Ledger recover ist eine Wahl, wenn Sie sich nicht sicher fühlen, benutzen Sie es nicht.
- Dieses Thema hat 18 Antworten sowie 1 Teilnehmer und wurde zuletzt vor vor 1 Jahr, 3 Monaten von
aktualisiert.
-
Beiträge
-
-
Lassen Sie mich bei allem Respekt versuchen zu erklären, warum dies für mich keinen Sinn ergibt.
Stellen Sie sich ein Unternehmen vor, das einem erfolgreichen Automodell einen Knopf hinzufügt, der die Bremsen außer Betrieb setzt, und versucht, die Kunden davon zu überzeugen, dass dies eine gute Idee ist. Drücken Sie einfach nicht auf den Knopf, wenn Sie fahren, wenn es Ihnen nicht gefällt.
Vielleicht ist es nur Psychologie, aber ich kann nicht verstehen, wie Ledger die Anarchie nicht erkennt, die dadurch entsteht, dass dieser Code in die Firmware gezwungen wird, selbst wenn er nicht funktioniert. -
I dont like it for a few reasons.
1. it adds attack surface area to the device firmware.
2. Ledger force implemented this to all devices. there is a possibility they could release another firmware update that further compromises the firmware or worse yet, make it able to send seed phrase without device confirmation.
3. Ledger lied about being able to export the seed phrase, they can always lie again or even being lying now about it being optional.
4. we still haven’t seen the open source for this code. so we cant verify it is even optional.Ledger themselves said they could give the seed phrase to the Police if they request it. This makes me question how optional it actually is. I would feel a lot better if this just wasn’t in the firmware at all.
-
-
-
-
A wall is harder to get through than a door in real life. In the the digital world, you can use the same analogy here.
Now it could be possible for hackers to write malicious code to activate the recover feature to send the seed to their servers. Maybe it could need approval from a smart contract, who knows, but regardless the door has been created where once there was a wall.
-
-
-
-
Just use passphrase seriously.
Use the seedphrase pin for updating the ledger.
Close ledger live and use 3rd party app with passphrase pin and for added security measure don’t bind the passphrase to a pin and enter it again for transactions.
Seriously recover only works for the seed phrase not the sub layers created with passphrase
What I’m saying is don’t keep crypto you don’t plan to lose on the seed phrase address keep it on a passphrase.
Sure more risk of lost however you could safely store the passphrase on your phone heck even on the cloud.
So long as your seedphrase ain’t digital no one can steal your crypto without the seed phrase and the passphrase one is useless without the other
-
That’s not a good analogy.
Firstly, this is a computer chip. Full stop. It’s a computer chip like any other that runs firmware to conduct its operations. We all knew this from day one. It got firmware updates “closed source” from Ledger. We knew this as well from day one. We know you connect this computer chip to another computer with which it transmits and receives data.
It’s entirely unreasonable to expect that ledger, the company that pushes closed source firmware updates to this computer chip does not have the capability to have that firmware do what they want it to do. So there ALWAYS is an element of trust with Ledger that they won’t do something nefarious. It’s also unreasonable to expect it to have been impossible for the device to send data when it literally does that every single time you use it right before your eyes.
There’s an element of trust with literally every wallet, even those air gapped ones like cold card. Unless you yourself have complete visibility to manufacture, shipping and software, you have to trust others. With ledger, the proposition has always been that you trust them a bit more (via closed source) in exchange for a their security model and their more user friendly approach.
Being angry or surprised at recover directly contradicts this very basic and obvious fact of the product. If you feel that way then you simply didn’t understand what you were buying or understand the basic concept of how computers and software works. It’s naive to expect that it was literally impossible for the device to send data. It sends data as a matter of fact due to its very nature. What did you think was happening when you plugged this thing into your computer to validate transactions or receive firmware updates?
Now, if Ledger was nefarious here and looking to steal your money, would they have issued a press release promoting exactly how they were going to do it? No. They’d have just sent the firmware update and ran off with the money.
The proposition is the same as always. The key doesn’t leave your device ever without your explicit permission to do so. Nothing has changed but for the simple fact that instead of writing the words on a piece of paper, you can encrypt it electronically.
If you’re still flipping mad about it then go toss it in a toilet and stop complaining. Get another wallet. At this point the anger just seems like whining for the sake of whining.
-
-
-
-
Hey, I understand your concerns about the Ledger Recover feature. It’s important to note that Ledger Recover is an optional service and it’s entirely up to the user whether to activate it or not. The feature is designed to provide an additional layer of security for those who might not have a safe place to store their Secret Recovery Phrase or who want an extra backup option.
The analogy of a car with a button that stops the brakes isn’t entirely accurate. A more fitting comparison might be a car with an optional advanced braking system. You can choose to use it if you feel it enhances your safety, or you can stick with the standard brakes if you’re more comfortable with them.
The Ledger Recover code is part of the firmware, but it doesn’t run unless you choose to activate the service. It’s like having an app on your phone that you never open—it’s there, but it doesn’t affect your phone’s operation unless you use it.
If you have any more questions or concerns about Ledger Recover, I recommend checking out the Ledger Recover FAQs: [https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs](https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs)
-
As has been explained numerous times already, the ability to extract keys from the device existed in theory for every single firmware for every single Nano version. And the same is true for basically all hardware wallets. There is no such thing as a firmware without the possibility of extracting the private keys. The new firmware adds a “feature” that formally utilises that ability, but the ability has always been there. Refusing to update to the new firmware provides zero additional security because, if ledger wanted to steal your keys, they could have done it with any firmware version on any device. All it does is prevent you from getting security updates.
Now, be clear, this is not to defend Ledger from making it *seem* as if this wasn’t possible when it always was – but you must understand this always was a possibility. And, as I said, the same is true of pretty much all hardware wallets (maybe all but I allow the possibility of some clever innovation).
Now, with that in mind, you can understand why the argument “just don’t use it” is actually fine. Because the possibility of nefarious use *was always there* anyway. And it’s not even a case of “just use a different hardware wallet” because, as said (to my knowledge), nefarious firmware that can extract your keys and/or seed are possible on *all* hardware wallets. So the real question is: which company do you trust the most?
-
-
exactly, even if we dont OPT IN , the backdoor IS in the firmware … which even if we are trusting ledger , does not exclude that they wouldnt be forced to use it by a “government” mandate in the future, specially now that world seems to lean into a dystopian society
The backdoor SHOULDNT be there, period. For those too stupid or clueless to bank themselves, you can market a new device “Ledger X for dummies” with the new firmware … leave the rest of us in peace
ps: I am waiting for a few more months, without updating FW. If this is not reverted, I will migrate into safe compatible devices and Ledger will never see another penny for me (I have bought more than 10 devices from them)
-
Now imagine a car company that had a steering wheel with a physical linkage in it and sold you that car specifically because you don’t want one of the new fancy cars that don’t have physical steering linkages and only have steer by wire tech. Now imagine you took your car in for an oil change and they took out your steering linkage and they said tough shit, steer by wire is perfectly safe without a physical linkage…………………….
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.