misconception that it's inherently more secure when it's really not.
If someone points a gun to your family are you not going to open the safe?
A multi sig such as a 2 of 4 or 3 of 5 poses a greater challenge for an attacker to overcome as he now has to drive you to a second or third location to get the other keys, and it gives the user margin of error as he can afford to lose access to 2 keys and still be able to recover the funds. With a single key, while it works just fine in a lot of cases one most likely will either keep the seed and/or signing device at home where it is easy for an attacker to coerce you into giving up your key, or at a safety deposit box or similar location where a third party might be coerced by the state to give them access to your stuff (seed).
Granted not everyone is at risk of a physical attack depending on where you live and your lifestyle.
But when you have a large portion of your net worth in bitcoin I would think twice before having a single point of failure. That is why I said I hope everyone doing that carries a gun and is able to fight back against a physical attacker.
It was true in the past that a multisig was not user friendly for beginners, and many ppl lost coins because they fucked up something. That problem has been solved with collaborative multisig products like those offered by Casa, Unchained, Nunchuk, and others.
If you’re not already doing this I recommend you SEED XOR your key and implement a login countdown of at least 24hrs on your signing device if it happens to be a coldcard.
Sir ... I live in the United States. If someone points a gun at me or my family, I shoot them.
Seems like you have it all figured out. Carry on sir.
For everyone else that is not a trained killer, they might benefit from the points I made.
https://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md
Multiple single sig > a single multisig...
Secondly I won't waste my time with how ridiculous your scenario is. Multi sig won't help.
You can't lose any of the keys. If you have a 2 of 3 multisig, you need 2 private keys and 3 public keys to sign the transaction. If you don't have backups of the seed phrase for all 3 keys, your funds are gone forever. You're literally arguing about shit you don't even know how it works. I'm so done with the convos man. Anyone else reading, dyor. Don't believe Dre, because if you just think you know what you're talking about and are so arrogant you can't be bothered to humble yourself and listen to what someone else has to say, you can lose access to all your wealth as a result of your own hubris.
You're much better off with a decoy wallet than a multisig solution. But you admire complexity. There's a famous quote about that in computer science.
If you don't want one single point of failure, you need multiple wallets, not multiple signatures. One multisig wallet is still a one point of failure.
Third party data custodians are security holes. End of discussion.
If Ledger is holding private keys for customers it is not the most secure solution. It may be a super secure setup, but keys should not leave the device. Keys shoudl remain offline. That is a more secure model than hosting keys for customers. They might be the safest company out there, until the govt comes knocking. see EO6102.
Security is good enough, until it isn't.
You can't steal data that isn't there, so obviate this risk by NOT HAVING THE FUCKING KEYS ON A SERVER SOMEWHERE.
Ledger is holding an encrypted shard of the seed. Without collusion they can’t do anything. EO6102 is not a great example here. A better example would be when the gov went to Apple for user info, and that didn’t go the way they thought it would. It
Well the seeds have to be somewhere. They can be stolen in the physical world. I think the government would have a much easier time taking your seed phrase from your home or safety deposit box than having to go to 2 different companies. I’m not endorsing this product but keeping your seed phrase under the mattress is not much or any better if you fear a state attack.
we can argue in circles because it's all trade offs.
imoh, a cold storage hardware device offering the best security SHOULD NOT send private keys off the device. Do you control your physical security posture more than you control some random server's security posture? the more sovereign answer is holding your own keys and not letting them leave the device.
institutions or organizations have different trade offs, but for individuals, with their biggest stack on a single hardware wallet, DON'T USE LEDGER. YOU HAVE NO IDEA IF THE KEYS ARE SAFE.
That's just not true. It's not like you hold the decryption key. They / their third parties can decrypt the seed at any time. 
It is true, you just said it. The shards are encrypted. I never made a comment about who has the decryption key. I said collusion was needed for the custodians to take your money. The government can definitely try to get those shards, the same way they can come into your home and take your steel back ups.
If Ledger can unilaterally decrypt the shards to allow you to recover the seed, the encryption is kind of a moot point. They can recombine the shards and decrypt at any time.
And what's easier? The government raiding a million different homes to find a seed they think exists there?
Or the government sending a subpoena to 2 companies to gain access to tons of seeds they know exist there?
They can’t unilaterally get your seed, they need at least one of the other custodians to send a shard in addition to the one held by them. You don’t need to lie to criticize the product, which is my whole point. The encryption serves to protect against a bad actor trying to get into the servers, which matters whether the server is yours or not.
It is very unlikely that a government is gonna request millions of people’s shards. The more likely scenario is that they have individuals of interest for whom they can definitely get search warrants. And sure depending on the scenario a search warrant won’t do anything if the individual is savvy enough and was able to hide the backups well. But the state attack is not exclusive to this product.
The shitting will continue my friend. They are a wolf in sheep's clothing.
Ledgooor defendooors stay coping 🤡
Lmao
It ain’t me that looks silly peddling bad criticism. I just think we can all do better. Being the peter schieff of ledger ain’t it 😂
If you want to actually become unruggable like your bio says, you won't touch a Ledger.
Until then, your funds could be rugged at any time.
Assuming the funds are in a single sig and one uses this product and is also a person of interest to a gov. then I grant odds are reasonably high of getting rugged.
It's hard to take them seriously. They nor anyone else they know has ever seen the source, thus they have no real knowledge as what the device or server is capable of.
The very definition of trust, DON'T verify.
I’m sure all 8 billion people on earth are going to verify their hardware wallet’s open source code themselves instead of trusting other people that say it’s good lmao this must be the orange pillers rand0 is always talking about
Obviously it’s better to have the code be verifiable. No one is arguing that, that wasn’t even my point. I don’t even use ledger, but I’m not a mindless drone and can recognize that at a certain point if their customers don’t get rugged people need to give credit where it’s due, or at least stop the knee jerk FUD. Buy as I have learned that time frame is never. Some people will always hate the opposite team no matter what
It's about the ability to do so, that's what keeps people honest. Don't make hyperbolic bullshit scenario arguments. It's dumb.
After reading more through this thread, the main point was about nostr:npub14mcddvsjsflnhgw7vxykz0ndfqj0rq04v7cjq5nnc95ftld0pv3shcfrlx endorsing a product to noobs that might potentially get them rugged so he can pad his pockets. Just like he did with Compass Mining. It's a shitty thing to do.
Way too far in weeds.
Fuck closed source for your money saving technology. Stop recommending shit like that when there are much better alternatives. Like a lot more that are way better.
I concur wholeheartedly. When Peter endorses Ledger & Wasabi by reading their ads on his show, it makes it clear that he's either tone deaf or doesn't give a shit.
Makes me way less likely to listen or recommend his pod.
We all money bitches 🤷🏻♂️
And the casino adds. Fine you want to have a gamble, but do it with fiat, not #bitcoin
I ordered 2 ledgers to use as part of a multisig wallet, then I heard about the vulnerability and couldn't return them 🙄
Shoot it / burn it / smash it
Makes for a good video 😂
And the soccer talk. And the casino sponsor. And the wasabi sponsor.
%20-%20Profi.png/:/cr=t:7.63%25,l:7.63%25,w:84.75%25,h:84.75%25/rs=w:1536,cg:true,m)
