Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

Quote from: o_e_l_e_o on Today at 05:37:48 PM

Quote from: tabas on Today at 05:34:42 PM

Say that even if we've got the old nano s but they can still try to do something and update and force an update for its firmware, is that right?

An update is irrelevant. As I explained earlier in this thread and in the tweet just above, the whole point of Ledger's Secure Element was that the private keys could never leave the Secure Element. We now know that claim is a lie, and has therefore been a lie since day one. A simple piece of code is all that is required to extract your private keys. All Ledger devices are vulnerable whether or not you opt in to this or update to the latest firmware.

Right on, that's my worry and that's why even I've got the old one I know that if I try to connect and they forcefully require an update then I have no choice. Thanks, I've missed the tweet part as it's just a milliseconds after I've posted.

Quote from: satscraper on Today at 08:24:08 PM

Quote from: joker_josue on Today at 07:54:03 PM

According to their statement

Quote from: https://support.ledger.com/hc/en-us/articles/11022833583261?docs=true

This kinda give me some biggest concern, as the process everytime we use our Ledgers in doing a transaction, we have to approve it through our devices and this requirement is kind of sick, those that will avail the service should review this first.