PowerKee’s “Bastion of Privacy” #10
In a world of centralized systems, decentralization has been a breath of fresh air. Among other things, centralized systems have a poor track record regarding privacy and data security. There are many examples of data breaches and security exploits that end up exposing troves of personal data.
The Ledger hack is just one reminder, albeit a costly one, of why most people in crypto value decentralization. In this week’s “Bastion of Privacy”, we cover the Ledger data breach and some op sec strategies you can follow to keep your assets safe.
The Ledger Data Breach: A Quick Summary
Most you have probably heard of the Ledger data breach, and some might have been affected by it. It’s fair to say that the way Ledger initially handled the breach is questionable as is their decision to hold of the data in the first place. Under GDPR, they have a legal requirement to store some data. However, some data was stored purely for marketing purposes while Ledger kept other information longer than is required for regulatory purposes.
The breach happened in late June, and at the time of the incident, the Ledger team reported that only 9,500 users were affected. That ended up being a gross understatement when it was revealed that emails of 1 million customers were leaked. Moreover, personal information like home addresses and phone numbers for 272,000 Ledger users were exposed on the dark web.
There’s no reason to rehash the details. Nevertheless, it’s important to learn from this experience. Firstly, Ledger is working on changing the ways it’s storing data. Ledger intends to keep personal information for the minimum amount of time required by regulators and move the data into a further segregated environment that can’t be accessed from the internet. Ledger is working with its e-commerce partners to delete customer data.
A Few Op Sec Tips & Tricks
Here are some op sec measures that might help you to secure your data and crypto assets. For example, you can add a second back up to your Ledger device. If you do, you will have two recovery phrases. One will allow you to access and unlock the regular set of accounts. But the second one will generate a new seed which will give you access to the secondary group of accounts with different private keys and addresses.
We also strongly support some tactics shared by Meltem Demirors, Chief Strategy Officer at CoinShares. She suggests generating a new random email address for every e-commerce site, using apps to create fake phone numbers or having a second phone strictly for 2FA, and using a PO box or a mail forwarding service.
And, of course, using privacy networks and privacy coins is one of the best ways to maintain privacy of your transactions. PowerKee is building an entire privacy ecosystem that makes privacy easy for users. The ecosystem includes a peer-to-peer decentralized exchange for converting between fiat currency and privacy coins, decentralized governance, and comprehensive privacy assurances.
Practice Good Op Sec in 2021
We expect privacy to be high on our communal crypto agenda this year. Events like the Ledger data breach highlight the importance of decentralization and teach us to do our own research when it comes to privacy op sec.
Try following some of the practices outlined above in 2021. Whether using a burner phone for 2FA or setting up a second backup for your Ledger, any effort towards greater privacy is worth making. Using a privacy network, like PowerKee, is another great way to keep your information private and maintain your anonymity on the web.
GitHub Update
As promised to our community, we’re revealing more and more GitHub Insights. As previously explained, we’re in the test-net and finishing our windows wallet at the moment.
The whole team works super hard to make our privacy eco-system a reality.
Stay tuned!
About PowerKee
PowerKee is a cryptocurrency network that makes privacy easy. Users can transact cheaply and instantly while maintaining anonymity. The PowerKee protocol uses a mixture of zero-knowledge proofs and coin mixing to provide strong privacy assurances to its users.
