Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 2.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: LoyceV on January 28, 2024, 04:22:52 AM

I expect the profit margin for each new subscription to be near 100%. Storing a million seed phrases doesn't have to be more expensive than storing just 1.

Me too. Their partner companies that are storing one part of the seed each are surely getting a piece of the cake, though. But the service doesn't require any real investment on either Ledger or their partners' side for them not to profit immensely from each subscription.

Quote from: LoyceV on January 28, 2024, 04:22:52 AM

Quote

the Trezor T is too expensive for my statement to be correct.

Ledger can't sell those Wink

Holy crap, I guess my brain died for a second there. Well, the 1-year Ledger Recover subscription almost covers the cost of the Nano X as well.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Pmalek on January 28, 2024, 02:42:30 AM

Trick them into signing up for one year of Ledger Recover, and you made almost as much money as if they purchased two new hardware wallets.

I expect the profit margin for each new subscription to be near 100%. Storing a million seed phrases doesn't have to be more expensive than storing just 1.

Quote

the Trezor T is too expensive for my statement to be correct.

Ledger can't sell those Wink

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: LoyceV on January 27, 2024, 09:04:42 AM

I'm thinking they would have added "support" for it if they could. Of course they'd love to sell more new hardware wallets, but selling $10 per month subscriptions to more (gullible) exising users is a big money maker.

Trick them into signing up for one year of Ledger Recover, and you made almost as much money as if they purchased two new hardware wallets. That's true only for the Nano S and Nano S Plus, the Trezor T is too expensive for my statement to be correct.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Pmalek on January 27, 2024, 08:37:29 AM

Ledger, sure as hell, isn't going to be honest about it

I'm thinking they would have added "support" for it if they could. Of course they'd love to sell more new hardware wallets, but selling $10 per month subscriptions to more (gullible) exising users is a big money maker.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: LoyceV on January 27, 2024, 04:11:14 AM

Could it be the Ledger Nano S actually does what they promised back then? That would mean it's impossible for them to update the firmware to get your seed phrase out, because the hardware doesn't allow it. Maybe I'm too optimistic here, but it could be they were still trying to make a honest product back then, instead of going for maximum profit through subscriptions.

Perhaps, but who knows!? Ledger, sure as hell, isn't going to be honest about it, unless they admit it by mistake. It could be related to hardware and memory limitations with the old Nano S. Something similar to why the old Trezor One still doesn't and can't support Monero after all these years. I guess there isn't enough RAM available on that granddad of a HW to carry out the needed operations. If I remember an old discussion I read somewhere correctly, Monero's privacy scripts and cryptography requires too much memory.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Pmalek on May 28, 2023, 02:22:05 AM

No, not the Ledger Nano S. They aren't selling this model anymore and will eventually drop support for it. The Ledger Nano S Plus will have support for Ledger Recover. So far they haven't mentioned anything about the Ledger Stax.

Could it be the Ledger Nano S actually does what they promised back then? That would mean it's impossible for them to update the firmware to get your seed phrase out, because the hardware doesn't allow it. Maybe I'm too optimistic here, but it could be they were still trying to make a honest product back then, instead of going for maximum profit through subscriptions.

tabas

hero member

Activity: 3024

Merit: 745

Top Crypto Casino

Quote from: joker_josue on January 26, 2024, 02:33:48 PM

So I give you a good suggestion:
DO NOT FOLLOW THE STEPS YOU FIND ON THIS PAGE - https://support.ledger.com/hc/en-us/articles/4445777839901-Update-Ledger-Nano-S-Plus-firmware

If you only use BTC, do not count the wallet to Ledger Wallet. Use Electrum, for example.
If you had a problem and had to restart everything... well, you'll have to choose whether you want to continue using Ledger with these new conditions or not. Roll Eyes

Yeah, I wouldn't be updating my firmware with what they've said and I haven't opened it for years actually. I'm already contemplating on another hardware that has a better feature and doesn't have this updates that go against the purpose of having an HW.

Quote from: Meuserna on January 26, 2024, 10:44:27 PM

The comments would be even more negative if Ledger hadn't already shadowbanned tons of users who complained about their seed extraction firmware.

I was a long time Ledger user, but once they announced that nonsense, I moved my Bitcoin to a new seed & switched to a different hardware wallet. You couldn't even pay me to use a Ledger anymore.

Oh, so there has been shadowbanned comments there and they just can't do that to most of the redditors since they're a lot.

Quote from: Meuserna on January 26, 2024, 10:44:27 PM

A lot of people are going to stick with Ledger because they haven't seen Ledger's Recover & seed extraction scheme get hacked yet, so it much not be anything to worry about. They're missing the bigger picture. It's not about coins being safe today or even this year. It's about staying safe for years to come. When something goes wrong, it's going to be uuuuuuuugly. And by the time anybody realizes Ledger's Recover was hacked, it'll be too late. I assume hackers will gather as many keys as possible before they start draining wallets in order to prevent Ledger from realizing they've been hacked.

I agree, I've trusted them for years but it all came downhill when they've introduced this ledger recovery and have forced the updates through their firmware for which many have believed to be safe before this thing has came. I feel bad for those folks that are trusting them with this feature. Undecided

Meuserna

full member

Activity: 128

Merit: 190

Quote from: tabas on January 26, 2024, 10:10:46 AM

A not so exciting and discouraging update from them for the Nano S Plus users. This is anticipated that it shall come as they've said that it's not just going to be with the Nano X users but also soon to come with the S plus users and that time has come. I've just seen it posted on their sub-reddit[1] 18 days ago.
[1] Ledger Recover access is now rolling out to Ledger Nano S Plus users!
Reading the comments on that update is amusing on how many dislike and aware of what Ledger is doing.

The comments would be even more negative if Ledger hadn't already shadowbanned tons of users who complained about their seed extraction firmware.

I was a long time Ledger user, but once they announced that nonsense, I moved my Bitcoin to a new seed & switched to a different hardware wallet. You couldn't even pay me to use a Ledger anymore.

A lot of people are going to stick with Ledger because they haven't seen Ledger's Recover & seed extraction scheme get hacked yet, so it much not be anything to worry about. They're missing the bigger picture. It's not about coins being safe today or even this year. It's about staying safe for years to come. When something goes wrong, it's going to be uuuuuuuugly. And by the time anybody realizes Ledger's Recover was hacked, it'll be too late. I assume hackers will gather as many keys as possible before they start draining wallets in order to prevent Ledger from realizing they've been hacked.

joker_josue

legendary

Activity: 1722

Merit: 4711

**In BTC since 2013**

Quote from: tabas on January 26, 2024, 10:10:46 AM

A not so exciting and discouraging update from them for the Nano S Plus users. This is anticipated that it shall come as they've said that it's not just going to be with the Nano X users but also soon to come with the S plus users and that time has come. I've just seen it posted on their sub-reddit[1] 18 days ago.
[1] Ledger Recover access is now rolling out to Ledger Nano S Plus users!
Reading the comments on that update is amusing on how many dislike and aware of what Ledger is doing.

So I give you a good suggestion:
DO NOT FOLLOW THE STEPS YOU FIND ON THIS PAGE - https://support.ledger.com/hc/en-us/articles/4445777839901-Update-Ledger-Nano-S-Plus-firmware

If you only use BTC, do not count the wallet to Ledger Wallet. Use Electrum, for example.
If you had a problem and had to restart everything... well, you'll have to choose whether you want to continue using Ledger with these new conditions or not. Roll Eyes

tabas

hero member

Activity: 3024

Merit: 745

Top Crypto Casino

A not so exciting and discouraging update from them for the Nano S Plus users. This is anticipated that it shall come as they've said that it's not just going to be with the Nano X users but also soon to come with the S plus users and that time has come. I've just seen it posted on their sub-reddit[1] 18 days ago.
[1] Ledger Recover access is now rolling out to Ledger Nano S Plus users!
Reading the comments on that update is amusing on how many dislike and aware of what Ledger is doing.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: m2017 on January 12, 2024, 08:30:18 AM

1 - how completely did the author remove all trackers and other unnecessary things for an adequate user from this application?

He couldn't remove all tracking code because the software breaks and becomes useless if he does. He removed a great deal of it, but there is still tracking software in the code that becomes active for certain actions you perform.

Quote from: m2017 on January 12, 2024, 08:30:18 AM

2 - how much can you trust this (or another) author and has he added anything unnecessary to the code?

Someone who knows how to read code would have to go through each line, checking what it does. And I don't see anyone doing that thoroughly for free. Otherwise, it's a matter of trust. You can either trust Ledger, their code, and their indentations or everything rektbuildr made.

m2017

legendary

Activity: 1792

Merit: 1296

Crypto Casino and Sportsbook

Quote from: RickDeckard on January 11, 2024, 04:55:06 PM

I know that this is a case of "stop beating the dead cat" but this really has to have more light shed on it: As soon as you connect to Ledger Live, every stroke you make is being tracked[1] by Ledger (and probably being analyzed and categorized in order to make something with that data). The leaked X/Twitter thread is also a joy to read[2].

Indeed, this is exactly what "stop beating the dead cat" looks like.

When there are dozens of HW device manufacturers on the hardware wallet market, supporters must certainly bother with assemblies of unknown persons in order to be able to use Ledger Live from a company that steals data about your every action, loses personal and other confidential data, and imposes very dubious services. Let’s not forget about the recent story of the contents of ledger live wallets being hacked due to a vulnerability created by a former employee of the company. You have to be a true masochist to continue using their products thanks to third-party ~~crutches~~ codes written by unknown programmers.

What other unpleasant incident would have to happen to ledger owners (or must happen to you) to convince you that you should not use any ledger products? Even with the help of solutions like these proposed by you.

Quote from: RickDeckard on January 11, 2024, 04:55:06 PM

The same user also managed to erase the trackers and compiled a usable build - You can check it out here[3]. Like always, treat it with a grain of salt and do your own due diligence if you intend to test the build out. I'm not sure how he's able to "allow fully anonymous ledger HW setup and updates" but if the application achieves all of the proclaimed goals then it is the single best piece of software that Ledger will never make.

And this application will become “open source” (which their community has long dreamed of), since ledger was reproached for keeping the code closed?

2 important points:
1 - how completely did the author remove all trackers and other unnecessary things for an adequate user from this application?
2 - how much can you trust this (or another) author and has he added anything unnecessary to the code?

joker_josue

legendary

Activity: 1722

Merit: 4711

**In BTC since 2013**

Quote from: RickDeckard on January 11, 2024, 04:55:06 PM

The same user also managed to erase the trackers and compiled a usable build - You can check it out here[3]. Like always, treat it with a grain of salt and do your own due diligence if you intend to test the build out. I'm not sure how he's able to "allow fully anonymous ledger HW setup and updates" but if the application achieves all of the proclaimed goals then it is the single best piece of software that Ledger will never make.

Have you already tested this application?
This idea is interesting, of having a third party program obtain the updates. But, I see two points that need to be taken into account: trust (you have to trust the author of this program) and update (if the updates come from Ledger, the problem remains because it comes with the new features they include) .

RickDeckard

legendary

Activity: 1148

Merit: 3117

I know that this is a case of "stop beating the dead cat" but this really has to have more light shed on it: As soon as you connect to Ledger Live, every stroke you make is being tracked[1] by Ledger (and probably being analyzed and categorized in order to make something with that data). The leaked X/Twitter thread is also a joy to read[2].

The same user also managed to erase the trackers and compiled a usable build - You can check it out here[3]. Like always, treat it with a grain of salt and do your own due diligence if you intend to test the build out. I'm not sure how he's able to "allow fully anonymous ledger HW setup and updates" but if the application achieves all of the proclaimed goals then it is the single best piece of software that Ledger will never make.

[1]https://crypto.bi/forum/threads/ledger-live-data-collection-is-more-than-a-little-concerning.5/#post-13
[2]https://nitter.net/rektbuildr/status/1732542258698694875
[3]https://github.com/rektbuildr/lecce-libre

HeRetiK

legendary

Activity: 3122

Merit: 2178

Playgram - The Telegram Casino

Quote from: jerry0 on November 30, 2023, 09:08:16 PM

If you don't plan to use ledger recovery, just ignore it right?

Ledger can use (or be cooerced to use) this backdoor regardless of whether you plan on using Ledger Recover or not, so ignore at your own peril.

Quote from: jerry0 on November 30, 2023, 09:08:16 PM

I got to wonder what percentage of people use this here on this forum? Got to be 5% or less? But for other people, probably 20% or higher?

20% seems a bit high for a paid subscription that for most users will do nothing, but who knows? I doubt Ledger will ever publish numbers on that though, unless they go for an IPO at one point.

Volgastallion

sr. member

Activity: 616

Merit: 314

CONTEST ORGANIZER

Quote from: LoyceV on November 30, 2023, 05:21:43 AM

Quote from: cygan on November 30, 2023, 05:07:02 AM

this is of course a fake/fraud

So someone managed to turn the word 2FA into an attack vector. And there will always be people falling for it.

Yes and also, the main problem it can be when someone is not alert of the leak, for example it pass 5 years so you think that stops, but someone with the leaked directions send a mail, and one people can get scamed easily.

Is a very serious threat, but i allways repeat the same, never enter any info.

jerry0

full member

Activity: 1750

Merit: 186

If you don't plan to use ledger recovery, just ignore it right?

I got to wonder what percentage of people use this here on this forum? Got to be 5% or less? But for other people, probably 20% or higher?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: cygan on November 30, 2023, 05:07:02 AM

this is of course a fake/fraud

So someone managed to turn the word 2FA into an attack vector. And there will always be people falling for it.

cygan

legendary

Activity: 3304

Merit: 8633

Crypto Swap Exchange

i'm putting the message in this thread now, because at the moment this is the most frequented one regarding Ledger.
at the moment, more and more fake e-mails are being sent again, pretending to be a request from Ledger to activate 2fa

this is of course a fake/fraud - do not click on any of the available links and delete this mail immediately!

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: joker_josue on November 05, 2023, 07:22:08 AM

But here comes another hardware issue. You cannot directly browse the addresses it has on the hardware. You always need software to validate.

At least, in the test I did today, if I simply connect the Ledger to the PC, without opening any software, using just the Ledger display, I cannot see any address.

It depends on the hardware wallet. Ledger and Trezor don't have such options, but airgapped devices, such as the Coldcard or Seedsigner, have functionalities that allow you to see a series of BTC addresses on the HW's screen. Regardless if they do, you don't need it. You should first compare the address you are sending to with the original source. Once the transaction is ready and before signing and broadcasting, you check each detail on the hardware wallet screen. It's like a second-factor-authentication. Confirm the transaction only if everything matches.

Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 2. (Read 4819 times)