Oshosondy (OP)
Legendary
Online
Activity: 1624
Merit: 1202
Gamble responsibly
|
|
January 29, 2021, 12:21:55 PM |
|
I have spent awhile on this forum, I noticed many members do not like close source wallets, that is why they do not like to mention wallets like Coinomi and Trust because they are close source. When I later know the reason not to like close source wallet because the programming used to build the codes can not be accessed by anyone that uses the wallet, members believe they are not appropriate because our bitcoin is more important, that we should know about everything that we use to hold our bitcoin like the wallet and the blockchain to all have open source codes.
But I noticed about hardware wallet, trezor is open source, keepkey is open source, coldcard is open source, ledger nano is closed source. These are the hardware wallets I have come about on this forum while trezor and ledger nano are the most mentioned.
Members do comment bad about close source but they comment good about ledger nano even after the ledger database was hacked. What can be the reason for still recommending ledger nano.
Are ledger nano wallet developers trust worthy and because of that trust the close source code used? Is it because ledger is a hardware wallet? Is it because ledger is costly and people think the ledger developers will focus only on how to sell more than to be planning for dubious source codes? Why are people not commenting good about close source but comment good about ledger nano wallet while it is close source. I am confused.
|
|
|
|
aoluain
Legendary
Offline
Activity: 2436
Merit: 1364
|
|
January 29, 2021, 12:45:33 PM |
|
It really comes down to control of the private keys and how they are stored. The Ledger Hardware wallets have the keys on the device which in not connected to the internet.
Coinomi for instance is always connected to the internet because the device (smartphone) is always connected.
I own both Ledger and Trezor and from reviews I read a lot of people found the easier to use and the Ledger Nano offers a Hardware wallet solution while being very easy to use compared to Trezor.
Why does it have to be open source?
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄ ▀█▀▄▀▀▄▀█▀ ▄▄░░▄█░██░█▄░░▄▄ ▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄ ▀▄█░███▄█▄▄█▄███░█▄▀ ▀▀█░░░▄▄▄▄░░░█▀▀ █░░██████░░█ █░░░░▀▀░░░░█ █▀▄▀▄▀▄▀▄▀▄█ ▄░█████▀▀█████░▄ ▄███████░██░███████▄ ▀▀██████▄▄██████▀▀ ▀▀████████▀▀ | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄███░░░▀████░███▄▀██▄ ███░████░░░░░▀██░████░███ ███░████░█▄░░░░▀░████░███ ███░████░███▄░░░░████░███ ▀██▄▀███░█████▄░░███▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP SOUTHAMPTON FC FAZE CLAN SSC NAPOLI |
|
|
|
Oshosondy (OP)
Legendary
Online
Activity: 1624
Merit: 1202
Gamble responsibly
|
|
January 29, 2021, 12:48:16 PM |
|
Why does it have to be open source?
Because you know the source code. Like for example: Electrum is recommended it is open source, but it is also online wallet like coinomi. Only what can be said is that too much bitcoin should not be stored using electrum wallet but highly recommended because it is open source. I hope you can get what I am trying to explain. This is also the reason why it (electrum) is recommended to use to connect hardware wallets just because it is open source, because people trust open source.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
January 29, 2021, 12:57:08 PM |
|
I think it's because only the security chip is closed source (according to what people say) so it's worth the risk to them.
Other than that and its compatibility with open source software (which could create an illusion of it being open source) then idk.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
January 29, 2021, 01:58:11 PM |
|
I think it's because only the security chip is closed source (according to what people say) so it's worth the risk to them.
Which is basically the same as operating a wallet on a computer, as most mainstream computer manufacturers have closed source hardware. The only real difference is Ledger is created for Bitcoin, and you could potentially be concerned that they have more of an interest in Bitcoin, therefore the potential of compromising the device specifically for Bitcoin could be more of a concern. That's obviously speculation, but generally no one is completely using open source software or hardware so you always have a slight unknown about any device you use. Ledger has a record of overwhelming positive reviews, so you could suggest that these concerns are largely unwarranted.
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
No one recommends KeepKey, even if it's codes are open source because it is pretty subpar (and I mean by a fairly big margin) as compared to the other popular HW wallets. Ledger IS open source, the secure element is not. Their NDA requires them to withhold certain firmware within the secure element.
I'm sick of the "open source codes" as a gauge for the trustworthiness of a product. Yes. Open source codes allows you to thoroughly review the hardware and the firmware of the wallet. Here's my question: Do you open it up to use an X-RAY to inspect the chips? Do you review the entire firmware?
If your answer to the above is no, you're better off going by the general consensus. Ledger has had it's fair share of missteps but is also audited and qualifies as a "decent" hardware wallet and is generally quite user friendly. Ledger is not the top of my list but you'll probably get your answer to why it's recommended going by the use case. It's stupid to denounce a product inferior solely based on the fact that due to a business decision, they have to keep certain parts of their proprietary codes private. I'm not a Ledger shill, do your own due diligence before purchasing any hardware wallets.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6585
Looking for campaign manager? Contact icopress!
|
|
January 29, 2021, 02:44:43 PM |
|
What can be the reason for still recommending ledger nano.
I think that Ledger had in the right moments better prices or better promotions than Trezor. Also Ledger Nano S looks pretty close to an USB stick ( + the screen and buttons, I know) which has made it more appealing. There were also vulnerabilities Ledger has published about Trezor. Possibly useful marketing gimmick. But all in all, many have bought Ledger they use it and they recommend what they know it works. Ledger Live is crap. They were slow fixing bugs. But that little piece of hardware does its job. At least for me it does until now. And at the end, that's all it matters. They also got their customers and affiliates database hacked, exposing quite a big number of addresses and phone numbers. I think that after the addresses were exposed the number of those recommending Ledger has decreased a lot.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6149
Crypto Swap Exchange🈺
|
|
January 29, 2021, 02:52:32 PM |
|
Members do comment bad about close source but they comment good about ledger nano even after the ledger database was hacked. What can be the reason for still recommending ledger nano.
Ledger used to be a respectable company for me with a completely satisfactory product that allowed me to keep my private keys in the most secure environment - that's probably the main reason why people bought their devices. From 2014 until today, there is no documented case of someone losing their key information because one of their devices was hacked or because it is not 100% open source. After hacking their database, things changed and hundreds of thousands of their users fell victim to daily phishing via email, SMS and phone calls. Personally, I would no longer advise anyone to buy this HW because Ledger proved to be a very frivolous company by allowed to be hacked - and it also kept all the data in unencrypted form. Why are people not commenting good about close source but comment good about ledger nano wallet while it is close source. I am confused.
There is no reason to be confused, you have the choice to buy something or not, and the worst thing you can do to yourself is to let others create an opinion for you. Are Nano S/X good HW? Of course, they are - but does that mean we should pretend that nothing happened? Of course not, because trust is gained over the years, but it is also lost in a very short time. My next HW it certainly won't be from Ledger.
|
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2492
Merit: 11049
There are lies, damned lies and statistics. MTwain
|
|
January 29, 2021, 02:57:45 PM |
|
These two threads are an interesting read on the topic: Should Hardware Wallets Be Open Source? Secure Element in Hardware Wallets Reading through the above, there are arguments for one and other based type solution (open/closed source code), but the vast majority of the commons are going to base their decision on reputation and market share (+ price), being the minority those that take the encapsulated nature of part of the code into consideration. Reputation comes both from the brand (Ledger) and the device itself, and the former has suffered a deserved punch in the soft zone lately.
|
|
|
|
mk4
Legendary
Offline
Activity: 2926
Merit: 3881
📟 t3rminal.xyz
|
|
January 29, 2021, 04:17:01 PM |
|
I think it's because only the security chip is closed source (according to what people say) so it's worth the risk to them.
It's mostly this. While the hardware being closed source could still be a thing to worry about, this problem is easily circumvented by using the Ledger hardware device for a multi-sig wallet instead. Along with that, it's probably safe to assume that Ledger Labs can't do shady stuff if you aren't using Ledger Live in the first place, which I highly recommend because using a hardware wallet with Electrum/Wasabi is far better in terms of privacy(unleaked xpub, coin control) in the first place.
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2408
Merit: 7561
|
|
January 30, 2021, 09:35:23 AM |
|
Ledger is special because they had biggest crypto leaks with one million email addresses and over 750k leaks of other personal information from customers, and their team is bunch of amateurs who don't care about customer privacy. Here is the list of all other Open Source hardware wallets: * using Trezor code** using ColdCard codeSome of them have secure elements like ledger and others like Trezor are using BIP39 and Passphrase encryption: https://bitcointalk.org/index.php?topic=5304483.0
|
|
|
|
Porfirii
Legendary
Offline
Activity: 1960
Merit: 2436
The Alliance Of Bitcointalk Translators - ENG>SPA
|
|
January 30, 2021, 09:59:29 AM |
|
(...) if you aren't using Ledger Live in the first place, which I highly recommend because using a hardware wallet with Electrum/Wasabi is far better in terms of privacy(unleaked xpub, coin control) in the first place.
I have been doing it wrong all this time!!! I was supposed to be cautious by using hardware wallets, and then suddenly realise this newbie mistake. Never is too late (I hope); thanks mk4 for the savvy words, I'll take a look at it.
|
|
|
|
GreekCoiner
Newbie
Offline
Activity: 62
Merit: 0
|
|
January 30, 2021, 02:02:44 PM |
|
What makes them so special? Well, the fact that they leaked so many users private information like Email (can be used for scams etc.), phone number (can be used for sim card swap attack and scams), Addresses (many people can become target of thieves, scammers, criminals etc)..
So, yeah.. That makes them so special I guess. About their hardware wallet, I guess its like the others but a bit better. I don't know, havent used it BTW.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6149
Crypto Swap Exchange🈺
|
|
January 30, 2021, 03:12:03 PM |
|
I have been doing it wrong all this time!!! Don't worry too much, because regardless of the user interface you use, your data (coin addresses and IP addresses) will be visible to the servers used by Ledger or those used by Electrum. You can achieve greater privacy if you use Electrum + Tor, but what when you need to update your Nano S/X firmware - you need Ledger Live, and I think LL doesn't support Tor (you can try with VPN). If you want privacy you should do everything from scratch - send your coins to another wallet, reset Nano S and create a new seed, and then use VPN to download Ledger Live and coin apps. Then send coins to mixer, and after that to Ledger wallet and use it with Electrum/Tor from then on.
|
|
|
|
Porfirii
Legendary
Offline
Activity: 1960
Merit: 2436
The Alliance Of Bitcointalk Translators - ENG>SPA
|
|
January 30, 2021, 09:40:43 PM |
|
Thanks for the explanation Lucius! If you want privacy you should do everything from scratch - send your coins to another wallet, reset Nano S and create a new seed, and then use VPN to download Ledger Live and coin apps. Then send coins to mixer, and after that to Ledger wallet and use it with Electrum/Tor from then on.
In my case, as a hard wallet user, I am more worried about safety than privacy, at least for my bitcoins, as I use them as a store of value and it is not necessarily a secret. A different thing would be my personal preferences when surfing the internet (that's the reason why I use VPN and even TOR sometimes) or buying (that's the reason why I usually use old good cash) but it is good to know this info, and I will research more and use Electrum instead of LL as much as I can because I am starting to change my mind: In the end, as I understand it now, Bitcoin being pseudonymous should mean that your identity is disclosed when YOU want, but using this feature well is still one of the least understood points for non expert users.
|
|
|
|
|