;)

They actually all support it now, the Ledger Bitcoin app is very powerful

@ Oh, that’s great to hear! Thanks!

Sure is

This is true

It's really overpriced and doesn't seem to offer anything unique feature wise, so I have no plan for that at the moment

The app needs it for Bluetooth device discovery :( (As do all which offer the same functionality on Android)

Yea it's certainly a major consideration at this price tier. (And also a great reminder on how good of a job that Keystone has done for hitting the price point that they managed)

I would invest some coin

Well yea if price is the main concern then a $10 DIY Jade is the way to go

You actually don't need to trust their firmware not to leak stuff if you avoid running their software on your PC at all.

@@CryptoGuide I don't know. The device still has key extraction firmware and has to be connected to Ledger Live (which has tons of trackers) to be initially set up. Maybe that means Ledger only has one chance to identify you and snatch your keys, but that's one chance too many. I could never trust closed source firmware. And let's remember, Ledger lied to their users many times (they said "Your keys are always stored on your device and never leave it" while they were writing key extraction firmware). I'd love a fully open source device like this, but I could never trust this thing.

The point of applying a passphrase after you have done the initial setup in Ledger Live is that even if there was a way that they were accessing "undocumented features" in the firmware, they wouldn't have your actual keys. (There are also community written projects that replace the initial Ledger Live app install, but they are still in Alpha stage) To be fair, what Ledger marketing people were saying to their users would have been true when they wrote it. To be clear, I have a major issue with Ledger Recover generally and the fact that it was rolled out to existing hardware (rather than opt-in) but I think most of the drama was an over reaction. (Pushed by hardware manufacturers and influencers who made significant profits from it all) Having said all that, I still prefer Specter DIY overall ;)

@@CryptoGuide But the firmware isn't open, so how can you prove Ledger has no access to the passphrase or the keys for the passphrase wallet? Don't trust. Verify.

It's actually very similar to the way that the MCUs running in retail devices aren't open either, and that they may contain undocumented features which undermines the physical protection offered by the hardware platform. (Regardless of the firmware running on top) The thing is that even if such an exploit exists, you need companion software of the PC side to be able to make use of it and exfil the data. By only using Ledger Live for the initial setup and then adding a passphrase and never touching it again, you are are avoiding the mechanism that would need to be used to extract data from the device in the first place. (This is actually a more general principle that applies to all hardware, splitting up functionality like this is exactly how you remove trust and verify that each component is only doing what it should)

You *can* use an open source tool here: github.com/darosior/ledger_installer if you really want to (but it's still in alpha), but for most folk the simplest option is to just use Ledger Live to install all of the apps (running on a phone or something, or another PC), then enable a passphrase and use it with third party software like Sparrow, etc.

@CryptoGuide seems odd you can not replace seed without reset the whole device. What do you think?

That's the standard approach that most vendors have used and is probably the safest option for normal folk. (Who will generally only have one seed) The 1:1 relationship between seed and device has been fairly consistent up until fairly recently.

The good news is that unless you give your seed away to scammers, lose your recovery seed or enable a passphrase and lose that, it's actually difficult to mess things up in an unrecoverable way. (Accounts can't be destroyed) Is there something specific that you are unsure of?

This stuff is always floating around for every vendor and it's always the user leaking their seed to signing a malicious smart contract.

Sorry, capitalism doesn’t work like that

The thing is that you can actually use it trustlessly due to how they have designed their stack. (As opposed to something like Ellipal or Tangem) It's not for everyone, but there are plenty of non-open source companies (including coinkite) who make an important contribution to the space.

Oh I totally agree, but I'm not really the target market for Ledger ;)

That's only really possible if you are using the Ledger Recover service.

Do other wallet vendors comply with that also?

Any commercial vendor will ultimately comply with requests from law enforcement in their jurisdiction, is just what companies do, otherwise the cease to exist. That said, most vendors don't store partial private key material, so may only hand over things like your shipping/sales data and/or wallet information (if you use the vendor supplied wallet software and it logs stuff centrally)