They tried to push a 'Ledger Recover' Service which installs a firmware update that allows you to "shard" your private key to store the shards with other "trusted" entities...so you can recover your seed phrase if you lose it.

This "tech" really just opens the potential for a rug pull.

A hardware device fundamentally should not be designed to have the key leave the device. The fact that Ledger can push a software update that does this is a major red flag.

Ledger isn't open source either, so there's no way to verify how all this works and that this hasn't been possible with their devices from the very beginning.

They claim to be going open source now in a bid to regain trust, but we shouldn't have had to do that in the first place.