"Here, the point which is important to remember is that you stay in control…there’s no backdoor, nothing will happen without your consent on the device…in the future, the whole protocol will be open, so you’ll be able to verify how the whole protocol works." - @BTChip
This sounds good on paper, and is apparently supposed to calm down the voices screaming everything is closed-source, but the type of code means nothing in this scenario. The problem is not that we can inspect the code to see that the seed will be divided into 3 parts, encrypted, and then shared with 3 different custodians. The problem is that there is a way for them to do that, and it's a huge security risk combined with a privacy risk since they also require KYC.
Does it mean we can't verify that they have no access to the decryption key used to reconstruct the initial seed?
They claim Ledger Recover will be open-source and you can verify the code. So what? What prevents them or anyone else to still get access to the shards by working with those custodians behind everyone's back. Not to mention that a serious hack could result in shards landing in the wrong hands.
Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.
That statement is still true today. The keys can't leave the secure element
unless you pay $9.99 a month for the pleasure of sharing your keys. It's not a time to joke around, but this is as silly as it gets.