@Ledger_Support What stops you from pushing a firmware update that sends my seed to you? What if you are ordered to do so by the government? A secure wallet would never have allowed for an update like this; you revealed your firmware signing key is an inherent backdoor to my ledger.
@Ledger_Support I am not saying this update gives you access to the seed; instead, it revealed that one of the principles of your product is false in that there are ways to get the seed off of the device. The prior understanding was that any firmware in the secure element was non-upgradable.
@adietrichs When Ledger said that the seed could not be removed, many people, myself included, assumed that any firmware in the secure element was non-upgradable. This update provided evidence that was not the case. The reaction is not overblown.
@Ledger_Support @tezconnoisseur I was under the understanding that after creation, the secure element held the seed, and the firmware could only be used to interact with the secure element to perform cryptographic operations. The fact that you can export the seed at all is a big red flag.
@Ledger_Support @tezconnoisseur But the fact remains that you can at any time write firmware to take our seed, no? The seed is not stored in a secure element separate from the firmware like most purchasers believed.