What keeps trezor to keep the private key?

[glub0x]

So i am very happy with those trezor for everyday spending (no big stash).
Thanks to them i almost double my use of btc over the year. It is much more easy  than my multiple small paper wallet.
But my father came up with a question i couldn't answer even though it looks obvious: " what guarantee me that they do not have my private key?"

[1714933577]

1714933577

[1714933577]

1714933577

[1714933577]

1714933577

[1714933577]

1714933577

[ViceOfBTC21]

They use open-source software that can be verified and verifiable hardware. It's proven that they software and hardware is safe. They also embedded random RNG in Trezor.

[ranochigo]

Nothing.

They can easily push an update to capture your private key and send it to your server. This requires you to manually accept it. The main thing that is keeping them from stealing it isn't it being opensourced. You cannot blindly trust them. You have to manually review and verify it yourself or there is still a risk. As long as you can verify the code, you are pretty much safe.

[cryptoheadd]

Nothing.

They can easily push an update to capture your private key and send it to your server. This requires you to manually accept it. The main thing that is keeping them from stealing it isn't it being opensourced. You cannot blindly trust them. You have to manually review and verify it yourself or there is still a risk. As long as you can verify the code, you are pretty much safe.

This pretty much explains it.
I'd recommend using Trezor with Electrum wallet. (That's what I do.)

[glub0x]

ok interesting reading
how does an electrum wallet protect from anything?

[ranochigo]

ok interesting reading
how does an electrum wallet protect from anything?

Electrum wallet doesnt do anything except to get transaction information and to broadcast transaction. It doesn't help in your security, with that being the main point of hardware wallets to reduce dependent on a device that you use frequently.

It does have a nice and easily understandable UI though.

[fanita]

They always use verifiable software and hardware.
With this proving that they are using secure software.

[Iranus]

Nothing.

They can easily push an update to capture your private key and send it to your server. This requires you to manually accept it. The main thing that is keeping them from stealing it isn't it being opensourced. You cannot blindly trust them. You have to manually review and verify it yourself or there is still a risk. As long as you can verify the code, you are pretty much safe.

Actually you can pretty much blindly trust them (without personally checking the code).  All you have to do is wait for a week or so after they release an update, then search TREZOR related threads and boards to find if anyone has decided the update is malicious or faulty.  If you're not competent at reading through it yourself, there's no point trying too hard with little outcome.