I think all recommendations from this company should be ignored and everything should be done in the opposite direction. I completely agree with you that you should never carry a hardware wallet with you everywhere you go. Not only could this draw attention to you as the owner of a crypto, but you could also easily lose (or be robbed) the device. You should only carry apps for crypto on your phone, along with a small amount of crpto (which you're willing to spend or lose).
Also, I think it's a stupid idea to take photos of a hardware wallets with your pets (as in this tweet).
Next, ledger will ask you to take photos of the hardware wallet with your wife, relatives, and finally, with you?
By the way, a photo of your hardware wallet with your pet can indirectly de-anonymize you (attract unnecessary attention, possibly leading to a subsequent visit from "
guests") if neighbors or strangers recognize your dog in the photo.
Never advertise your hardware wallet on social media, no matter how small the amount inside.
Every. Word. Of. This.
Ledger is the epitome of worst practices. They lie to their users and potential customers. They encourage putting their users in dangerous situations in order to make their brand part of pop culture. They use closed source code that can't be verified or even proven to be safe. They send their CEO out to do interviews even though he isn't educated enough about the underlying code (or principles of self custody!!!) to handle the interview.
"You now have an API in your firmware to extract seeds."
-- Rodolfo Novak
"If, for you, your privacy is of the utmost importance, please do not use that product, for sure."
-- Ledger CEO Pascal Gauthier
That statement is unbelievable. And he said it on camera!
Here's a link.And let's not forget that Ledger's Donjon hacks competitor's wallets to publish flaws, but Ledger pays bounties with nondisclosure agreements to hackers, so Ledger can crow about anybody else's bugs while lying to say they don't get hacked:
In this post, Im going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledgers use of a custom architecture to work around many of the limitations of their Secure Element.
An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.
I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledgers CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.
SOURCE: Saleem Rashid
https://saleemrashid.com/2018/03/20/breaking-ledger-security-modelLedger is, and has always been, trash.
Ledger has been phished.
Ledger said an employee was phished, but under scrutiny, they changed their story, admitting it was a former employee who got phished.
Why did an ex-employee still have access to the codebase? Ledger won't say. How many former Ledger employees still have access to their codebase? Ledger won't say, not that we could trust any answer they'd give. Do they even know?
Ledger is, and has always been, trash. But they use pop culture tactics to market their hardware.
Oh, and did I mention that Ledger Live tracks everything you do and the coins you have:
"Ledger Live is phoning out data on assets you hold in your hardware wallet the moment you access Ledger Live. Its also sending out tons of other information about your computer and device."
The app apparently transmits data to an external endpoint at https://api.segment.io/v1/t, identified as an outsourced data collection service.
SOURCE:
https://bitcoinnews.com/ledger-live-app-accused-of-collecting-user-data/I hate that companies like Ledger fool people into putting their coins at risk.
Ledger cannot be trusted.
