WBD661 Audio Transcription

Ledger Recover with Pascal Gauthier, NVK, Matt Odell & Harry Sudock

Release date: Monday 22nd May

Note: the following is a transcription of my interview with Pascal Gauthier, NVK, Matt Odell & Harry Sudock. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.

Pascal Gauthier is the CEO of Ledger, NVK is the founder of Coinkite, Matt Odell is a podcaster and Bitcoin educator and Harry Sudock is Cheif Strategy Officer at Griid. In this interview, we host a group discussion, regarding Ledger’s Recover firmware update. We talk about the questions this update has raised about the trade-offs between mitigating seed recovery risk over state seizure risks. 


“The thing with security is it works today, the question is: is it going to work tomorrow? There are new attackers, there’s new ways to attack etc which is why security is an always-evolving technology. ”

Pascal Gauthier


Interview Transcription

Peter McCormack: Welcome everyone.  There wasn't a lot of planning to this.  Fortunate circumstances, we're all in Miami at the same time.  For anyone listening, we're going to be probably discussing Ledger a lot.  They're a sponsor of mine, so I'm going to sit neutral to this.  We've got Pascal, CEO of Ledger here; we've got Matt Odell, podcaster, Mr Privacy; we've got NVK, he has a competitor product to Ledger, so comes with certain opinions; and we've also got our good friend, Harry Sudock, who is a miner, more neutral than I would say probably NVK and Matt.  To kick this off, I think we should start, Pascal, you've just announced a new product, not everyone listening to the podcast will know about it; do you want to just explain what the product is?

Pascal Gauthier: Yeah, it's a new service rather than new product.  It's something that will be enabled in your Nano S Plus, Nano X, and soon Ledger Stax, and it's a seed recovery product or service, seed recovery service.  When you set up your wallet in Nano, you end up with in one hand your Nano with a pin code, and in the other hand you have those 24 words, and those 24 words then you have to hide them somewhere.  We thought that everything that exists in terms of recovery of the 24 words today is weak.  Most people actually are not in self-custody for that reason and this is why they leave their coins on exchanges, and we know that this is not the right way of doing it.  And when they use a non-custodial wallet, usually what happens is those 24 words end up on a piece of paper somewhere or even worse, in the cloud or even worse, various ways of keeping the 24 words that are not very satisfactory in terms of recovery.  And the thing is, once you have those 24 words, you're solely responsible for your coins and eventually your losses. 

Peter McCormack: All right, cool.  

Pascal Gauthier: Attends, so you're responsible for the coins and your losses, and so going forward, it's not possible to think that hundreds of millions of users are going to onboard self-custody and take care of the 24 words, that's not what's going to happen.  Actually most users that talk to us say that they don't trust themselves with the 24 words, so we needed to come up with a service that helps you store the 24 words somewhere, but not the entire 24 words.  So, we encrypt and shard, and then we store into three different locations, and only you can retrieve the 24 words.  So, that's the service that we're taking to market, and that's created some fun, I guess, on Twitter yesterday and today.

Peter McCormack: Okay.  So, I'm going to start with Harry, just because I think, if anything, you're the most neutral.  Your interpretation, because it's been all over Twitter the last few days, what is your interpretation; do you have any specific questions for Pascal?

Harry Sudock: Yeah, so I guess my questions and discomfort is just a function of, how does my signing device interact with the software on my computer and whether it's an upgrade or a change to that package of software, how does that happen and what does that expose me to?

Pascal Gauthier: So, at first, it's not exactly like that.  So, you have three components: you have the hardware; you have the operating system that runs the hardware; and then you have the software.  Here, this is not a software upgrade, this is an operating system upgrade.  The operating system upgrade only happens if you validate the upgrade yourself, meaning that we cannot push any upgrade into your device without your consent.  The device works always the same way, which is it's only with user consent, which is pin and pressing on those two buttons, that anything can happen on your device.  And so this is really how it works. 

When we offer an upgrade for the device, really the security of your ledger is not really changing, because what you do with the operating system and the device for any action really is to trigger functionalities, "I want to sign this, I want to do this, I want to do that".  So there is nothing that loses your control.  There is a misconception that suddenly something is happening in the device that is not under your control because we're pushing an upgrade or because we are creating a backdoor, etc, but that's not the case.  The device always works the same, which is it's under your control only and it does things only if you do the pin code and press the buttons.

Peter McCormack: And I'm fully aware that Bitcoin maximalists tend to prefer products that are Bitcoin only, but up until this week, I'm also aware that a lot of bitcoiners are happy with Ledger as a device, they think it was a good device, they think it is a good device.  And so I'd be interested, Matt, your perspective now and any specific questions you have for Pascal.

Matt Odell: Well I mean, so you introduced me, I think your audience is very familiar with me because I come on the show a lot. 

Peter McCormack: Of course, yeah.

Matt Odell: But the potential conflict is that I'm a partner at Ten31, the largest Bitcoin-only venture fund in the space, and we're the only outside investors in Coinkite; so, that's the actual conflict.  Also, I'm a user of Coinkite products, I have been for many years.  I mean, I think the big concern here is a concern that many people have had in the space in the past, which is that Ledger is a closed-source product.  And as a result, because it's a closed-source product, you can't actually verify if the firmware updates that you ship to the device are actually doing what you say they're doing.  And I think this scenario, this situation with this particular recovery service has highlighted that because people have concerns that you might ship an update to a Ledger device that is malicious and extracts keys from the device. 

We saw it today on Twitter, one of your support people basically said as much as that.  They said, "At the end of the day, the trust trade-off with Ledger is that you have to trust us not to ship a malicious update to your device that steals your Bitcoin".

Pascal Gauthier: Yeah, so the tweet that you refer to was a bad tweet and we are under a lot of pressure, and the guys that are doing customer success are doing their best to answer all questions, etc.  So, it was very poor wording.  Actually, we took the tweet away, we said that we took the tweet away, we're not trying to hide from the mistakes, and then we reformulated the tweet into something that is more accurate to what we actually do.  So, that tweet was incorrect, and it was an honest mistake from a customer success agent that was trying to do his best to explain how this works. 

When it comes to open source versus closed source, first of all, open source is not a panacea in terms of security.  I mean, if you give me a Trezor right now, give it to my Donjon, they extract the private keys in 30 seconds.  So, open source is not a panacea in terms of security.  The reason why some of what we do is closed source is not because of Ledger.  It's because contrary to what Trezor does, and I don't want to slam-dunk on Trezor because I like these guys --

NVK: No, no, please do! 

Pascal Gauthier: Yeah, okay.  No, but I think everybody's trying to do a good job.  But they don't use a secure element, they use a chip that you would find in your toaster, and so this is why it's so easy to extract the private keys.  And so of course, all these chips are open source.  When we use a secure element, there's part of it that is closed source, but it comes from the manufacturer of the secure element.  If it was just for us, and actually we asked STMicroelectronics many times to open source everything, and they don't want to, but that's got to do with their security interests.

NVK: Yeah, but are you guys PCI certified or just FIPS?

Pascal Gauthier: That's a great question for Charles and Nicolas, I'm not the technical guy.

NVK: No, that's fair.  So for example, what we do is we do have two secure elements, right?  But we do have the source code fully open verifiable, so you can go and you can review the code and you can build it yourself.  So, it is possible to make devices that have secure elements, that there is an NDA that we have to sign to use that chip; but the code that configures that, that runs, sort of resolves that sort of obscurity. 

I absolutely agree with you, people don't understand that just being open source just solves all the problems, because it doesn't, there's a lot of bad stuff out there.  By the way, I am a fan of the product, I've been dealing with your team for many years, you guys do a lot of pen testing for us.  You guys spend like $0.5 million breaking our devices!  But there are ways of doing this stuff in a way that I believe we can find a better trade-off, and that's why I built my product in the way that we do.  Because trust for what it is, is everything, right, and that's part of the brand, and I think you guys are taking a pounding on this because it's amazing to me that people just figured out now that you could do anything and hurt them economically, by exposing their seeds or whatever.  You're not a malicious actor, you're a business, and you do audits and everything, but it's just surprising that they just figured out now that you could do something to the firmware that they may not like.  So, you guys can resolve that through audits and other things, and that's the path. 

Pascal Gauthier: Certification, yeah.

Matt Odell: Exactly, right?

Pascal Gauthier: And we do, actually.  We are, I think, the only hardware wallet that has been certified by a third party.  The Nano S, Nano S Plus, and Nano X have all been certified by the ANSI.  And I'm not talking about the chip, which is certified, I'm talking about the product.

NVK: It's the full stack, yeah, I understand.

Pascal Gauthier: And now you can say, okay, I don't trust the ANSI, or I don't trust third-party verification, which is fine, but they have access to everything.  They actually do a really good job at making sure -- and just for everyone to understand, the ANSI is a governmental agency whose job is to make sure that when you take a cryptographic product to the market, for security, it actually does what it's supposed to do, and these guys are hardcore and serious.  And also, 80% of what we do is open source, and I think in the end, this is not exactly true.  I mean, we are trying to spin this in a way that we say, first of all, the number of people that are capable of opening an open-source code of that complexity and really looking into it, maybe you can do it. 

NVK: My users do.

Pascal Gauthier: Yes, but there are very few people on the planet that can do that.  So actually, that doesn't really work for the general audience because they cannot do it themselves.  And what works though, and especially in security, is time and testing through time.  So, when you have 6 million devices that have been out there for almost ten years now, they are not hacked, there is no backdoor, etc, in the end the proof is a bit in the pudding.  And typically, there are a lot of problems right now with this feature and people are imagining things, but when we're going to release the feature and it's going to be in the market for 2 months, 3 months, 6 months, 12 months, 18 months, and that it will be no hack and no backdoor, this is also how you bring back confidence in the space.

NVK: Yeah, so here's the thing, there's a lot to unpack there.  So first is, I mean, it is absolutely true that most people would never be able to check source code, but that's why we have deterministic builds, right?  That means that the code can be reviewed by somebody that can review, that's not part of the company, that can vouch that the code does what it does, and the signatures check, right, so there's no room for anybody to get in there.  What else?  I mean, then there's the issue, I guess --

Pascal Gauthier: But again, all of this is because there's an assumption that Ledger suddenly turned rogue and could be a malicious actor.

NVK: This happened to Gemalto.  You know Gemalto, big French secure chip maker, right?  They were all full spooks there and they were leaking keys and giving everybody back doors and it was a disaster.  It has happened to Crypto AG as well.  So, the idea is not that you guys are bad guys, which I don't believe you are.  I am a fan and a friend of Guillemet, your CTO, we've been talking on the back for many years, but the idea here is that we don't have to trust if we use the tools in certain ways. 

So I can just say, just literally don't trust me as a company; that's my goal.  I know it's a little different for you guys.  You guys are trying to approach a bigger market that has people who are very new to Bitcoin and you're trying to make it easy.  It's an interesting feature, by the way.  I just think that if you're going to do something like that, and this is my opinion, there are ways to first describe this to people, which I think is part of the problem of how this whole Twitter thing happened.

Pascal Gauthier: No, but the problem is not the way that you described it.  The problem is the team that pushed, we pushed a release that wasn't supposed to be pushed and so users discovered the feature was a firmware upgrade, which is unpleasant at best, because then the content to explain what it was wasn't released, so for a few hours it was just that push and people were like -- which is what created the FUD actually because people were like, "Oh, shit, now that this is coming online, no one told me anything and so what are these guys doing?" 

The normal way of communication should have been, "This is the product, this is how it works, and by the way, we're pushing it next week", or something like that, which was the original plan.  So there was a fuck up, not even in terms of communication, but in terms of sequencing of the release of the product.  This is what created the FUD.

NVK: Is there a concern, because this new recovery system that you have is KYC based, right?  So now you're storing KYC data, and KYC data could be leaked.

Pascal Gauthier: We are not storing it, but a partner is also.

NVK: A partner, but the partners get hacked, and it happens, right? 

Pascal Gauthier: I mean, it happened. 

NVK: Yeah, I wasn't going to get in there, that was not my intention.  But I'm just saying, you know, but again, that's an honest sort of trade-off that users should know, right, that KYC data could be stolen from a third partner and that's it, right?

Pascal Gauthier: By the way, all of this is optional.  You don't have to use it.

NVK: Of course.  But now my question is, you do have now the seed sort of sharded between these parties, and they are essentially unencryptable without the user, right; it's kind of the whole point?  So, is it a concern now that you have third parties that could have access to customer funds without them authorising that if they collude?

Pascal Gauthier: You know, we're talking about the realm of what's possible and the worst-case scenarios, etc.  In 99% of the cases, there is no collusion that is really possible between the three entities, and the way that this is built -- we've released a lot of content.  The way that this is built, only the user can call back the three shards.  The only concern really is if we get subpoenaed by a government to say, "This user specifically, we would like you to retrieve the three shards", etc.  So, that's not a real concern in the end, because for several reasons.  One, you only get subpoenaed like this by governments if it's a serious act, like terrorism, drugs, etc.  It's not true that the average person gets subpoenaed every day.

Peter McCormack: Can I just interrupt there?  Coinbase had all their customer data subpoenaed by the IRS.

Matt Odell: John Doe.

Peter McCormack: Yeah.  And so they had to supply every customer, was it over $10,000 or $20,000? 

Matt Odell: $20,000.

Peter McCormack: $20,000.

Matt Odell: Over a three-month rolling period.

Peter McCormack: And they gave all their --

NVK: And Coinbase fought back, because they wanted --

Pascal Gauthier: But Coinbase is a bank, this is not a banking service, so it's very different.

Peter McCormack: But what I'm saying is, the IRS wanted that information.

Pascal Gauthier: There is no information for the IRS on this.

NVK: Well you do have xPubs, but you had them before too on LedgerLite, right?

Pascal Gauthier: I mean, there is no real information for the IRS on this, etc.  And by the way, again, there will be trade-offs in the future.  So, we're not saying that -- if you're uncomfortable with this, you can keep your 24 words and keep doing what you're doing today; this doesn't change anything, okay?  It doesn't change anything, it doesn't create a backdoor, we can come back on open source, no open source, but in the end, we are good actor, we don't create backdoors in our users' device.  And by the way, if we did, the business goes south very quickly.  We are trying to build a big business, so creating backdoor in our user devices is a bad practice, but also because it will be seen.  It's something that if it happens, it's seen.  You can't hide that.

NVK: The issue is not maliciousness from you, right, you want to grow a business.  The issue is always you have a rogue employee, you have a state actor that embeds in the company.  These things happen, and it happens within the security industry a lot. 

Pascal Gauthier: In the way that we've explained this, in the way that we built the firmware, you can't have one person, not one person controls the firmware, so not one person can put rogue code in through the firmware.  No one can actually tell us what to do with the firmware, unless we go to jail, but that's a different thing.  By the way, when this happens, like let's say that suddenly the French government decide that, okay, Ledger no more, and so now we're going to control the firmware, etc.  By the time that this happens, then there will be a message out there to say to all of our customers, "Move your funds away from Ledger". 

This is a real scenario if suddenly France goes into a tyranny, which is not today, but if it was China, okay, then I wouldn't trust the Chinese actor with this for sure, and for the reason that you're exposing, but there is a certain amount of trust that we still need to have in this marketplace because the "don't trust, verify" is true to a certain point.  There are elements of trust that you still need to have in terms of what product you're going to use, who you're going to trust, who you're not going to trust, etc.  Look at Coinbase business.  It's based on the trust that you have with Coinbase.

NVK: Oh, this is the thing.  This is maybe where I sort of diverge from a little bit of the rhetoric on Twitter, is that I think there'll be a lot of trade-offs. 

Pascal Gauthier: This is the most important point.  The problem that we have right now, no one does self-custody today in this business.  Self-custody is the small part of the iceberg.  The big part of the iceberg is everybody is in custody.  And so when we're thinking about what's best for the industry and how to go forward, this is the real question.  You have 400-plus million users that are doing crypto.  How many users do you have?

NVK: We have a few.

Pascal Gauthier: No, but how many?

NVK: We don't divulge numbers.

Pascal Gauthier: Why not?

NVK: Because we don't.

Pascal Gauthier: But why not?  Don't trust Verify?  Why aren't you open source?

NVK: My business is private.  I'm a private company.

Pascal Gauthier: Okay, so we sold 6-plus million devices, and that's on 400-and-something million users.  You sold probably 1 million or 2 million, let's say, so that's 8 million; Trezor sold 1 million or 2 million, let's say 10 million, etc, and that's devices; there's more than one device per user.  So actually, you've got 10 million users that are doing self-custody today with hardware wallets, which is the best security out there.  So to me, this is a real concern.

NVK: See, I think you're missing my point.  I was actually supporting your feature here.  Because see, Coinbase is the worst possible way somebody could possibly have Bitcoin, right?  I mean, it's just horrible, it's an IOU, they're not good actors, and you don't own your Bitcoin.  So, what I was going to say is, I'd rather people upgrade that to something like you have now, as long as these concerns, these features are explained in nauseam to them, because people need to understand where -- I know you may think it's sort of very unlikely and it's not possible, we are good people; but I think users, and this of course goes counter-marketing, but users need to be reminded 50 times that these are the risks.  So you could have collusion between actors, you could have bugs, you could have…

So for example, you now have an API in your firmware, right, which is really the OS of secure enclave there, to extract seeds.

Pascal Gauthier: No, to extract encrypted shards. 

NVK: Sure, sure. 

Pascal Gauthier: Yeah, well okay, but when you say it like that, people hear, "Extracting seeds from the device", which is not what we're doing.  It's an important distinction.

NVK: Hang on, I'm going to get there.  So the issue now is you have this system, and if you got the encryption done wrong, for example, there is an implementation issue on the sharding, maybe there are leaks.  No device is --

Pascal Gauthier: What do you mean, there are leaks?

NVK: No, there's leaks of the private key when this operation is happening.  That could happen; the device is unlocked.

Matt Odell: Well, it's a single key, right?  Ledger has one key that they're encrypting all the shards with, right? 

Pascal Gauthier: Ledger doesn't have any key, no.

Matt Odell: So what are the shards encrypted with?

Pascal Gauthier: What are the shards…?  Everything is happening on device. 

NVK: It's just Shamir.

Matt Odell: But the whole point is breaking apart.

Pascal Gauthier: By the way, we're using Shamir.

Matt Odell: The whole point is if you lose the device, you can still recover?

Pascal Gauthier: Yes.

Matt Odell: So where is the secret that encrypts the three shards?

NVK: It's the shards combination.  So you need two out of the three shards, so essentially two parties need to collude.

Matt Odell: Oh, it's just Shamir's secret.

NVK: Yeah, but the problem is you now have three shards going over the wire to the third parties.

Matt Odell: Right, continue.

NVK: Listen, the point that I'm making is...

Pascal Gauthier: Through secure channels.

NVK: But my point is, there is implementation risk, always; it's all software, it's breakable.  Your device has been hacked before. 

Pascal Gauthier: First of all, it's not software, it's an operating system that sits in a secure enclave.

NVK: That's software.

Pascal Gauthier: Yeah, but it's different -- you see, terminology is very important because when you say it's software, for me, Trust Wallet for example, that's software.

NVK: Yes, it's garbage!

Pascal Gauthier: Yes, but that's very different from saying... 

NVK: I respect your technical team.  No, I understand, but I'm not talking to you, I'm talking to the audience.  And you know, I think there is a difference by saying "software" and saying "secure operating system in a secure enclave"; that's not the same thing.  What's happening now is a secure operating system in a secure enclave.  That's the problem, not the software.

Harry Sudock: Can I ask a dumber question?  I'm just a user, right?  At the end of the day, we mine bitcoin and we want to store that over time.  And what I'm hearing here is basically there's a technical conversation around the changing surface area of trade-offs, right?  And if we had to roll back the last 48 hours, are we fundamentally having a conversation around user knowledge management and marketing, or are we having a conversation around the technical implementation of a signing device?

Pascal Gauthier: That's a great question.  I think for me, it's fundamentally communication, education, explaining what we do, and do it in the right order, I guess, rather than the technical discussion.  Because the problem with the technical discussion, I mean, we could debate for -- I am not the right guy, again, I'm trying to say, and to the audience, I am not the tech guy at Ledger.  I'm the CEO and I'm Chief Executing Officer, so I execute the company, and I'm trying to take this business to become a much bigger business, not because we're greedy, but because we feel that self-custody is the way forward and this is how users will actually become free from the metrics.  So actually, our mission is to make all of this secure and easy to use and that's why we work. 

Technical people are Charles Guillemet, our CTO, that you know well; there's Nicolas Bacca, who is the inventor of this.  And if we want to debate the technical, deep technical aspect of this, they are the best guys to discuss this.

Peter McCormack: And we will do that, we will make that one happen.

Pascal Gauthier: Yes.  And so, apologies to everyone that thinks that sometimes I'm imprecise, etc.  I'm not a tech guy and should just want to put it out there.  So to me, it's just an education program, because the debate actually of what's the best technical implementation, open source, not open source, actually hurts self-custody as a whole.  In the end, my point is, you say Coinbase is garbage, you say Trust Wallet is garbage, but these guys combined have 10X the number of users that we have.  And so actually, my job is to make sure that these users come to safety and something that is better.  You say it's imperfect?  I say yes, but it's 20X better than what they're doing on Coinbase or Trust Wallet today.  And so that's my point.

Peter McCormack: So in terms of self-custody or custody, there has been traditionally an exchange like Coinbase, software wallets, which I don't particularly trust, a hardware wallet and multisig.  We're now starting to see new ideas that kind of plug in the gaps here.  There's a range of options now. 

Pascal Gauthier: Correct.

Peter McCormack: And most people do go based on trust.  They will look to Matt and say, "What do you think; what do you trust?"  They'll look to me and they say, "What do you trust?"  And it's where is the trust in these things?  In terms of this idea, it's a different one, and you've been following what's happening on Twitter.  What do you think are the real concerns; and what is the actual stuff that is nonsense?

NVK: So it goes back to this.  I mean, I make a device that's like, it takes certain kinds of trade-offs.  We don't have a Ledger Live, there's no shitcoins, it's just, it's very specific.  No, really, right?

Pascal Gauthier: There's no shitcoins!

NVK: I mean, it's funny because it changes, it changes how a device is made, right?  So for example, we have less code to review because we're not supporting all the shitcoin stuff; we can do things the Bitcoin way, so for example, we don't need Shamir, we can use the Bitcoin way of doing that, because Shamir is sort of coin-agnostic, let's put it this way.  So with the shitcoins, you add certain kinds of trade-offs and attack surface, when now you have this fully closed source, so now you have this trust thing; that's the trade-off.  They have a certification that for some people is a good thing, they want that.  Many enterprises can only get a wallet that has a certification, they don't want a COLDCARD, and that works.

But I think what's important here is for us to sort of, I think this was the big mistake that you guys did marketing-wise, this is not a product for half of your user base that got super-pissed because they don't want even that API there.  So maybe if you split the firmware and you have a firmware that has that, a firmware that doesn't have that --

Peter McCormack: Could you have done a specific device that would only have been this, like a Nano Ledger, whatever?

Pascal Gauthier: I'll come back to you on that.  Okay, so I'll give you the answer, and actually I'll make an announcement.

Peter McCormack: Oh, okay, here we go, we've got an exclusive!

NVK: I'm learning how to sell here!

Pascal Gauthier: So, where did Charles send this to me?  So when it comes to -- first, this is not our first rodeo.  So, every time that Ledger brought a new feature to market, every time we have this happening.  So, I don't know if you guys remember Bluetooth with the Nano X?  Wow, my God, that triggered so many discussions like, "Bluetooth is a new threat, new attack vector, new threat, etc".  Nothing happened, okay?  Nano X was 2018.  There is no hack on the Ledger through that Bluetooth feature.

NVK: That you know.  That's how it works, we just don't know.

Pascal Gauthier: No, no, but then when this happens, you know; because, if you get hacked, usually hackers --

Peter McCormack: We would know.

Pascal Gauthier: We would know.

Peter McCormack: It would be public.

Pascal Gauthier: It would be public.  You would have hacked it.

NVK: No, you don't know.

Pascal Gauthier: You would have known --

NVK: Criminals may be using the device.

Pascal Gauthier: No, no, you always end up with a responsible disclosure, etc, you know.  The victims will call us and be like, "Hey guys, all my funds have been wiped out".  If it's an easy attack, then suddenly you have tens of thousands of users with funds wiped out.  But you see, we shouldn't say things like, "You don't know".  Like, yes, we know.  And until you can prove me that otherwise, then we know that there was no attack.  Because otherwise, you make it sound like it's always possible, and so you insert fear into people, when actually for 99.99999% of the cases, it actually works. 

The thing with security is, it works today; the question is, is it going to work tomorrow?  There are new attackers, there's new ways to attack, etc, which is why security is an always evolving technology.  The technology that you have in your Nano X today is not similar to what you had in your Nano X three years ago, because we are constantly trying to make it harder to break and more secure.  And so we have the same thing with what you described like, "Let's do it Bitcoin only because it's more secure.  If you add shitcoins, it's another surface attack".  Okay, also that's not true.  I mean, we've never been hacked because there are shitcoins in, or what you call shitcoins.

NVK: But you make different design decisions.

Matt Odell: Shamir's is just a backup shitcoin, otherwise you could just made it multisig.

Pascal Gauthier: No, okay, but that's fair. 

Matt Odell: It's a trade-off. 

Pascal Gauthier: It's a trade-off.  However, if you look at the way that we support Bitcoin with Ledger, with Miniscript, I mean, we support Miniscript, Taproot, etc.  We have very good support for Bitcoin today, probably one of the best, maybe as good as you.  But then what I want to say is, all these features that are hardcore features are not used, nobody uses them. 

NVK: Your customers don't?

Pascal Gauthier: No.  Well, but we have -- okay, so who's complaining on Twitter?  Because I keep on hearing the community that uses, the hardcore Bitcoin guys, etc, they do use Trezor.  We have users that are probably not as sophisticated as yours, but they're quite sophisticated.  When we bring features, these features, they don't use it.  And by the way, you can see there are maybe two markets.  If your users are more sophisticated than ours, which is what you're saying, okay, but then this is the product for them, you see? 

NVK: Oh, absolutely.  I see you guys as my funnel, it's always been like this!

Pascal Gauthier: And you know what, I'm fine with that. 

NVK: It's great. 

Peter McCormack: I'm the same for Matt, I'm his funnel!

NVK: No, seriously, I see this happens to me.  Users either grow out of shitcoins or they want to start doing things or they have a bigger pile of bitcoin.  They'll come to us and say, "Hey, I used to have a Ledger.  I want now the solution that I can verify myself and all this stuff".  It's like, "Great".  "Where do I put my shitcoin?"  I'm like, "I can't help you.  You should stay with Ledger for that"!

Pascal Gauthier: No, and so you see, I mean for me, the beauty of self-custody is that in the end, you're free.  So, when people are complaining about Ledger, I think, "Okay, customer is king, so people should complain, okay?  And it's no problem, we're here for that".  So I just want to make that very clear, customer is king.  And so whatever customers say sort of goes, we have to understand what they're saying and then try to do better education, better communication, etc.  And when we fuck up, which is what we did when we leaked the data, we fucking apologised, we say nothing, and we try to fix the problem.  We're not saying, "Oh, we don't care".  Of course we care, we care actually very deeply. 

But the problem that is at stake right now, and this is why we should keep our eyes on what is the most important for the industry; what is the most important for the industry is to get 100 million users that are already in the space into the safety of self-custody, whether it's your product, my product, it's better than what they did today, it's 10X, 20X better than what they do today.  We're talking about the possibilities of Ledger being less secure, when actually most users are using products that are super-unsecure.  And so I think the debate should be how we move these guys to us.  And this is with these kinds of features that you can actually move the bigger number to self-custody, because it's not true that 100 million, 200 million, 300 million people would trust themselves with the 24 words and the private keys.

NVK: Are you concerned about centralising this amount of users with KYC data and the fact that possible collusion that, again, it's just technical possible collusion, is it a concern to you that now you have this big pile of --

Peter McCormack: It's a honeypot. 

NVK: Essentially you have a honeypot for privacy and for state actors to start sending you more letters because that's going to cost legally too.

Pascal Gauthier: I don't think it's a real concern and I'll tell you why.  Most users, 97% of users, bought their coins on an exchange. 

NVK: Yeah, Binance.

Pascal Gauthier: Most users at some point had to do a KYC linked to their coins and their private, public address, whatever.  And so actually, Bitcoin is not really good for people that want to hide, necessarily.  Sure, it's anonymous, but it's traceable.  And if I can trace you back to the exchange where you bought the coins, I mean any government agency can subpoena any exchange where you bought the coins to say, "I want to know who's that guy and I can trace all his funds movement after he bought Bitcoin on exchange and he sent them on Coinkite or your wallet", for example.  So actually, I don't think…

It's already the case.  400 million users, or a subset of that at least, a good subset of that, have already KYC'd themselves and attached their identity to their Bitcoin life.  95%, 99%, I mean the large majority of the population is doing KYC every day for every other service that they use in their current life.  So I think for the majority, it is not a real issue.

NVK: Do you think ideologically that's not a great thing?

Pascal Gauthier: No, but I think again, we always go back to trade-off.  First of all, you don't have to do it. 

NVK: No, no, absolutely.

Pascal Gauthier: Absolutely true.  It's a choice.  Now, if you feel that you have to do it because, yes, you have to share certain things, but then you know that you're guaranteed to see your 24 words back, and then you're not solely responsible for them, it's a good trade-off, it's a good service.  And again, the beauty of this, we were never in the idea that it would be for everyone, and customers online say, new customers don't want this.  A lot of customers actually want it, a lot of future customers want it, and most of the people that say, "I don't want to use a Ledger" are saying, "because I don't trust myself with the 24 words".  So actually, we're trying to solve one of the biggest pain points to onboard the next generation of users into self-custody, because you and I agree, and we all agree, that self-custody is much safer than any other form of custody that you have in the market. 

Peter McCormack: Is this a better product than an exchange?

NVK: I think better and worse are not the best ways of putting this kind of stuff; it's a different trade-off.

Peter McCormack: If you had those two options, if the two options in the market for you right now were an exchange or this product, where would you use, if they were your two options?

NVK: I would probably tell people to just pick a different product.

Peter McCormack: I'm just saying of these two options, I'm saying is it an improvement?

NVK: But that's not the market, right, the market has other options.  And again, they can use his product without this. 

Pascal Gauthier: So what is the third option; what would you choose then?

NVK: Well, I mean I prefer people putting on a phone wallet than

Pascal Gauthier: The phone one, like on a software wallet?

NVK: Yeah, I mean if this kind of user has like a couple thousand dollars' worth of Bitcoin.

Pascal Gauthier: Okay, but it's as good as gone if they put in the phone. 

NVK: Not necessarily.  I mean phone wallets are not amazing, no.  Do they have also trade-offs?  Yes.  But they're not sharing their KYC information with yet another third party. 

Peter McCormack: KYC and then seed theft are two different things.

Pascal Gauthier: Okay, I'm talking about seed extraction.  If you run a software wallet on your phone, okay, the seed extraction is super-easy.  So actually, whether you have $50, $1,000 or more, your money is as good as gone.  Now you say there's no KYC, okay, but that's a different problem.  The problem number one is seed extraction, okay?  And now you cannot tell users that actually you believe that a software wallet on the phone is a better trade-off.

NVK: I don't know, I feel like KYC risk of KYC data being leaked is more expensive and worse than losing $2,000 on my phone.  It's just a trade-off.

Peter McCormack: I, as a more normal person, I'm going to say something that's going to piss Matt off.  I think it doesn't matter what you do or what you say, I think KYC is something that people have become completely used to in the world and accepting of, and trying to get them away from that is very difficult.  Getting them to really care about it is really, really hard.

NVK: No, but that's why our duty is to come up with better, smarter things that are hopefully easy that don't use KYC. 

Peter McCormack: Of course, I agree.

NVK: For example, you guys don't need KYC, you could just give the user some other password or something else that they have to just remember, or do.

Peter McCormack: But you've created the same problem; it's a password they have to remember.

NVK: No, but it's not 24 words anymore.

Pascal Gauthier: No, look, we thought hard about that problem, actually.  You know, KYC is the only way that you can retrieve your shards.  But okay, again, I think we have to be very precise when we say things.  Because now you make it sound like, "Oh, it's very easy for anyone to subpoena"; it's actually a very hard process.  By the way, the different entities that keep the different charts are in three different jurisdictions.  So actually, if you're in a country and the French authorities say, okay -- we have no real control over our partners to say you have to comply because they're in other jurisdictions. 

Peter McCormack: Are they all EU? 

Pascal Gauthier: No, there's EU, UK and US.

NVK: Who keeps the picture of the driver's license?

Pascal Gauthier: Oh, this is on Onfido and Tessi.  We have two partners that actually do that, but these guys do KYC for a living with the same -- I mean, the people that are going to use this product have probably done KYC with Onfido already for many other products or projects.

NVK: Isn't it an issue now that you have the KYC plus the Bitcoin together?  See, because just losing the KYC, it's a problem, it sucks, but you don't lose the Bitcoin.  Now you have the KYC plus the coins by the same solution. 

Pascal Gauthier: Look, when people are on Ethereum, they have these addresses like pascal.eth, where if I click on it, I can see everything that you have. 

Matt Odell: That's horrible, yeah.

Pascal Gauthier: But you know what I mean.

Harry Sudock: We've already opted out of that trade-off with our Bitcoin centrism!

Pascal Gauthier: But again, look, if for you, your privacy is of the utmost importance, please do not use that product, for sure.

Harry Sudock: But I think when we think of the topology of risks that's out there for us as users, me as user, what is Ledger's relationship like with the sharding companies that are providing that service?  Because I think it's helpful that they're in different jurisdictions and that may protect a direct subpoena to those companies, but not necessarily protect from a direct subpoena to Ledger where, depending on the service relationship you have with those vendors, a direct subpoena to Ledger around those key access points.  I've read too much terms-of-service paperwork to not be terrified of what gets baked in to that boilerplate.

Pascal Gauthier: So first, these companies are not slave to Ledger.  We just have a commercial agreement.

Harry Sudock: But exactly, but that's governed by the jurisdiction that you operate in, and then that's subject to the relationship you have with them.

Pascal Gauthier: No, but they're not slave to Ledger in the sense that it's not because Ledger is supposed to comply to something that comes to us, that they have to do the same.  They obey their own rules and regulation, own risk, etc.  And so therefore --

Harry Sudock: And the contract that you've signed with them.  So for instance, would Ledger --

Pascal Gauthier: They don't have to comply to anything if they feel that it's not in their jurisdiction, for example.

Harry Sudock:  So, would Ledger, for instance, be willing to open source the service agreements they have with the providers around those?

Pascal Gauthier: Oh yeah, I think that's perfectly fine.  You know, again, on these things, we're treating this as if this was a new problem.  This is not a new problem.  Most users that do crypto today have already done a KYC, and their identity is already linked to their crypto.  So now, we're trying to solve a real problem, which is what do you do with the 24 words, etc.  And so again, it comes with trade-offs, etc, but we don't create a database that doesn't exist yet.  Most people that would use that service have already KYC'd themselves with Coinbase, with Binance, with various exchanges.

Harry Sudock: The association between the keys and that database line item is new.

Pascal Gauthier: Not necessarily, because if you -- no, actually not.  If you KYC yourself with an exchange, then your public address and your KYC and the exchange are necessarily linked.

Harry Sudock:  Of course, but what I'm saying is that, great, so we've got the linkage point between my KYC information and Coinbase.  And then I've now withdrawn from Coinbase.

Pascal Gauthier: Right.  So your KYC still remains.

Harry Sudock: Absolutely, but what we don't have at that point is an association between a seizure point and Coinbase and my KYC.  And so when I think about the exposure --

Pascal Gauthier: What do you mean by a seizure point?

Harry Sudock: If Coinbase gets subpoenaed and there is an asset forfeiture of some kind that gets enacted upon me, Coinbase has potentially a legal obligation to send over those funds.  So, imagine Ross Ulbricht is sitting with all of his Bitcoin on Coinbase and then he gets no-knocked and now there's asset forfeiture as part of the legal proceedings around his crime. 

Pascal Gauthier: But this cannot happen in our case.

Harry Sudock: Why?

Pascal Gauthier: Well, because you remain in charge of your funds.  So it's not because you're encrypted and sharded your seed that suddenly people can do anything with it.  So in the case of a subpoena to say, "Okay, we want that guy", and they come to us.  Usually when these things happen, you're aware of it, and you still have your device.  You can still have your 24 words with you, by the way.  Like this is not either/or.  You can keep your 24 words and encrypt them and shard them, or you can just destroy the 24 words and shard them.  The best thing, I think, would be to keep the 24 words very safely somewhere and also shard them as a backup, but you can decide what's best for you actually.  But we cannot freeze funds, you understand?  We cannot freeze your funds.

Harry Sudock: So help me understand that, because I think this is, at least for me, the critical piece to understand most clearly.  The only way for me to get my -- let's say I lose it and I want to get my 24 words back.  How does that work across the three vendors that you guys have contracted with to get my 24 words back?

Pascal Gauthier: So to get your 24 words back, you re-KYC yourself, you present your identity, and that triggers a cryptographic process that brings back the shards onto your device. 

Harry Sudock: Great.  So now, the Department of Justice calls you and says, "We are charging so-and-so with X, Y, and Z.  Get two of your vendors to send us the Bitcoin keys". 

Matt Odell: Yeah, I mean, you need all three.

Peter McCormack: No, you need two of three.

Matt Odell: Oh, shit, So you only need two people --

Pascal Gauthier: They can ask us, and then we can ask our partners, and our partners can say no.  So that's the first thing.  And usually they ask, because I discussed this with my lawyers, what is realistic in that scenario?  Because if we say it like that, we make it sound like it's very easy for any government to subpoena anyone for any reason, etc.  It's not true.  They can't subpoena, it's not true.

NVK: So I was in Canada, lived there.  We just had this insanity that happened during COVID.  Out of no-fucking-where --

Pascal Gauthier: And we shipped devices, actually.

NVK: -- the country just decided --

Pascal Gauthier: Through Peter.

NVK: No, but seriously, the country just decided that like, let's just suspend civil liberties here and freeze people's bank accounts and do whatever the fuck we want.  So it does happen. 

Pascal Gauthier: I mean, I'm okay with that.  I agree with you, I don't disagree.  I'm not trying to be difficult, but I'm saying if I live in Canada, okay, there is a fair concern that --

NVK: Macron and Trudeau love each other!

Pascal Gauthier: I follow you here.  So, if you feel that's a real possibility, I would actually say, "Do not use the product". 

Harry Sudock: So wait, Peter, hold on, because this to me is the crux of it.  It's like, there's net new surface area.  So basically, we're off-boarding loss of key risk and on-boarding state actor risk, basically.

Pascal Gauthier: Correct.

Peter McCormack: That's the trade-off.

Harry Sudock: And I think that that's a very reasonable trade-off to have available to people, in many cases, that may work for them.  It would not work for me and that's okay.  But I think this, and when we sort of fall down the Twitter hellscape, which we all live in, that for me is the biggest risk.  And we're going to have this podcast out there, which is great, but being able to say, "Look, you're off-boarding this risk, you're on-boarding that risk, these are the sets of trade-offs that live here, we're never pushing the update to you, it's not getting baked into your next upgrades". 

So being able to have sort of this more dynamic trade-off discussion I think is incredibly valuable, but secondarily, from a user's perspective, being able to be sort of clearly in control of what set of --whether it's the OS or wherever that sits, being able to have a high degree of control around what OS is sitting next to my sign-in capabilities and knowing what that is, because I've updated my iPhone irresponsibly early when that new push comes.  And so we've been conditioned --

NVK: You put YouTube music on your phone without asking.

Harry Sudock: Exactly.

Peter McCormack: That is a crime!

NVK: That is a crime.

Peter McCormack: Okay, look, I'm conscious of Pascal --

Pascal Gauthier: So I agree with what you're saying, and I think this is fair, but this is a good discussion.  There are trade-offs, there are things that you shouldn't do in certain situations, other things that will make people more comfortable.  I've got many friends that are in many cities, etc, and this is an easy trade-off for them because they don't think the government is going to come after them for many reasons, etc.  They say, "Look, the 24 words, I prefer if someone keep it for me in a safe way, etc, but only me has access".  So you're right, it's a trade-off. 

Coming back to the story of Ledger, every time we bring in a feature, it creates this kind of dynamic, which I think is really good in a way.  I mean, it sucks when it happens, and I prefer if we didn't do mistakes like we did, etc, in terms of communication, but in the end, whether there was a mistake in communication or not, that conversation would have happened, and it would have been as good or bad, in the sense that people would have had real concerns, and all these concerns are real.  So it's our job to talk about it, educate, present the trade-offs, present the different products in the market.  People were like, "Oh, Pascal, you're so arrogant".  I'm like, "Well, I'm French, so what are you talking about?!"  But also I said, "If you don't like what we're doing, please go to Trezor; I mean I'm fine with that too".

NVK: Which one?

Matt Odell: No, his product's COLDCARD.

Pascal Gauthier: COLDCARD, but I said Trezor online, that was my tweet.  People were like, "Oh well, he's telling us to go to Trezor".  I'm like, "Actually, I want people to be free".  And this is the power of self-custody.  You can take your private keys and go to another product, another service, if you feel more comfortable with it.  And I think ultimately, this is what self-custody is, and this is why people are free, versus very difficult to move your funds from one exchange to the other, etc.  They make it difficult, they want to trap you into a system where it's actually very easy to take a COLDCARD and to enter your entropy into it, and voila, done with Ledger.

Peter McCormack: The question I really had for you, I've had obviously a lot of emails over the last few days, DMs, and we also had an event last night, and the main thing people are asking is, "Do you still trust Ledger; are you still going to use them; and, are you going to keep them as a sponsor?"  And they're all valid questions.

NVK: You have a history of bad sponsors!

Pascal Gauthier: Let's go back to the discussion!

NVK: I'm trying to save you here!

Peter McCormack: We can do that when Pascal's gone!  But the point being is, I still think, if you don't release this as the Ledger Nano Vault as one independent product, completely separate, I could have said, "I'm staying with my Nano S, it's fine, but that's a specific product just for that".  Did you not consider that?

Pascal Gauthier: Well, actually Charles was even telling me, "Let's do a Bitcoin-only wallet --" 

NVK: I mean, don't, because you'll lose customers!

Pascal Gauthier: "-- and then go after these guys"!  So maybe we'll do that.  But so, we're doing it again for security concerns and the job that we're trying to do, and even when we work with Coinkite and COLDCARD and all the other players in the space, and CZ has been horrible actually into all of this, and he keeps on dunking on us, etc, and I think he's creating unnecessary FUD, and the only reason is because we broke Trust Wallet recently and we helped them fix it; we helped Trust Wallet and Binance avoid one of the biggest hacks of the history of crypto.  And the way that he thanks us is by dunking on us with actually no real content.

Matt Odell: I mean, wallets dunking on wallets is just part of the...

Pascal Gauthier: Yeah, but that's just bad.  I think that's bad.  I think we need to mature because otherwise, everybody's looking at us and being like, "You guys are just kids".  If everybody keeps on dunking on everybody... 

So, the reason why we break other wallets, we break our wallets, etc, is not because we're assholes or we find it's fun; it's because we want to raise the bar of security for the whole industry.  And so, when we break a wallet that is not ours, then there is a responsible disclosure process.  We help people fix security, get better security, and end up with a better product.

NVK: The marketing department does take a little bit of a liberty with those releases.

Pascal Gauthier: We want to assess --

NVK: They love to amplify!

Pascal Gauthier: Let me tell you why, I mean there's no secret.  We want to assess security dominance, we want people to recognise Ledger for the work that we're doing and to look at the Donjon as a force in the space, and the Donjon is a force in the space.  We have great hackers that have done great things and saved a lot of people fixing products.

Peter McCormack: Matt?

Matt Odell: I mean, Ledger Donjon, it's great.  All the work you guys do in terms of pen testing all these different key storage mechanisms, and then responsibly disclosing it and writing it up, the write-ups are fantastic, and you did save a ton of money in terms of Trust Wallet.  I mean, I think you guys discovered it within three days and reported it to them and responsibly disclosed it, and that was all handled really professionally. 

I think Harry made a good point, I think NVK kind of made the same point, which is that it's really important for users to understand trade-offs.  I think where we're going in Bitcoin and freedom tech more generally is this idea that users are going to have many options and they should be able to choose which options they want and options are good, but they need to be very aware of trade-offs.  And I think all of this said, this whole conversation, the biggest realisation for a lot of people, which I know I've been personally talking about for years, is this idea that if you use a closed source hardware wallet, you have to trust that updates are not malicious.  And I know you didn't like the wording of the tweet that was sent out, and I'm not trying to be an asshole, but it was true. 

At the end of the day, if people are updating on Ledger, they have to trust you that the update's not malicious.  And I think that's an important trade-off for people to realise if they're going to make an educated decision.  Do you not disagree? 

Pascal Gauthier: It reminds me of a book from Ionesco, what is it called, The Rhinoceros.  I don't think it's a real fair concern because again, time tells.  So when you work in security, there is a big bang on MPC, multi-party computation.

NVK: That's how you do shitcoin security, because it's like, for me, Bitcoin, it's different cryptography primitives, right?  So you use MPC because then it's essentially shitcoin agnostic, you know, you can support all the shitcoins. 

Pascal Gauthier: So for me, the point I'm making, so I don't necessarily disagree with what you're saying.  There is an element of trust that you have to give to sort of different players, etc.  And even when you use your product, for example, of course it's been battle-tested, etc, but things evolve in time.  And so what's true today is not necessarily true tomorrow, etc, so you can't then trust anything because you could also argue -- the argument, I could replay it back to say, yes, but you cannot trust anything and anyone because what is certain today is not certain tomorrow, and so therefore, you can't trust anything.  And so therefore, well, you can't even do Bitcoin. 

Matt Odell: That's not fair.

NVK: We don't have to be dead reductionists.  I think we all would agree here, and I think this is important, that I think we all need to tame marketing departments a little bit so that users have a very honest, very, very honest, sometimes to the expense of some sales, explanation of trade-offs.  Honestly, this is one of the best things that Bitcoin has, this space has, is this, because if we don't, if you don't, then people are going to pound the fuck out of you on Twitter.  It's not good for your company. 

Pascal Gauthier: I don't think so. 

NVK: If you guys had just made it a little bit more clear, and of course the marketing.

Pascal Gauthier: No, but we're the fuck up, I agree.

NVK: Yeah, exactly.  But you would have been a lot more palatable and people would understand and they would understand your new risk and then they would make a decision.

Pascal Gauthier: I agree with the fuck up and I agree with education, etc.  By the way, our educational content right now is on par with Coinbase, Binance, etc, so we have actually spent tons.  Most of the marketing budget that we have is actually on education.  And so we can't take a fuck up in communication and make it the rule for Ledger.  The rule for Ledger is we educate as much as we can and we try to onboard as many users as we can into self-custody.  So are we perfect?  No, but nobody is.  And, are we thriving for perfection?  Yes, we try, like but it's hard.  And by the way, is this shit hard?  It's very hard. 

NVK: Tell me about it!

Pascal Gauthier: The problems that we're trying to solve are very, very hard, they are hard problems.  You try to be decentralised, you try to have no identity, I mean all these things, it's problems that have never been figured out before and we are the forefront of all of this.  It is very new, and so far the good news is most of our companies have actually been right.  When Celsius happened, BlockFi happened, and then I'm going to go, and so I'm going to leave you with that discussion.  When FTX happened, who do people go to?  They go to the safety of self-custody Ledger and you've probably seen a spike in your sales also when this happened.

NVK: I mean, you gave me 30X sales yesterday and the day before.

Pascal Gauthier: Okay, wonderful.

NVK: No, I mean but I don't want sales to happen like that.

Peter McCormack: Liar!

NVK: No, I'll take it, but it's not like -- you see, this is the problem with this industry.  It's like, all this shit just makes less people come in. 

Peter McCormack: That's fair.

Well, I think that the problem that we see and the backlash on Twitter, like you saw 30X, we didn't see anything; our sales were the same yesterday, today, etc.  And so, and by the way, in the past, we didn't see anything.  Even when we had the data breach, which was a fuck up, and where we were very apologetic and that was a problem.  Today is not a problem; back then was a problem.  Also, we didn't see any glitch in our sales.  And actually, you know what happened?  When we did a survey, we asked people that didn't know crypto, "Hey, have you heard about Ledger data breach?"  Nobody knew about Ledger, nobody knew about crypto, nobody knew about the data breach. 

Then you have the subset of people that are in crypto, "Have you heard about the Ledger data breach?"  99.9% of the people have never heard of Ledger or the data breach, and so we're like, "Fuck, nobody knows self-custody".  And then when you ask Ledger users, even Ledger users, most users didn't know about the data breach, didn't know about nothing.  So I think we shouldn't treat also Twitter and Reddit as if this was the world.  There is a misconception, actually.  I've in this business since 2014, I've always heard about the community, "The community is upset", etc.  Actually, crypto is a subset of community.  So (a) there is no such thing as the community, and (b) even if you talk about the Bitcoin community, the Bitcoin community is --

NVK: Can I ask you something, sorry, because I know you're leaving?  I just want to clear this one out.  And I asked you this on Twitter, so I won't ask again, but so people hear.

Pascal Gauthier: You reply on Twitter?

NVK: Yes.  BSV, do you support the subcommunity? 

Pascal Gauthier: No.

NVK: No, because some marketing person fucking put it there.

Pascal Gauthier: Well, these marketing tools, they build content on the fly.

NVK: This is the line that we all don't cross is, "Fuck Craig Wright".

Peter McCormack: I mean, I'm still in active litigation!  Five years in, I have no comment! 

Pascal Gauthier: No like for us, it's not even fuck anyone, it's just there are certain characteristics that we're not comfortable with in terms of security, and for me, I draw the line at security; is it secure, not secure, etc.  Ledger will never do anything where we don't feel it's security first and 100% secure.  We are the business where any fuck up then costs the company.

Peter McCormack: You're done, basically.

Pascal Gauthier: Done.  In the end I'm very pleased that you invited me in this podcast again.  I appreciate the work.  I appreciate all the pushbacks, honestly.  This is a good discussion and this is where the industry is maturing and there are good points that I made.  Nothing is perfect.  What we're trying to do is very, very difficult.  The one thing that I regret is players like CZ having a fucking fist on this where they should actually be leading and be calming everybody down and actually doing the right education.  Because when you go online, you, you do the right education, you say things that are true, you say things that are coming from a professional that understand security. 

There are some people that go online, have no idea of security, etc, and just spread the FUD, and that's fucking terrible.  And by the way, we had a lot of backup from the industry of people explaining what this is.  They're like, "Okay, these are the trade-offs", which is a fair and fine discussion.  What's not cool is to create unnecessary fear on something that is not even real.

Matt Odell: We can agree that CZ can go fuck himself.

NVK: Yeah, I think that's also another point.

Pascal Gauthier: Well, actually, I'd like to do business with Binance, so you know, CZ, please stop doing what you're doing and let's have a beer, okay?

Peter McCormack: Pascal, thank you.

Pascal Gauthier: Thank you, guys.

Peter McCormack: Appreciate that.

Pascal Gauthier: Appreciate it, thank you.