@theymos - Time to update the current Ledger situaion @ Important Announcements?

[Synchronice]

I'm not as bothered by the whole idea of an opt-in centralized recovery thing as a lot of people seem to be, but this quote in particular is pretty damning because it shows that Ledger was/is either incompetent or lying.

Unfortunately, they are both, there is no need to doubt that because their actions speak for themselves. Although it seems to me that there is something else, and that is the possibility that both companies that have positioned themselves as leading manufacturers of hardware devices suddenly make very strange decisions, possibly under someone's pressure. The US is waging its own battle against "cryptocurrencies", and it seems that the EU is not sitting idly by on this issue either.

EU is doing worse than any union or country alone, next direction is North Korea, see this Chat Control by the EU.

You know, a fortress can only be destroyed from the inside, this has been a strategy, a long-term strategy. Hardware wallets are a giant wooden horses, The Trojan Horses!

[BitcoinGirl.Club]

I edited Ledger out of my "do not keep your money in online accounts" post. I still want to recommend some hardware wallet which is fairly easy-to-use, so I left Trezor in, even if it may not be perfect.

It was the right move. We don't need anything that could create controversy.

I'm not as bothered by the whole idea of an opt-in centralized recovery thing as a lot of people seem to be, but this quote in particular is pretty damning because it shows that Ledger was/is either incompetent or lying.

Unfortunately, they are both, there is no need to doubt that because their actions speak for themselves. Although it seems to me that there is something else, and that is the possibility that both companies that have positioned themselves as leading manufacturers of hardware devices suddenly make very strange decisions, possibly under someone's pressure. The US is waging its own battle against "cryptocurrencies", and it seems that the EU is not sitting idly by on this issue either.

I guessed it when I first discovered the discussion.

Let me guess, it's those who are printing notes and doing everything from the tax payers money.

US, EU, Middle East, Australia, East Africa all are same. If EU was sitting idly then how would we see Chipmixer were down?

[dkbit98]

Can we ever trust what people from Ledger say anymore?
Only a few months ago, they claimed something completely different.

I never trusted them after many fiascos they had, leaking customer information multiple times, low quality check of their devices, battery issues, short support for older devices, closed source, etc...
That being said, we should be very careful with all other hardware wallet manufacturers, they can turn on users and make deals with devil in a same way like ledger.
Big red flag should be when manufacturers start to collect millions and billions of dollars from different campanies.

I hadn't seen this before, and it makes me wondering: if Bob would get their hands on Alice's Ledger, would it be possible to upgrade the firmware and upload it online? I always thought the whole point of a hardware wallet is to make it impossible for private keys to touch the internet, but now it's starting to look like an expensive hot wallet.

This is what ledger claimed before, but now they are changing tune with different ''song''.
They turned impossibility into new feature  

It strikes me as very unlikely that anything related to this is going to cause widespread losses anytime soon, so I don't think that an Important Announcement is necessary.

Probably, but many people could still lose privacy, and mystery sharding encryption was never verified by anyone.

I edited Ledger out of my "do not keep your money in online accounts" post. I still want to recommend some hardware wallet which is fairly easy-to-use, so I left Trezor in, even if it may not be perfect.

I think currently best open source wallet could be Passport by Foundation.
They are 100% Bitcoin only device with open source code and reasonable price compared to Trezor Model T.
No shitcoins liste there (unless someone makes community project support), and it's quality device assembled in US.

[dragonvslinux]

Ultimately bitcointalk has no relationship, partnership or otherwise with Ledger. Therefore there is no reason for this to be an important announcement from bitcointalk, even if it is indeed an important announcement for Bitcoiners. The only announcements that are important for the forum directly are those related to it, such as Bitcoin Core updates (as this remains the official forum) or otherwise forum-based news.

[Lucius]

~snip~

Bitcointalk has no direct connection with Electrum either, but a warning to all users was still issued when a vulnerability was discovered that proved fatal for many. Although this is not an identical situation, people should be warned about the potential risk that comes with using hardware wallets given the new information that has come to light recently.

[decodx]

I found a great post on Reddit that effectively summarizes the current state of affairs regarding the Ledger devices. All the points mentioned in the post appear to be factually correct, as far as I can tell:

Q: Am I dumb to stay with ledger?

A: YES.

This isn't just about typical pros and cons of this wallet or that wallet.

Ledger told us our keys never leave the secure element of our hardware wallets. They assured us no firmware update would enable our keys to be extracted from our hardware wallets.

Here's the promise they made, again and again, for years.

    

Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.

   SOURCE: @Ledger 8:12 AM · Nov 15, 2022

Now, they admit that was a lie:

    

yes a firmware update can extract the seed

   SOURCE: u/murzika, Ledger Co-Founder, Former CEO, and Former Chairman

And because their firmware isn't fully open, we have no way of knowing if there's a backdoor to enable key extraction even if we don't opt in to their new key extraction service:

    

There's no backdoor and I obviously can't prove it

   SOURCE: u/btchip, Ledger owner & co-founder

And it's not like we can trust their security.

    

Ledger wallet users face mounting home invasion and other scareware threats as hacker dumps private customer information online.

   SOURCE: Cointelegraph, December 24th, 2020

What's the worst that could happen, aside from a hacker getting access to your keys due to another Ledger security breach?

    

If you are a Recover user and have your shard into safeguarded by third parties, then yes, a government could subpoeana them and get access to your funds. Using Recover gives you an easy recovery option and mitigates backup loss, but your assets could get frozen by the government

   SOURCE: u/murzika, Ledger Co-Founder, Former CEO, and Former Chairman

Your assets could get frozen by the government. He said it.

    

As I said above, if you are referring to Ledger Recover, I said government could get access to the backups of a user, as it's only a matter of law and is about one user

   SOURCE: u/murzika, Ledger Co-Founder, Former CEO, and Former Chairman

The government could get access to the backups of a user. He said it.

    

If you are referring to Ledger Recover, a joint government task force could access a user's recovery backup. I mean it's just a question of law, two shards could be subpoaned even if they are each in a different jurisdiction.

   SOURCE: u/murzika, Ledger Co-Founder, Former CEO, and Former Chairman

So, to answer your question: Are you dumb to just stick with ledger through this whole mess?

YES.

Source: https://www.reddit.com/r/ledgerwallet/comments/13m77q2/comment/jkucji0/

[Hispo]

I am in favor of this proposal brought onto the table by OP. Not only because it is a measure by Ledger that goes against everything Bitcoin and decentralization stand for. But also because the magnitude and the size of Ledger as provider of Hardware wallets.

This is not a small independent provider which had this nefarious idea, Ledger is allegedly the biggest maker of those "security devices".

The more people we can make aware of the oxymoron they try to push down our throats, the better. And important announce should help enough. Sushi sad days for enthusiasts of HW. 

[BitCoinDream]

I didn't look into this deeply, but my understanding is that it's opt-in. Do we know that people using Ledger are being put at significant additional risk just by upgrading their firmware, if they don't opt into any backup stuff?

Ledger compromised again.

https://twitter.com/Ledger/status/1735291427100455293