It won't if it works the same way transaction broadcasting works. You need physical confirmation to broadcast a transaction, and Ledger has said you will also have to physically allow the sharing of the shards. Whether or not that is true is another topic of discussion.
But it's black box firmware software of Ledger for the MCU that controls user interaction with the hardware buttons. It's Ledger's software, the MCU proxies the button presses to the firmware software that runs on the Secure Element and which does most of "Ledger's magic".
Trezor's open-source code means very little to me because I can't go through it and I don't understand what it does. I still have to trust Trezor and everyone that has verified the code that it's bulletproof and can't be abused. That's the trust part.
If it's public there likely will be experts who have more knowledge to inspect and judge the code. And security concerns are probably a good motivation to look closer. Yes, if you can't do it yourself, you have to trust others. But still I prefer the code to be public, otherwise there's no chance to look closer.
Let's say that Ledger has two options: A. Their profit will increase slightly if they keep their current crypto enthusiast customers happy and B. Their profit will dramatically increase if they lose some of their customers but attract a lot of new customers who will pay them $9 every month.
Ledger is a business, a corporative company, right? And it's clear to see that this company wasn't founded by a crypto enthusiast but by a person who is a businessman and wants money. They go with option B.
Einstein once said: Two things are infinite: the universe and human stupidity.
However, reading the comments of some people under the video I linked, it is incredible how many people believe in the nonsense that people from Ledger are talking about. Einstein was definitely right.
Yes, and it's said that Einstein added: "... and I'm not so sure about the universe."
In my opinion Ledger Paris can basically only do one thing right and that's marketing bs. They suck at everything else, including value their customers. Strangely, it seems to me that Ledger appears kind of synonym to hardware wallet. Look at the topic
Show off your hardware wallet, yes I know it's not representative, only 4 of 19 don't show Ledger hardware crap.
You decide if you want to switch the feature on or off, but Ledger brings it to you no matter what. Imagine a self destruct button in your car, where, if you press it, the car explodes. I am not going to press it, but I am not comfortable having it there at all. Ledger has already decided to add that button.
And to my knowledge the hardware buttons of a Ledger Nono are completely software controlled. The buttons are not directly wired to the Secure Element where most of Ledger's firmware magic happens. The MCU controls the display and the buttons and proxies user interactions to the Secure Element. It's the firmware that decides what to do when you press a Ledger button. As the firmware is a black box what exactly prevents Ledger to not need your button press? ... Exactly: nothing! It's their secret
sauce code...
For Ledger's shard, yes. But your KYC data will also be stored with the other two third party companies as well, in order for them to release their shard if needed:
Ledger Recover uses your ID and a selfie to verify who you are, via its Identity Verification provider, Onfido. Then, it links your identity to encrypted fragments of your Secret Recovery phrase. The identity providers store this ID data in an encrypted form.
So there will be three companies holding your KYC data, duplicated across an unknown number of servers in an unknown number of locations with unknown security protocols and an unknown number of people with digital or physical access. Just like every other KYC, it will only be a matter of time before your information is leaked/hacked/shared/sold.
Your data is safu, they say. They'll surely send you through support desk hell, if you need to request your shards. What if you loose your ID (hey, your new ID has a different S/N...)? What if your face changed after years or some illness? What about live video deep fakes? All is fine, they say.
Bullshit, I say!
Seems Ledger users are going from one very insecure device to a slightly less insecure device.
Remember what Einstein said?!