Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Merits 1 from 1 user
Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
by
Wind_FURY
on 28/11/2024, 15:05:32 UTC
⭐ Merited by vapourminer (1)
Quote from: m2017 on Today at 02:40:05 PM
Quote from: LoyceV on Today at 09:18:21 AM
Quote from: Wind_FURY on Today at 08:00:27 AM
Although true, but if it could be proven that the device is sending packets of data to a server, and if we could trace those packets of data going to an I.P. address belonging to Ledger, or worse an unknown entity, then we can safely make a presumption that they are doing "something" with the data, which could be sensitive data - your private keys.

BUT, that's where that question goes. - Is there proof that there are there packets of data that are sent from a Ledger Nano S+ to the internet?


It's just an USB device, I don't see how such a device could get it's own internet access. I know malicious USB cables can pretend to be a keyboard and get access to the computer that way, but I don't think Ledger does that. So it needs Ledger's own software (Ledger Live) to be installed, and when you're running Ledger Live, it connects to Ledger's servers anyway. So you can't know what data it's sending.


Well, if follow this version, then here is the answer to how to avoid possible potential data leakage for ledger users  - don't use software from this company. Or in other words, connect the HW device to third-party wallets, such as electrum (any other), for example, and not Ledger live.

For several years now there have been allegations of vulnerabilities in the transmission of user data through ledger servers, software and devices in general, but no one has yet demonstrated 100% evidence and everything is based only on assumptions. I in no way justify the ledger, but damn, if there is a flaw, then show me, and don't try to convince me only on faith.

It turns out that belief in the vulnerability of ledgeris similar to belief in ghosts and UFOs - no one has seen them, can't prove their existence, but convinced that they definitely exist. Smiley


But we can't also prove that there is no flaw either, and I personally WON'T gamble my Bitcoin savings on it by storing them in a hardware wallet that has closed source firmware. I'll probably use it for shitcoining very small amounts of Bitcoin through Magic Eden Runes market merely because I have already ordered it. But if I remembered this topic before I purchased it, I probably will not buy it.

I learned another lesson, the HARD WAY.