Apparently ledger pushed an update yesterday that adds a “feature” that encrypts and uploads your seed to third parties? lmao.
https://www.reddit.com/r/ledgerwallet/comments/13itm7u/is_there_a_backdoor_yes_or_no/
Before everyone loses their shit, how is this different than you _voluntarily_ just storing your seedphrase in cloud storage or using the backup only in multisig in lieu of Casa/unchained?
I guess it’s more of a honeypot than the other options but let’s not pretend there are no legitimate use cases for 3rd party key storage.
It helps adoption. Not everyone is as tech savvy as we are. This solves this. Same with wallets storing it on a cloud server. Definitely not the safest route. But some people only know how to keep on exchange which is even more sketch. I was against this till I read more. Pays to not assume .
With this update it's now possible for your private key to leave the device, whether you opt-in or not. The firmware is also closed source... this is beyond stupid for a hardware device.
You are correct. I think the concern with this one though is the idea that Ledger can retrieve your seed phrase with a firmware update. It isn't clear to me though that this is what Ledger is offering or capable of doing. I think folks are speculating some from the Q&A. This planned service from Ledger may be a thing where you provide your seed phrase in some manner voluntarily, maybe upon the seed phrase creation phase of setting up a device. I have heard it involves encrypted shards and multiple custodians. I am going to wait for more information.
