Comments (13)
We could have a specific mode of the app that never keep the accounts. A new advanced settings basically. Accounts stay in memory but are not persisted on disk. Meaning you always would need to import accounts again each time.
Only settings would get saved so we can actually know onboarding was passed, etc..
from ledger-live-desktop.
@tvarsis 's solution is how I was expecting it to work out of the box. Very disappointed and confused regarding the current implementation. As it is now, there is just way too many manual steps needed to be taken.
from ledger-live-desktop.
Right now, the practical solution is to import a passphrase protected account, view it, do transactions if needed, and then delete it.
Click on the account, then on the wrench icon:
You can then safely remove the account from the Ledger Live app:
from ledger-live-desktop.
This issue is 3 years old. Is there any progress on it?
In my point of view, Ledger Live should load the accounts from Nano when the Nano is unlocked with the matching pin. So if I unlock it with pin 1, it will load the accounts related to pin 1. If I load it with pin 2, then those accounts will be loaded. Starting Ledger Live should show no accounts at all unless an unlocked Nano is connected to it. This is in my opinion the only reasonable (and expected) way it should work for plausible deniability, and will also provide the best user experience. Should also be pretty straight forward to implement with no need of external databases or secondary passwords etc. Just use/show the accounts that are currently unlocked on the connected Nano, that's it.
from ledger-live-desktop.
gre this is exactly the Idea I was trying to support when the plausible deniability was debated on reddit.
I don't really see drawbacks to it beside:
-
cluttering the interface (should be somewhat hidden in advanced options)
-
The time to import account each time (I have no idea if it is comparable or much slower than what was done with the chrome app)
from ledger-live-desktop.
@tookdrums it will be faster because under the hood, the libcore (C++ backend) have a cache and will get faster if you scan a second time.
from ledger-live-desktop.
Guys, I have a bigger concern here. How was Ledger Live able to read my 'plausible deniability' account on the first place? When I enter my default pin-code to connect my Ledger Nano to the Ledger Live; it should be completely isolated, decoupled, and unaware of the fact that I have a 'plausible deniability' account associated with it.
- What's the freaking point of having a 'plausible deniability' account if someone can see it by connecting my device to a Ledger LIve app?
- What is the point of having extra passphrase and another pin-code if the plausible deniability account is visible and accessible without them?
This is a fiasco.
from ledger-live-desktop.
@rrlamichhane I don't think it works that way. When you use the alternative pin or the temporary passphrase, you are essentially adding a 25th word to your seed, which means a completely different set of addresses are derived from the root key. If you import accounts from both pins (your main and plaussible deniability one), it's like importing from two devices and you should trigger the Oops, wrong device for ‘{{accountName}}’
error when trying to operate on one not derived from the seed in use.
If you only import from your main, or your plausible deniability one, the app doesn't know anything else.
Having this "non-persistent account importation" would allow you to have your "plausible deniability" ones imported, and import the main ones temporarily when you want to operate with them, or the other way around. Hope that makes sense.
from ledger-live-desktop.
An idea to address this would be a private mode when adding accounts:
- Add a checkmark in the add accounts flow to remove the account when closing the app.
- Add an icon in the accounts list / account page that indicates that the account is hidden/private
from ledger-live-desktop.
@gre Now that everyone remotely interested has our residential address, this issue should get a million billion times more priority.
At the very least make an implementation using multiple ledgers. e.g.:
- Mobile: Show different accounts (associated to different ledger(s)) based on pin / password . Pin/Password decrypts data. Find a way to plausibly deny that other 'real' accounts exist. E.g. always create 100 'instances' with random data, indistinguishable from encrypted data (a core characteristic of modern ciphers)
- Desktop: Like mobile, but also make ledger live portable, allow for multiple (USB thumbdrive) installs. (The workaround of creating multiple ledger live Operating System users is not sufficient.)
I know this may not be an easy problem to tackle, but the risk of home robbery had to be addressed at some point anyway. The hack just means it has to be done faster. Much faster.
from ledger-live-desktop.
+1
I would like to see a similiar Implementation as e.g. the KeePass Password Manager is working today.
Ledger Live itself does not store any User Data in its folders. Instead you can open a external Database File (Basically the SQLITE DB).
Call it Ledger Live Tresor/Vault/Database or something.
Each Database has its own Password which will be used to Decrypt it. Everything from the User is then stored in there. Accounts, Settings etc.
So Users can easily switch between multiple User Databases (e.g. Different Persons) and/or also between the Main and the Hidden Account.
BTW there is also a Discussion Issue for it:
from ledger-live-desktop.
Any progress with this? Any related discussions?
from ledger-live-desktop.
@timmolter Exactly.
The "practical solution" of reimporting a passphrase is not very practical when there are 30+ tokens in the wallet.
Putting the manual work aside, it might even be dangerous to forget to import some tokens because if you write what tokens should be imported in an external file, this obviously defeats the whole purpose of plausible deniability.
In fact, leaving the tokens with no password in one machine and using a virtual machine for the tokens with a passphrase is more practical than always reimporting the accounts.
from ledger-live-desktop.
Related Issues (20)
- Feature request support for Optimism and L2 Ethereum rollups
- XRP transaction log doesn't show account deletion transaction
- I'm being shown onboarding, even though I used this a month ago just fine? HOT 1
- 2.40.4 Black Screen on Fedora 36 Wayland HOT 2
- Cannot update Ledger Live AppImage
- Ledger Live not showing Tokemak price
- Cosmos on Ledger live HOT 6
- Error: "Sorry, Internet seems down"
- support libfuse3 (Ubuntu 22.04 LTS jammy)
- Segwit by itself should mean Native segwit.
- Saving operation history doesn't save to file HOT 1
- Solana delegated assets are ignored in portfolio HOT 1
- Fail to connect Firo Electrum to Ledger Live
- [Portfolio Display] Bitcoin missing after sending from ledger to same ledger (different accounts)? HOT 7
- Spam/Scam token on Polygon shows in desktop: SSX HOT 3
- Ledger Live 2.42.0 Bypasses password-entry? HOT 1
- COSMOS App IBC issue
- Allow rollback of a ledger app!
- sending bitcoin transaction is pending endlessly
- getVarint called with unexpected parameters when sending 2.43.1 version
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ledger-live-desktop.