Real Problem With Ledger Wallet

[bitmover]

The argument might have emancipated from my post, I think to provide clarity there is never any hot wallet been used as an hot wallet will ever be better than a cold wallet like hard ware wallet which categorically ledger falls into it. This is not the basis of my statement I am emphasizing on electrum wallet been used as a cold wallet which actually is by using an airgapped wallet, for me it’s the better option  only if set up well most especially if the option is against ledger wallet due to some cons as not so clear mode of recovery and also closed.

I wasn't specifically talking about your post, although I dont think it is not easy neither safe to try to setup an airgapped device.

[Meuserna]

You can't prove that Recovery doesn't allow internet access to your wallet even if you don't enable that feature.

It's closed source firmware.

A cold wallet is a device where the keys can't be reached over the internet. Ledger created an API to allow internet access to keys on a Ledger device, and they baked that API into their firmware. Even if you don't enable it, it's a danger to your wallet.

People are going to downplay that danger until it causes them to lose their coins. Then, those same people will be screaming from the rooftops about how they weren't warned about the dangers of hardware wallets having key extraction baked into the firmware.

This is a good critic and you are right. There is a risk.

However, I doubt you consider a hot wallet safer than ledger  

Why limit your options to those two, both of which are bad?

Trezor is open source. It's a much better option.

Blockstream Jade is open source and airgapped. It's a much better option.

My own favorites are Krux and ShieldSigner, both of which are fully open source, stateless and airgapped. ShieldSigner is a fork of SeedSigner that adds many powerful features (encrypted seed QR, smartcard support, etc).

Ledger is a terrible choice. I wouldn't recommend Ledger to anyone, ever.

Ledger Live is loaded with trackers. Ledger employees have been phished, causing them to reveal Ledger's closed source code to hackers. Ledger's management lied about many key features of Ledger devices, which forced them to scrub their own website to remove falsehoods. Ledger is a terrible company.

[satscraper]

@bitmover, I understand you love Ledger, I did too, right up until they revealed their ability to extract SEED online from the secure element.

Until that point, I trusted them completely. But once they cleared the air around their famous claim ^{that SEED never leaves SE} by introduced their recovery process, I immediately moved my stash to multisig wallet. I set it up as a 2‑of‑3 quorum with Ledger Nano S, Electrum, and Sparrow as cosigners.

Later on, I bought Passport Core and created new multisig setup, replacing Ledger with Passport Core.

Why am I saying this? Because you can do the same , i.e. set up multisig wallet with Ledger as just one of cosigners. That way, you get to have your cake and eat it too.

Never trust any hardware or software wallet completely.

Even if Ledger is honest in its commitments regarding SEED, hardware wallets ^{including Ledge} are still vulnerable to several types of attacks. Dark Skippy is one example, not to mention social engineering or supply‑chain risks. Truth to be said the vulnerability list for software wallets is generally much longer.

Sure, multisig isn’t worth the effort if you’re only storing a few hundred bucks, but I believe your stash is much higher than that.

[bitmover]

Why limit your options to those two, both of which are bad?

Because this is what this topic is about. 

If you read the op and the first posts, you will see that this is what users were saying. When i said that it is better to use ledger than a hot wallet  , people think that i "love ledger' or that I work for ledger. Wtf

@bitmover, I understand you love Ledger, I did too, right up until they revealed their ability to extract SEED online from the secure element.

I think you didnt read any of my posts or the OP.

[PrivacyG]

If you read the op and the first posts, you will see that this is what users were saying. When i said that it is better to use ledger than a hot wallet  , people think that i "love ledger' or that I work for ledger. Wtf

You keep accusing us of putting others at risk,

I am just correcting all the wrong information that you and other users are writing in this topic which is putting other users at risk.

How do you not put others at risk by telling them we are spreading misinformation and that a closed source physical wallet is safer than a hot wallet that can and should be open source?

[dkbit98]

Look at Lightning Goba now worry about ledger, but he never said anything about scam lightning wallet Alby he was recommending.  
This is nothing new about ledger, we knew all about that and I was warning people about ledger for years.
Back than many people call me crazy but they soon realized I was right about most things I said about ledger.
People who are still saying that ledger is safe sadly have very low IQ.
 

[NeuroticFish]

I think people are over reacting about ledger flaws, which exist. Specially about personal data leaks. And the ledger recovery feature.

If you do not turn on the ledger recovery, ledger is still a hardware wallet and way better than most wallets.

Trezor is the best hardware wallet, not doubt about it.

But if you have a ledger, you should use it until you buy a new hardware wallet.
It is safer than using other methods.

 lots of people  lost funds using hot wallets or airgapped methods. But nobody ever lost funds using a ledger wallet (only by user fault)

While you are pretty much correct, given the current status, you seem to miss the fact that "selective scamming" can happen at any time and it would take quite a lot of time and money lost if somebody pulls something like that.
Imho Ledger either has the tools for that, either it's too close to that for my liking.

So while Ledger is still 1000000x better than a hot wallet, being a little paranoid is - for many - part of being bitcoiner. And if that's the case, Ledger becomes a clear no-go, and I fully understand that, I hope you too.

[joniboini]

I also stopped using my Nano S and X for a while now, simply because I no longer "trust" that they won't make my life harder due to a mandatory upgrade or something similar. I guess I can still use it on offline devices or air-gapped devices, but that's probably not what people will do if they want to buy a HW. I'd also recommend other HW first instead of Ledger.