[...]
The way that Ledger is partially closed source always left a sour taste in my mouth but I had given them the benefit of the doubt by virtue of being one of the oldest hardware wallet vendors around.
Alas, thank you Ledger for reminding me that giving someone the benefit of the doubt is never a good idea in the crypto space.
Right. But approve what?
Does the person have to repeat the passphrase in order to be registered in this "recovery program"? Or is it just a mere question, which person answers "yes"?
Does it in fact matter for those ones who will never approve that shit?
Or you are bothering of those pinks who are going to fall for the bait?
Repeating the passphrase, while stupid, would at least have implied that the seed isn't extracted from the "secure element".
However the Tweets referenced by RickDeckard point towards the firmware being able to extract the seed directly. In that case "requiring" the user to press "yes" doesn't matter. It's just security theater. There's nothing stopping the firmware from extracting and sending the seed without user interaction.