Hearing this Ledger news makes me chuckle a little, because I have maintained a distrust of vendors hawking “HSMs fix security” consistently.

BDFL of Quilibrium, Eng @ Farcaster, ex-Coinbase, always opinionated, never hydrated

/quilibrium

I think the thing that’s ruffled so many feathers about it is that people felt like there was an implicit contract that Ledger couldn’t export your key and this update gives the device the ability, which is a double-whammy of “actually, they always could” & “just trust that we won’t do it unless you ask”

yeah, latter bit is by far the worse IMO. big difference between "if I install untrusted firmware, I'm screwed" and "if the new feature doesn't quite work like it's supposed to, I'm screwed"

This is why we need open source solutions, so we could fork it and run it without this feature.  Moreover,  to audit the firmware.