Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Merits 5 from 2 users
Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
by
RickDeckard
on 16/05/2023, 19:34:49 UTC
⭐ Merited by LoyceV (4) ,vapourminer (1)
Quote from: o_e_l_e_o on Today at 06:54:17 PM
Quote from: RickDeckard on Today at 06:21:31 PM
https://support.ledger.com/hc/en-us/articles/9579368109597?docs=true
And still they ignore the most pressing question that everyone is asking: Why is this even possible in the first place?
They are and the way that they are doing it is shocking - They keep stating that as long as the user doesn't activate the backup, then everything is OK. Look at this contradicted reply from Ledger Customer Sucess Team[1]:
Quote
  • Ledger designs what the code can and cannot do with the seed, and this has always been the case. As always, we design this code meticulously and with true security in mind every step of the way.
  • The new 2.2.1 firmware contains new code that can manipulate the seed in order to split it into 3 separate encrypted shards.
  • This new sharding feature, as with every other interaction that touches your seed, requires your consent with a physical button press in order to create the encrypted shards of your seed. If you're worried about this feature, you could choose to never trigger or accept the seed sharding operation.
Since their customers were basically sold a lie - their recovery phrases would never be able to leave their device - isn't this a solid ground for a class-action lawsuit?
[1]https://safereddit.com/r/ledgerwallet/comments/13j5cna/introducing_ledger_recover_answering_your/jkea6xw/