Post
Topic
Board Hardware wallets
Merits 2 from 2 users
Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
by
o_e_l_e_o
on 17/05/2023, 08:00:59 UTC
⭐ Merited by RickDeckard (1) ,Cricktor (1)
The only upside is that it requires device-based confirmation, similar to signing signatures, or at least so they claim.
And yet, if they can implement a function to export your seed phrase from the secure element with a simple software update, then they can also implement a function to remove the need for any physical button presses with a simple software update.

Personally, I'm moving over to Trezor.
There is nothing stopping the same issue from arising on Trezor devices, and indeed, the seed phrase can already be extracted from Trezor devices by an attacker in ~15 minutes. Not to mention Trezor's partnership with blockchain analysis and government surveillance. Trezor is a poor substitute.

If they can enable such a feature with the user's consent, what stops them from enabling it without the user's consent if the user doesn't want to use it? All they have now is a promise they can't do it, but their words and guarantees are worth very little at this stage.
Agreed. The whole "opt in" nonsense they are touting is completely meaningless. They could choose to enable it as mandatory in a future update, or maybe even do it anyway behind the scenes, and you would never know.

And during all this, Ledger devs are completely absent on social media despite their subreddit going in to meltdown, and Ledger haven't even bothered to brief their Customer Support agents on how it actually works, leading to them guessing when answering questions: https://www.reddit.com/r/ledgerwallet/comments/13j5cna/introducing_ledger_recover_answering_your/jkev3or/

How not to run a company, 101.