Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

Quote from: LoyceV on Today at 09:18:21 AM

Quote from: Wind_FURY on Today at 08:00:27 AM

Although true, but if it could be proven that the device is sending packets of data to a server, and if we could trace those packets of data going to an I.P. address belonging to Ledger, or worse an unknown entity, then we can safely make a presumption that they are doing "something" with the data, which could be sensitive data - your private keys.

BUT, that's where that question goes. - Is there proof that there are there packets of data that are sent from a Ledger Nano S+ to the internet?

It's just an USB device, I don't see how such a device could get it's own internet access. I know malicious USB cables can pretend to be a keyboard and get access to the computer that way, but I don't think Ledger does that. So it needs Ledger's own software (Ledger Live) to be installed, and when you're running Ledger Live, it connects to Ledger's servers anyway. So you can't know what data it's sending.

Well, if follow this version, then here is the answer to how to avoid possible potential data leakage for ledger users - don't use software from this company. Or in other words, connect the HW device to third-party wallets, such as electrum (any other), for example, and not Ledger live.

For several years now there have been allegations of vulnerabilities in the transmission of user data through ledger servers, software and devices in general, but no one has yet demonstrated 100% evidence and everything is based only on assumptions. I in no way justify the ledger, but damn, if there is a flaw, then show me, and don't try to convince me only on faith.

It turns out that belief in the vulnerability of ledgeris similar to belief in ghosts and UFOs - no one has seen them, can't prove their existence, but convinced that they definitely exist.