BitCoinDream (OP)
Legendary
Offline
Activity: 2394
Merit: 1216
The revolution will be digital
|
|
May 16, 2023, 07:32:47 PM |
|
|
|
|
|
Poker Player
Legendary
Offline
Activity: 1554
Merit: 2243
|
|
May 17, 2023, 03:14:32 AM |
|
What would be the important announcement then? That Ledger is a shitty company that has not only been so careless that it has let its customers' data be stolen several times but is also going to implement a program that goes against the principles of bitcoin and what a HW should be? It's a topic worthy of debate but they're not going to send anyone's seeds if they don't pay, at least in theory. This is a paid feature so it's not sending your seed phrase anywhere unless you pay $9.99 per month for it (which is a dumb subscription).
Seeing that the last thread in Important Announcements was: Reminder: do not keep your money in online accounts and that the previous ones were 4 years before that, I don't see the issue as important, but maybe theymos does.
|
| | | | | | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | █████████████████████████ █████████▄▄▄▄▄▄ ██████▄█████████▄ █████▄████▀▀░░▀███ ████▄█████░░░░░▀██▌ █████████▀▄░░▄▄░███ ███▐██████▀▌░█▀░▌▐█ ███▐████▌░█▌░▄░░░█▌ █████████▀██▄▄▀░███ ██▀██████▄▀▄▄▀░▄████▄▄ ░█▄██████░█▄▄▄███████▄ ░▄█████▌░███░██████████▄ █████████████████████████ | ████
████ | ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ US PRESIDENTIAL ELECTION 2024 ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | | TRUMP vs HARRIS | ████
████ | █████████████████████████ █████████▄▄▄▄▄▄▄▄ █████████▄▀▄░░▀▄▄▀▄ ██████▐█▄▄▀░░▄▀▄▄▀▐ ███████▀▀▄▄▄▄▄███▌█ ███████▐▄▄▄▄▀▄▄░█▌█▌ ██████▐█▀██▀░▌▄▀███▌ ████████▄░░▄▄█░▄██▀ ███████▐░░▄▄▄▄░▐█▌ ████▄▄███▄▀▀▀▀▀█▀█▄▄ ▄▄███████▀█████▀░█████▄▄ █████████░░▄█▄░░▐████████ █████████████████████████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | | | | . BET NOW . |
|
|
|
Husires
Legendary
Offline
Activity: 1596
Merit: 1288
|
|
May 17, 2023, 06:04:49 AM |
|
@theymos In the above situation, I guess, it would be worthwhile to give an update in Important Announcements and link it below the forum menu as Important Announcement for Ledger Users. I think that board is like other boards except only donors/VIP/Staff can post, and it is not a bug/backdoor related to the open source Bitcoin wallet in the first place. And if we go back to the number of views, it is the lowest compared to any other board. only 4004 views for last topic. Posting there will not increase the awareness campaign for all.
|
|
|
|
The Sceptical Chymist
Legendary
Online
Activity: 3514
Merit: 6985
Top Crypto Casino
|
|
May 17, 2023, 09:32:39 AM |
|
I tend to agree with OP on this one, given how popular Ledger wallets are and how big this story is. There might be people who aren't members of the forum doing google searches about this unholy debacle and who might find their way here for some good discussion about it--and guaranteed it'll be better than Reddit.
There have been a lot of important things that have happened in the world of bitcoin that don't warrant mention in the important announcements section, but man....I seriously think this ought to be one of them. This whole situation is fucked, and I really should have listened to dkbit98 a long time ago.
|
|
|
|
BitcoinGirl.Club
Legendary
Offline
Activity: 2954
Merit: 2783
Bitcoingirl 2 joined us 💓
|
|
May 17, 2023, 09:48:57 AM |
|
@theymos In the above situation, I guess, it would be worthwhile to give an update in Important Announcements and link it below the forum menu as Important Announcement for Ledger Users. If I am not wrong there is a topic for Newbie created by theymos where he recommended Ledger to have for better security of the funds. I think that post or topic need an update too. May be someone can link us the topic. Sorry I am not good at searching forum stuffs.
|
|
|
|
Poker Player
Legendary
Offline
Activity: 1554
Merit: 2243
|
|
May 17, 2023, 11:54:10 AM |
|
I tend to agree with OP on this one, given how popular Ledger wallets are and how big this story is.
For me it was more important the Ledger Database Leak, twice at least, and I don't see anything in that section although there is a thread about the MtGox database leak. At the end of the day this is a voluntary thing.
|
| | | | | | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | █████████████████████████ █████████▄▄▄▄▄▄ ██████▄█████████▄ █████▄████▀▀░░▀███ ████▄█████░░░░░▀██▌ █████████▀▄░░▄▄░███ ███▐██████▀▌░█▀░▌▐█ ███▐████▌░█▌░▄░░░█▌ █████████▀██▄▄▀░███ ██▀██████▄▀▄▄▀░▄████▄▄ ░█▄██████░█▄▄▄███████▄ ░▄█████▌░███░██████████▄ █████████████████████████ | ████
████ | ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ US PRESIDENTIAL ELECTION 2024 ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | | TRUMP vs HARRIS | ████
████ | █████████████████████████ █████████▄▄▄▄▄▄▄▄ █████████▄▀▄░░▀▄▄▀▄ ██████▐█▄▄▀░░▄▀▄▄▀▐ ███████▀▀▄▄▄▄▄███▌█ ███████▐▄▄▄▄▀▄▄░█▌█▌ ██████▐█▀██▀░▌▄▀███▌ ████████▄░░▄▄█░▄██▀ ███████▐░░▄▄▄▄░▐█▌ ████▄▄███▄▀▀▀▀▀█▀█▄▄ ▄▄███████▀█████▀░█████▄▄ █████████░░▄█▄░░▐████████ █████████████████████████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | | | | . BET NOW . |
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13368
|
|
May 17, 2023, 03:00:26 PM |
|
I didn't look into this deeply, but my understanding is that it's opt-in. Do we know that people using Ledger are being put at significant additional risk just by upgrading their firmware, if they don't opt into any backup stuff?
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6139
Crypto Swap Exchange🈺
|
~snip~ May be someone can link us the topic. Sorry I am not good at searching forum stuffs.
The link to the board is in the OP, and the topic you are referring to is at the very top -> Reminder: do not keep your money in online accounts
I didn't look into this deeply, but my understanding is that it's opt-in. Do we know that people using Ledger are being put at significant additional risk just by upgrading their firmware, if they don't opt into any backup stuff?
Ledger claims that it is exactly so, but my opinion (as well as many others) is that this company can no longer be trusted - because what they do is the complete opposite of what every hardware wallet represents, which is that seed can never leave the device in such a way that it can be sent electronically, regardless of whether it is a voluntary consent or the possibility that someone inside the company or some hacker can use it. The risk definitely exists, even for those who decide to use this service, because regardless of the way to protect such sensitive information (seed), it is just an additional risk that is also paid $9.99 per month, and requires KYC. We can only guess what the possible implications are for those who will use the new firmware without this option, but I think that people should be warned about what is happening.
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
May 17, 2023, 06:30:11 PM |
|
I guess, it would be worthwhile to give an update in Important Announcements and link it below the forum menu as Important Announcement for Ledger Users. I don't think we need to have any ann in forum for that, everyone already knows what happened with ledger, and I was spreading truth about ledger for years I didn't look into this deeply, but my understanding is that it's opt-in. Do we know that people using Ledger are being put at significant additional risk just by upgrading their firmware, if they don't opt into any backup stuff?
Nobody knows what the heck is going on in that closed source black box, and they publicly admitted that encrypted shards will be sent to different companies (read partners) but people can choose to opt out. Problem is that we don't know how all this crap works, since everything is closed sourced, so we have to trust their hidden encryption, and people will have to perform some kind of KYC and send personal documents. They are also forcing firmware update that includes this ''feature'' so you can't escape this if you are using ledger nano X (for now). This is what ledger co-founder aka reddit moderator btchip said:
|
|
|
|
BitcoinGirl.Club
Legendary
Offline
Activity: 2954
Merit: 2783
Bitcoingirl 2 joined us 💓
|
|
May 17, 2023, 09:17:15 PM |
|
Thanks Lucius. [...] if you have a lot of crypto assets, is to use a hardware wallet such as Trezor or Ledger. https://bitcointalk.org/index.php?topic=5421039.0I would suggest theymos to edit the Ledger part. We don't want anything that is highly skeptical to trust. Not after what is happening right now surrounding the update from these scammers. I feel like they betrayed us all. We have no idea what they have in those close source codes. They can not be trusted anymore.
|
|
|
|
digaran
Copper Member
Hero Member
Offline
Activity: 1330
Merit: 899
🖤😏
|
|
May 17, 2023, 09:25:37 PM |
|
Wait what? isn't a hard wallet self custody one? I never used one but if a third party has any control over the funds or their safety, people should dump them into trashcan. KYC for bitcoin wallet? Seems they are moving towards Eth foundation mindset.
Never ever vouch for third party service providers, especially if they are involved with wallets!
|
🖤😏
|
|
|
examplens
Legendary
Offline
Activity: 3458
Merit: 3480
Crypto Swap Exchange
|
|
May 17, 2023, 10:08:35 PM |
|
They are also forcing firmware update that includes this ''feature'' so you can't escape this if you are using ledger nano X (for now).
This is what ledger co-founder aka reddit moderator btchip said:
Can we ever trust what people from Ledger say anymore? Only a few months ago, they claimed something completely different. Tweet by Ledger from 6 months ago: Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.
|
|
|
|
Husires
Legendary
Offline
Activity: 1596
Merit: 1288
|
|
May 18, 2023, 01:26:33 AM |
|
Wait what? isn't a hard wallet self custody one? I never used one but if a third party has any control over the funds or their safety, people should dump them into trashcan. KYC for bitcoin wallet? Seems they are moving towards Eth foundation mindset.
There are many who think of bitcoin as an investment and are afraid even to keep the seeds, they think it is a big risk and therefore the idea of having a third party that enables you to get your money back will be attractive to many of these beginners. It seems that most of the buyers of this HW are from these people, unfortunately the market is what moves these companies and not what you want. KYC for bitcoin wallet? Seems they are moving towards Eth foundation mindset.
Ledger Recovery will contain a form of identity verification
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3486
Merit: 17618
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
May 18, 2023, 06:34:25 AM |
|
I didn't look into this deeply, but my understanding is that it's opt-in. Do we know that people using Ledger are being put at significant additional risk just by upgrading their firmware, if they don't opt into any backup stuff? I hadn't seen this before, and it makes me wondering: if Bob would get their hands on Alice's Ledger, would it be possible to upgrade the firmware and upload it online? I always thought the whole point of a hardware wallet is to make it impossible for private keys to touch the internet, but now it's starting to look like an expensive hot wallet.
|
| | Peach BTC bitcoin | │ | Buy and Sell Bitcoin P2P | │ | . .
▄▄███████▄▄ ▄██████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ▀▀███████▀▀
▀▀▀▀███████▀▀▀▀ | | EUROPE | AFRICA LATIN AMERICA | | | ▄▀▀▀ █ █ █ █ █ █ █ █ █ █ █ ▀▄▄▄ |
███████▄█ ███████▀ ██▄▄▄▄▄░▄▄▄▄▄ █████████████▀ ▐███████████▌ ▐███████████▌ █████████████▄ ██████████████ ███▀███▀▀███▀ | . Download on the App Store | ▀▀▀▄ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▀ | ▄▀▀▀ █ █ █ █ █ █ █ █ █ █ █ ▀▄▄▄ |
▄██▄ ██████▄ █████████▄ ████████████▄ ███████████████ ████████████▀ █████████▀ ██████▀ ▀██▀ | . GET IT ON Google Play | ▀▀▀▄ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▀ |
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7359
Top Crypto Casino
|
|
May 18, 2023, 09:02:02 AM |
|
I didn't look into this deeply, but my understanding is that it's opt-in. Do we know that people using Ledger are being put at significant additional risk just by upgrading their firmware, if they don't opt into any backup stuff?
A rouge insider might publish a signed malicious firmware and Ledger Live app that simply extracts the seeds from the Secure Chip and sends them to their private server. An even safer option, which you should definitely consider if you have a lot of crypto assets, is to use a hardware wallet such as Trezor or Ledger. I'm starting to regret having this published in the latest bulletin and would rather have the bolded part deleted entirely.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
I'm not going to rehash my statements from the main thread about this, as I've been pretty clear over there what a complete disaster this is and how Ledger have obviously been blatantly lying in the past. In my opinion no one should ever touch another Ledger device again. However, why are we singling out this even for an important announcement? Why no important announcement about Trezor's unfixable seed extraction vulnerability? Why no important announcement about Trezor/Wasabi's government sanctioned surveillance and censorship? Why no important announcement about Coinomi sending seed phrases to Google servers? What about Block's hardware wallet which is specifically built on this exact idea of sending your seed phrase to a bunch of third parties? And if people are so concerned about the fact your private keys can be extracted from the secure element in Ledger wallets, then what about all the hardware wallets which don't even have a secure element in the first place? They are just as risky. There are a plethora of critical vulnerabilities and horrible business decisions out there that we don't have announcements about. Why do we need an announcement about this one specifically?
|
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7359
Top Crypto Casino
|
|
May 18, 2023, 09:28:57 AM |
|
Why no important announcement about Trezor/Wasabi's government sanctioned surveillance and censorship?
I think we all know about the Wasabi debacle, but my goodness, Trezor is surveilling stuff too?
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
I think we all know about the Wasabi debacle, but my goodness, Trezor is surveilling stuff too? They have partnered with Wasabi and implemented Wasabi's permissioned and censored coinjoins directly in to Trezor suite.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13368
|
|
May 18, 2023, 11:57:49 PM |
|
It strikes me as very unlikely that anything related to this is going to cause widespread losses anytime soon, so I don't think that an Important Announcement is necessary. Tweet by Ledger from 6 months ago: Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element. I'm not as bothered by the whole idea of an opt-in centralized recovery thing as a lot of people seem to be, but this quote in particular is pretty damning because it shows that Ledger was/is either incompetent or lying. I edited Ledger out of my "do not keep your money in online accounts" post. I still want to recommend some hardware wallet which is fairly easy-to-use, so I left Trezor in, even if it may not be perfect.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6139
Crypto Swap Exchange🈺
|
|
May 19, 2023, 09:42:32 AM |
|
I'm not as bothered by the whole idea of an opt-in centralized recovery thing as a lot of people seem to be, but this quote in particular is pretty damning because it shows that Ledger was/is either incompetent or lying.
Unfortunately, they are both, there is no need to doubt that because their actions speak for themselves. Although it seems to me that there is something else, and that is the possibility that both companies that have positioned themselves as leading manufacturers of hardware devices suddenly make very strange decisions, possibly under someone's pressure. The US is waging its own battle against "cryptocurrencies", and it seems that the EU is not sitting idly by on this issue either.
|
|
|
|
|