Topic: Ledger Open Source Fakery?! (Read 166 times)

Good name for their license, maybe you can add suggestion on their github page 

They don't care about rebranding and doing extra work, just add few open source labels, fire co-found BTChip, pay for new marketing campaign, and hope people have bird brain and short memory. 
In case they decide to rebrand, I have few good suggestions. for example Leaker, Looser, LeRip, Liar, etc.

 I am sure they know how Coldcard played stupid and did something similar when they went opposite direction and changed their license.
They also made false open source advertisement for their CC+MIT license, and everyone knows about that.
I also have doubt about new ''open source'' Safepal X1, but let's wait and see what first reviews say.

Wow, what a shame on Ledger for trying to cheat their way back into a trusting relationship with the consumer by this sad excuse for an open source code effort. I can't believe them.

I don't like Ledger and have never purchased any of their products before, I was just sharing others' views which unfortunately are wrong but that's the market.
I agree with you and I hope people understand that, but do not expect people to stop buying them for the reasons I explained.

They're already lying about what it means to BE open source, so that ship has sailed.  Maybe if Pascal wears nine or ten rings for his next interview instead of eight it'll make people believe him.

Ledger is dirty.  If you choose to trust them, that's your choice, but I'd encourage you to think long term.

I understand what you are saying, but the direction of the market is determined by demand. Unfortunately, we have a new era of people who buy Bitcoin, which is different from those who bought it from the year 2010 to 2015. These people believe that Bitcoin is an investment, and they like the idea that their money is safe and that there is someone who will keep it in an encrypted and safe way, even if the seeds are lost. And do not forget that natural problems such as earthquakes and floods, in addition to hackers and the laziness of many in learning more about Bitcoin and multiple signatures, all of these people still trust Ledger and, on the contrary, love their new service.

A simple example of this: I know many people who keep thousands of dollars in Binance account and/or USDT they are afraid to withdraw them to the wallets because they want to invest and are afraid of losing money.


Ledger lost a share of the market and gained another share, and if it wants to gain the share it lost, it will be by renaming the product.

If the code is open source, well reviewed, price is low and true airgapped, then in the end you will not trust them, but rather trust someone who reviewed the code or you review it yourself.

This.

I'm a former Ledger user.  There's nothing they can do to win me back.  They added key extraction firmware to their hardware wallets, after swearing for years there was no way to extract keys from a Ledger wallet.  That's a huge lie.  How can I ever trust them again?

I'm actually shocked by how nobody is talking about the bigger issue with Ledger's lies.

Look at the DATES.

How long do you think it took Ledger to come up with a plan to extract seeds from users wallets and then write the code to do it?  No, really.  I'm asking.  Think about how complicated an undertaking like that is.  The code.  The partner companies.  The testing.  How long do you think it took?  Surely lawyers were involved among all three companies, which means there's a paper trail with signatures and dates.

I'd love to see the dates on those documents compared to the dates on posts online by Ledger about how keys on their hardware wallet cannot be extracted.

I'm shocked nobody has launched a class action lawsuit against Ledger.  All they'd need to is compare the dates on those contracts to Ledger's own words with timestamps, not to mention Ledger's marketing.

"Your keys are always stored on your device and never leave it"
May 14th, 2023

Ledger Recover had to have been in the works since at least 2022, but probably earlier than that, so quotes like the above are game over if they get sued since they were writing key extraction firmware and signing contracts with companies to store users' keys long before May 14th 2023.

These are quotes from Ledger's website as of May 2023:

"Private data, such as your private keys will be protected and never leave the device due to the combination of BOLOS and the Secure Element."

"The secret keys or seed are never exposed to the BLE stack and never, ever leave the Secure Element."

That's what they were saying, but what were they doing?  They were writing key extraction firmware for those devices and they were negotiating contracts with companies to store users' keys.


A new brand would be tainted by Ledger's reputation the moment they got outed as being Ledger.  Ad they would surely be outed, because the new company would be owned by the same people who put greed above the product.

I assume Ledger will manage to survive.  They'll find a way to stay profitable, but their reputation among people who understand how important security is...  well...  that's gone.

Their service has been linked to ledger Recovery and KYC, so trying to make the code open source (even if it is real) will not help in bringing back the user base who thought about purchasing another hardware wallet. Perhaps renaming the brand and starting over with another design and modifications in the code with a complete separation from ledger would be a good start but otherwise KYC is an irreversible one way road.

So, their newly invented "open source" license is called "Source Code Accessibility License" (SCAL)? It looks more like "Source Code Accessibility Misconduct", or better known as SCAM. 

We didn't have to wait a long time to see new shenanigans coming from ledger factory, now they released their new fake ''open source'' roadmap, but is it really open source?
Lets' check it out together.

This is their new license for ledger secure OS on github, and it is clearly saying Source Code Accessibility License:
https://github.com/LedgerHQ/ledger-secure-os/blob/main/LICENSE.md

So they basically invented their own license and just added ''open source'' label sticker on it.

This was posted on X twitter by one of their founders/owners Charles Guillemet, and people are already criticizing this fake advertisement:


https://twitter.com/P3b7_/status/1705188553225887838

Ledger is not open source!
Ledger Recover is not open source!