Following a week-long controversy surrounding its new service for recovering seeds, French wallet maker Ledger is on a public relations offensive. This includes a Twitter Spaces Event on Tuesday afternoon with Ledger’s CEO Pascal Gauthier and an appearance by the executive on CoinDesk TV on Wednesday.

What is the message? Ledger is listening to its critics, and will make changes in its approach.

It makes everyone at Ledger sad when you shout at us. It’s okay, because we improve and will strive to always be good community servants,” Ledger CEO Pascal Gauthier told a Tweet Spaces session on Tuesday afternoon.

Ledger was criticized for the yelling after it announced its new key recovery service. Users will be able to store an encrypted copy of their wallets at three different custodians including Ledger. Many Ledger users and observers have questioned about the safety of this proposed service in regards to potential hacks, leaks of user data and abuse by Ledger.

What is Ledger’s new Bitcoin key recovery feature? Experts have doubts

Gauthier , a user, wrote that Ledger published on Tuesday a letter stating it had listened to its users and changed course. It will open source the Ledger Recover Code before launching the Service.

Ledger’s Recover feature will also include an additional security measure: the encrypted backup is stored by three custodians. However, the user can create a passphrase so that the custodians cannot move money without it, even if they collude to recover the private key.

Gauthier, in an interview on CoinDesk TV, Wednesday morning, said that nothing can be trusted 100% by the average user.

“There’s always a certain amount of trust you have to place in the hardware wallet you use. We are working to minimize the amount of operating system that needs to be trusted and to open up everything else, he explained.

Open-source software or not open-source software?

Open-sourcing the code was a response to critics who said that the code wasn’t public, making it impossible to audit Ledger’s new feature. The open-sourcing promise comes with a caveat, however: Ledger won’t publish code for its entire firmware due to security concerns, said the company CTO Charles Guillemet in a thread.

Guillemet wrote that the smartcard chip inside the Ledger wallet has built-in protections to prevent physical tampering. Because this is a manufacturer’s IP, they do not want it to be leaked. This prevents Ledger’s software from being open source.

Guillemet said that Ledger would “gradually” open-source most of its OS, starting with controversial Ledger Recover. “The other parts will require a bit more time as it will need to be refactored in order to abstract the chip specific characteristics under NDA.

Ledger’s cofounder Eric Larcheveque stated during the Twitter Spaces that the company does not consider open-source to be a “silver-bullet for security”. He added: “We chose closed-source because we thought it would bring a higher level security.”

Guillemet said that users must trust Ledger, the wallet maker, with their crypto, even if the code is open-sourced. Guillemet stated that users would be forced to assemble their devices themselves, which includes all of the physical components, the code, and the compilers that turn that code into apps. This is not an option, as Ledger hopes to attract “millions” of users in the next few years.

“Security theater”

Ledger chose not to create a new product entirely for users who were interested in key recovery functions. Instead, it made the upgrade an optional upgrade for existing wallets. Participants at the Twitter Spaces event suggested that this might be a way for Ledger to avoid the PR catastrophe it went through with the new feature.

Read more: David Z Morris: Ledger’s Hard Lesson – Being Right isn’t Enough

Ian Rogers, Ledger’s Chief Experience Officer, said that creating a new product to accommodate the new feature was “a security theatre.” “I could take a Ledger in a box with a name change but it would have the exact same type of potential threat vector.”

Ledger Recover’s most controversial feature is that existing wallets are upgradeable to the new version. Many observers pointed out that Ledger has always emphasized that private keys do not leave the device. Now it appears that these same devices, which are supposed to not reveal the private key to anyone outside the device, can actually broadcast the backup.

In a tweet sent on Monday, Ledger’s account added insult to injury by saying “it has always been possible to write software that facilitates key extract” which caused outrage. The tweet was deleted later.

Guillemet said that this shouldn’t be shocking, as it’s how Ledger operates: the operating system of the wallet must have access to the private key in order to interact with other blockchains and smart contract. The operating system must be upgradable, because blockchains are constantly updating and adding new features.

Guillemet explained that Ledger was surprised that users didn’t realize the possibility of private key handling being changed.

The Ghost of Subpoena

A controversial aspect of Ledger Recover, offered as a subscription-based service, is the requirement that users undergo Know-Your-Customer (KYC). A Twitter user named @Zk_shark questioned whether Ledger would readily comply with any government subpoenas requesting the data of Ledger Recover customers.

He brought up the case in 2018, where Coinbase provided data on 13,000 users to the IRS. The tax agency sent letters to 10,000 Coinbase users suggesting they may have not reported their crypto-related taxes correctly. The IRS didn’t disclose the source of users’ data.

Gauthier responded that if this is something you are afraid of, then don’t use Ledger Recovery. The company is not bothered by receiving subpoenas. Gauthier stated that it is not easy to subpoena services like Ledger Recover.

He added that “if you are absolutely resistant to censorship, you should simply not activate the feature.”

Air Gap? Hardware Wallets? Multisig? Bitcoin Self-Storage Means Hard Choices