@@ 0,0 1,115 @@
#+TITLE: On Freedom, Crypto and Return Policies
#+DATE: <2022-01-07 Fri>
So after Christmas I decided to buy myself something nice. I thought about a buying a new home server. But because ideally I'd be moving to the Netherlands for university soon, I decided that it would be best to get something small and portable instead. After much pondering I settled on buying a crypto wallet. I could use it eventually to get into trading but also to replace my current janky GPG setup. Most hardware wallets support OpenPGP in some shape or form. My choices, as far as I could tell were: Trezor T, Ledger Nano S/X and that's about it.
* Ledger Nano S/X
Both are great devices, except that the Nano S has this tiny flaw of not having enough memory to install multiple apps at the same time. It can be worked around by constantly installing and removing apps (you won't use your crypto), but that has a few disadvantages:
- *cumbersome* - do you really want to shuffle apps around constantly?
- *wears out flash* - unnecessarily abusing the flash is a bad idea, especially since it's even less durable than normal flash
- *some apps might not even fit* - I can't verify this one, but I've read somewhere that some bigger apps might not even fit. And I don't mean like installing Bitcoin and Ada, but just installing Bitcoin by itself might not fit. That's bad
So after not-so-careful consideration I removed the Nano S from my list. Easy, one down, now's the final round.
* Trezor T
Very good device, open source hardware and software, well supported. Some things I don't like are the form-factor, I prefer Ledger's USB stick like design, it stands out less.
I really liked the idea of Bluetooth on the Ledger Nano X. I know some might be scared of the security of Bluetooth, but what makes hardware wallets like the Ledger secure is that they consider everything outside their cases to be a threat. If you wanna make a transaction you gotta first check the value and receiving account on the device itself, then you must confirm the transaction on the device. Therefore I consider Bluetooth security a mute point as even if everything was plaintext, the attacker could at most get a readonly view of what I see on my computer.
This is one of the reasons that made me lean towards the Ledger Nano X.
I like the Ledger's screen a lot. It's small, black and white and very readable. Just perfect. On the other hand the Trezor T has this big colorful thing that's frankly overkill. My laptop has a colorful screen, my wallet doesn't need it.
The Trezor T is around 200€ and the Ledger Nano X was 120€ when I bought it. It's gone a bit up now, not that it matters to whether you should buy it though. 80€ might not seem like much for having fully open source hardware and software, but you must consider that I bought this primarily for GPG and not crypto, at least for now.
All in all, the Trezor T is a damn good device, but it also had to go from my list unfortunately.
That leaves the Nano X as the winner. Yay! for the Nano X.
* Ledger Nano X
After opening the box I was mighty impressed. It looked good, had no manufacturing defects. I checked out the UI quickly, it felt snappy, navigatable and sleek. Very good first impressions. I went ahead and installed the Ledger Live Deskop program and even though it's React Native it felt very snappy and light, once again I was impressed. I went to install Bitcoin, Ada and OpenPGP on my Ledger. OwO whats this? There are 3 OpenPGP apps? Luckily I've done my research and knew, at least partially about what each did and how they were different. There are 3 apps, two of them are basically the same. I'll split them into ~smartcard emulators~ and ~weird things~.
** SmartCard Emulators
A smart card is a fascinating thing really. Back in the days of old, you'd use a smart card, a literal card shaped thingie as the storage for your keys or what have you. They were not restricted to OpenPGP though and so called OpenPGP smart cards are merely but one kind of card, hell even NFC tags can be interfaced with like smart cards.
This is exactly what the first 2 apps emulated on the Ledger Nano X. It reported itself as a card reader with 1 or 3 card slots (that's why 2 apps, the first one had only one slot, while the "XL" version had 3). You could then write to those cards using OpenPGP, in total 4 keys: Authorize, Sign, Encrypt + a symmetric key. I've no idea what the last was for, but you don't have to use that key if you don't want to. So in total it could store and perform cryptography with 12 keys. This is exactly the same thing that a Yubikey does, it also just emulates a smart card.
Theoretically this exactly what I want, we'll get into why reality had different plans a bit later.
** Weird Things
The other app available acted as a non-standard USB device that someone pulled the protocol for out of their ass. In order to make it work you need a special program on your computer, which replaces the GPG daemon. You still use the ~gpg~ command, you're just not talking to the real GPG daemon but some [[https://github.com/romanz/trezor-agent][Python monstrosity]].
There are two other problems which disqualified this way completely. As of now, you can't upload your own key to the app. What? What? What? The recommended way is to generate keys on the devices and then sign them with your master key. You also can't get the keys out and deriving them from the master key of the Ledger itself is experimental. So that 24 word sheet you have as the backup of your Ledger? Useless.
*** 24 Word Backup
I forgot to metion this, but during initial setup you are given 24 English words which directly map to your master key from which everything(except OpenPGP (: ) is derived from. That way if you lose or destroy your Ledger you only need the sheet you (hopefully) wrote them down on and a new device. It's a weak point, yes, but a necessary backup.
*** GPG Replacement
Also, replacing your GPG daemon with this weirdness means that you can't really have multiple different devices with different keys or some keys just on your computer and not on the Ledger. In order to switch back to the real GPG daemon you'd have to do ~pkill ledger-agent && gpg-agent --daemon~. Unacceptable in my eyes.
** First Problems
Smart card emulation is exactly what I want. But.. it doesn't work, the app hasn't been updated for a very long time and it doesn't even build with the latest SDK. I had to duct-tape it together with my mediocre C skills to make it compile. I eventually did and I had a ~openpgp.bin~ on my hands. Now came the presumably easy part, flashing it onto my Ledger. It's my device so I should be able to flash it whenever I please. Very wrong assumption.
I soon learned that I can't flash it, only sideload it. I was a bit disappointed but I just calmed myself and read on. And what do you know, sideloading is *not* supported on the Nano X only the Nano S. Amazing! Not only won't Ledger fix their own fucking app, but when I decide to do the work for these idiots I can't even test what I've produced. But, I still wanted this whole Ledger thing to work out, because the prospect of Bluetooth and such a practical form factor was really damn appealing. My next pit stop was the [[https://github.com/LedgerHQ/speculos][speculos]] emulator.
Theoretically how it works is that you take the binary file you got as the result of compilation and then just emulate the Ledger. Easy right? Once again, wrong! Reality is that compiling the beast is almost impossible because what do you know, the build script fetches dependencies from the internet. One of the few cardinal sins I believe in. I eventually gave up on compiling it, went for the Docker container instead, I saw they had a ~Dockerfile~ in the root of the repository. So I assumed there had to be an image somewhere and unsurprisingly there was one on [[https://hub.docker.com/][Docker Hub]]. Took me a while to find, because it wasn't linked anywhere so I had to go digging for it.
I downloaded it and it started up. But that's all it did. As the version I got didn't support the version of SDK I used. Interestingly alongside the binary file an ~.elf~ was generated, so I wonder why I got an ugly ~Couldn't emulate syscall~ instead of a nice ~SDK unsupported~ error. Fun.
I then tried to build my own image, as surely it must build right? Try to see what's wrong with this Docker compose.
- "1234:1234" # gdb
- "5000:5000" # api
- "40000:40000" # apdu
- "41000:41000" # vnc
command: "--model nanos ./apps/btc.elf --sdk 2.0 --seed secret --display headless --apdu-port 40000 --vnc-port 41000"
# Add `--vnc-password "<password>"` for macos users to use built-in vnc client.
Did you spot it? It's the ~build: . , image: ledgerhq/speculos~ part. It's as if they don't want people to know that the image in fact *does NOT build at all*. At this point I had enough, I spent a whole day on this piece of steaming garbage and I got exactly nowhere. I even opened and promptly closed [[https://github.com/LedgerHQ/openpgp-card-app/issues/72][this]] fun and wholesome issue.
* Return Policies
Return policies are wonderful, especially when they're mandatory like here in Slovakia. I don't think many people abuse the 14 day window where you can return any non-consumable product no questions asked. I love it. I got my 120€ back without any fuss. What I'll never get back is the wasted time and steam that rushed out of my every orifice when I raged over that useless piece of plastic. Goodbye Ledger, see you in hell.
I do *NOT* recommend buying anything from Ledger ever. Period. My experience is probably not common, I imagine that many people who just want to own some Bitcoin are very happy with their Ledgers. But having seen the worse part of Ledger, I could no longer recommend it with a clean conscience. Get a Trezor or wait till I conjure something up.
Do not buy a Ledger, X, S or whatever device they come up with. The emulator is a mess, you can't flash your own device. The Nano X can't even be sideloaded. Compiling anything is a royal pain in the arse and the docs are poor. I managed to learn what I needed by reading ~Makefiles~, I've become proficient at it, but it's still wrong. Get a Trezor T instead. Or build your own, or wait till I conjure up something.
How is it acceptable, that I bought a device with my own damn money and I can't flash stuff on to it. Security yada yada. But it *must* be my choice whether I want to put my money at risk. If I decide to flash my wallet, I must be allowed to do so. It is my right to do it. And no one, should be able to take that right away from me. Therefore, fuck Ledger.