I have a question that might be important about this service:
--> Will this update make Ledger able to extract the seed from the hard wallet? (which I thought was impossible, like you said)
or
--> Will the user have to type the seed to be stored by the ledger?
If it's the second option it wouldn't change much regarding security for those who don't opt for the service
But if it is the first option, it is a tool that can fall into the wrong hands and generate an exploit
From my perspective, either answer will always affect negatively the overall product and void the concept behind the product sold by Ledger. Even if you don't opt in for this service, what Ledger is doing is claiming that ever since the beginning of their products it was always possible to extract the recovery phrases - encrypted or not - but the feature has since been dormant (until now it seems). If there is even a remote change that by a simple firmware upgrade the security chip starts broadcasting and exporting your recovery phrases, what security do their users have?
To answer to your second question, if you had to type your recovery phrases to use this service, it would be even worse than the current solution that they are proposing as you were violating one of the core rules of your funds safety - never share/type your recovery phrases anywhere, not even with your device manufacturer or the Pope.
I've skim listened to this on 2x speed, but I can't find anywhere that they actually address that there now exists the ability for Ledger wallets to export seed phrases off of the secure element. Someone please correct me if I'm wrong. They answer questions like politicians. Direct quote from Nicolas Barra (BTChip, Ledger VP): "I'm not sure what's not to like."
It's a total shitshow as of now. Their CTO even recorded[1] a video for Reddit to address the chaos that's currently ravaging their sub but the message is always the same - "We will not know your keys". They also seemed to launch a FAQ[2] for the service, but the answers there are laughable:
Why do I need Ledger Recover?
You’re responsible for storing your Secret Recovery Phrase. While this setup makes you enjoy all the benefits of self-custody and complete control over your assets, it also makes you solely responsible for their protection. Ledger Recover is designed for users who want to add an enhanced layer of security in case their Secret Recovery Phrase is lost or when they can't access it.
This system is "designed to add an enhanced layer of security" and how do they do that? By stripping away one of the core concepts behind Bitcoin and handing it over to 3 entities (2 of them unknown at least for me) and another one being Ledger. Ridiculous.
Who has access to my wallet with Ledger Recover?
In short, only you can access your wallet. When you subscribe to Ledger Recover, a pre-BIP39 version of your private key is encrypted, duplicated and divided into three fragments, with each fragment secured by a separate company—Coincover, Ledger and an independent backup service provider. Each of these encrypted fragments is useless on its own. When you want to get access to your wallet, 2 of the 3 parties will send fragments back to your Ledger device, reassembling them to build your private key.
So what they are saying is that "They don't share your private keys" but instead share an encrypted derivated version of our private keys with external entities which then can be used to give us access to our funds. Do note that they said they are not our private keys, but at the end of the day when they are decrypted they still give us access to our funds.
What if I lose my Ledger device that is associated with my Ledger Recover subscription?
Simply get another Ledger device and follow the process to recover access to your wallet.
This means that these backups hold all the information that is needed to get access to the funds, meaning that the original device doesn't even need to "decrypt" anything and isn't the only machine capable of doing so. If this "backup" isn't a pure copy of the private keys - like Ledger claims that it isn't - then what is? Since they are exporting a copy, they claim that they aren't exporting the original recovery phrases? Do they really think their userbase is that stupid?
Does Ledger Recover store my personal data?
Your identity details are collected by Ledger Recover ID verification service providers. Coincover and Ledger store an encrypted excerpt of this data. Only authorized third parties have access to it. To learn more about how we collect and use this information, please read our Privacy Policy.
Alas, more privacy invasion policies and data hoarding of personal information. I'm baffled at so lack of respect by one's privacy.
What is even more laughable is that Coincover - the 2nd entity that will receive the backups - is operating in an environment made by Ledger as this piece of the FAQ claims it, so Ledger is actually present in 2 out of the 3 companies that hold your backup:
What if someone gets access to my wallet using Ledger Recover?
Ledger Recover comprises extensive identity verification processes—performed by Coincover within a secure environment built by Ledger. As an added layer of protection, subject to investigation, $50,000 compensation may be available from Coincover in the unlikely event that something were to go wrong.
Even if Ledger trashes this concept to the ground, the message is clear -
Their secure chip was always able to extract your recovery phrase (encrypted or not) and it was just waiting for a firmware update to enable that option. If you care about your privacy and your funds, please stop using your Ledger device and transfer your funds to another wallet.
[1]
https://www.reddit.com/link/13j5cna/video/u4texr0t270b1/player[2]
https://support.ledger.com/hc/en-us/articles/9579368109597?docs=true