Hi, I’m interested about crypto for quite long time but I have never a chance to obtain my own crypto. Before I obtained my first larger amount of crypto I bought Ledger Nano S Plus few months ago and I think that I regret my decision because I don’t think that I’m planning to hold my crypto on it anymore. Reason is Ledger Recover subscription option in Ledger Live which allow Ledger to hold your secret passphrase for more ‘security’. Obviously is direly dangerous backdoor allowing Ledger to take control over your crypto assets through their software. We never don’t know what’s hiding behind binaries from their website and even if it’s open-source I don’t think that I’m able to compile it easily on my own which should be default way for installing such software. Also if it’s open software why we don’t have any forks of Ledger Live without this shit and it’s not available in any Linux repositories or for mobile version on something else than Google Play? I don’t want to make my funds or device dependent on any company, this is not why I’m buying crypto.
My current plan for holding crypto is using Tails with my wallet information on papers in safety place. If I’m using Ledger I also need to keep my secret passphrase so it’s don’t changing anything in terms of security expect for fact that some company will not be able to steal my money.
For people who don’t care about their freedom and focus on trading/spending crypto it still might be good choice, definitely better than hot wallet or cold wallet on mobile phone.
You must log in or register to comment.
Removed by mod
If you are Bitcoin only I recommend building a SeedSigner from scratch and using Nunchuk as the interface for the wallet. They’re both open source and have been thoroughly vetted. Don’t keep your entire stack on Tails on a Hot wallet as there could be a point to where you can accidentally catch something on said instance of Tails and have your funds taken. (Highly improbable, but the risk is still there)
As for the Ledger recover stuff, I personally have vetted it and checked a couple of things to see if it’s truly something to worry about. So from how it works is that it creates shards that require approval from your hardware wallet that only is in effect if you build said sharding and export. Then it will send your shards through E2EE methods to said partners of which they can’t reconstruct your key without needing the core to unlock your wallet. Of which you must approve through ledger recover on either their app or custodial service. They cannot remotely break your keys into shards without permission since it requires the secure element to activate and have your manually approve it for it go through. With all that said it is wise to use multiple hardware wallet vendors to minimize risk when you’re storing your keys. You could always go for air gapped solutions if you want to use hardware wallets without the keys being stored on them.
@zimno maybe you should try to use Trezor hw wallet?
I don’t trust hardware wallets anymore, also I don’t want to waste my money on it.
