Ich bin nicht auf dem Laufenden und muss etwas aufklären, bitte.

Those are two of the concerns. The further concerns has to do with ledger’s prior claims that the keys couldn’t leave the secure element. Many people feel that the „clarification“, „unless the firmware lets them,“ to be an admission that ledger has misled their customers for years.

So, people trust ledger a lot less, rightly or wrongly. The governmental attack surface of Recovery is only part of the story.

It can’t really be proven one way or the other definitively and that’s sort of the problem. Realistically will it be an issue? Probably not, but is it worth the risk? Especially with an entity that’s had some issues.

>Is any of it true or is it FUD?

I’m not saying you are doing anything but a critical mind would never dismiss anything as FUD. Heck one of the best ways of covering your bases is to actually steelman the other side (i.e. FUD).

>I was under the assumption that that is something one has to opt in for and pay in order for it to be activated.

You need to factor in historical context to understand why this caused a lot of drama. Ledger was historically marketed as a device where seeds and even private keys once generated, never get exposed to anyone, even apps.

In other words, people were made to believe that one of the main differentiators of Ledger is in the hardware implementation that makes it impossible for keys to leak, even if users, developers, hackers, malware, and even Ledger tries to.

People were led to believe this happens because of a special hardware component that basically stores those secrets in one place, and only exposes functions that derive and return values based on those secrets, but never those secrets themselves.

Apologists will deny this despite the tons of reddit threads and twitter posts out there clearly demonstrating the perception Ledger has tried to cultivate and capitalize on. Imagine, given all the comments and posts of their customers telling other users that it’s IMPOSSIBLE for keys to leave the hardware, why hasn’t Ledger or any of their apologists said a thing?

Apologists will also try to say nothing has changed security wise, in that that trust on Ledger was required regardless if the hardware was able to leak keys or not. In other words, in the old security model that people had in their minds, you still need to trust Ledger anyway that the hardware they are building is exactly how they described.

While that statement is true, the implication is misleading. The fallacy here is disregarding the fact that Ledger has already misled people on that regard (would you keep trusting someone that has clearly misled people?), and also ignoring the difference between the attack surface of an immutable hardware vs that of mutable software.

This is also not just a matter of Ledger and co eventually turning rogue, it is also a matter of competence. Fact of the matter is everyone is human, and Ledger and co is run by humans. Even if we ignore the deception Ledger has perpetrated, Ledger has also historically allowed private data of their customers to leak. Heck even them failing to deliver Ledger Stax on time is a testament to the fallibility of Ledger.

The only saving grace one might be able to argue for here is that Ledger has never had a successful hack/leak on their devices, but not only is that a useless metric (e.g. Oceangate had 100% successful dives until it didn’t), can anyone really validate that claim when everyone keeps dismissing it as an impossibility?

The fact that this is opt-in is immaterial. The simple idea that software can actually extract these keys if the device has been coded to do so is the main point here. People were made to believe before that this is impossible, but apparently it is not (nor was it ever) the case. Again, to some people this difference is important.

Apologists would invoke some kind of whataboutism and say no other hardware wallet out there does it differently anyway, or that it’s impossible to build such a hardware that doesn’t exposes seeds or private keys. The former is irrelevant because the main issue here is customers being sold a device that was described differently. The latter is just another fallacious statement. It’s theoretically possible, but probably practically impossible but that’s not the problem of the customers. If it was impossible (theoretically or practically), then why did Ledger describe it that way?

**That said, there are still other benefits to using a secure element (even if it can leak secrets), and Ledger still has the most integrations with the crypto networks out there. So Ledger still has its place in the market, but all of this revolves around you to keep trusting Ledger and co, past, present, and future.**

**You’ll have to make your own determination of whether you’ll keep trusting Ledger. If you do, you will not be judged, but make no mistake of dismissing the drama as overblown or FUD. Not only are the issues real and valid, you’ll also need to actually consider these things if you (and anyone out there) actually want to make that determination meaningful.**

Ledger can now smash your back door in at will.

Hello!

Ledger Recover by Coincover has not been launched yet, and when it does, it will be entirely optional and subscription-based.

Even if you subscribe to the future service, Ledger won’t know or have access to your Secret Recovery Phrase.
If you choose not to subscribe, you can go about using Ledger with the same level of security you’ve always expected from our products.

For more info, please see our FAQ: https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs?docs=true

How are we still on this topic and why aren’t people just searching for the hundreds of other posts asking the same exact question before posting?

[deleted]

The true problem: we were previously lead to believe that the secure element of the Ledger could not and would not ever release the private keys. That was not true, a firmware update from a future malicious Ledger company could exfiltrate keys.

Non issues / FUD:

1. Ledger hasn’t done anything to break trust or indicate keys are in danger. Ledger has precautions within ledger to prevent this.
2. Most but not all of Ledger’s code is open source. No hardware device without a secure chip can 100% open-source their code, and not having a secure chip introduces other vulnerabilities.
3. Ledger can’t expose account info to the government except possibly through Ledger Live (which was always true; don’t use LL if you are worried. LL is also open source.).
4. Ledger Recover doesn’t introduce any new possibilities for governments gaining info on accounts.
5. There are no known or suspected backdoors.
6. If you don’t update your devices to 2.2.1 or later, recover isn’t present.

It is FUD. But even if it was not, how do they know who is the owner of the wallet in the first place? Did you do a KYC with Ledger? I only have a Nano S Plus and I did not do a KYC with them, so how would they know my details apart from the balance (which is visible on the Blockchain anyway).

> I recently decided to browse this subreddit and been seeing a lot of “backdoor” or “will my seed/account be given the the irs” talk. Is any of it true or is it FUD?

It is FUD.
> I know about ledger recovery. I was under the assumption that that is something one has to opt in for and pay in order for it to be activated.

Correct.

> More so, isn’t it not live yet and going to be introduced later in Q4?

Correct.

The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any
website or software, even if it looks like it’s from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at

BE CAREFUL – phishing attacks in progress
byu/btchip inledgerwallet

If you’re experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues?
support=true). If you’re still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true).

*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*

[deleted]

[deleted]

Ll o o m