Just for discussion purposes: How do you make sure the particular download is the legitimate one? The link can be hijacked and give you a fake one at any particular time. It may be OK with famous software, but imagine a world even with tiny things being fully open sourced. How can you tell a particular thing is fully verified by an anonymous internet buddy before you can trust it? How long are you going to wait?
Discussion
I mean I’ve gotten really good at identifying fake/malware downloads over my 12 years of pirating so you could ask the same thing about closed source software what’s your point here? I probably wouldn’t have trusted Bitcoin in 2009-2014 because I couldn’t verify it or understand it fully due to my limited knowledge of coding. I know my Bitcoin is real today based on like I said hundreds of thousands of third party audits that aren’t just “random people on the internet” but real people with reputations out there as well as the chain I am using. It would be pretty easy to identify if my Bitcoin was fake.
Yes it can happen to company for sure. My point is there is always trust. You choose open source because you trust a bigger scale of people to verify for you which is totally reasonable.
There are differences between what hardware wallet does and what security chip does to a hardware wallet. You of course can have fully open sourced hardware wallet that’s nothing wrong with it but be aware you do not have security protection against physical hack. Security can not be open sourced, I don’t know how to properly explain it, may be it is like the lock to your home that you will never open source your key pattern to people on the street. But you know even if the lock manufacturer had a copy of the key pattern they never know where you home is (if you bought with cash at store for example).