You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
On the other hand, @marcan42 says there are no pin-compatible STM32s.
My point still stands (you can likely attach SPI flash to the rear of the device, or perhaps attach a new board to the JTAG), but it seems like the Reddit user could be lying.https://twitter.com/marcan42/status/976917423822483456 …
It is of course still entirely possible to stealthily carry out the attack (e.g. have one of the 48-pin 64K variants custom-packaged and labeled into a 32-pin package, China will do that for you), but quite a bit harder.
Would you be able to have that done such that the extra 32KiB is basically "undetectable"? i.e. JTAG and memory map only goes up to 32KiB, but the system bootloader is modified to run hidden code if the "non-hidden" code is signed by Ledger.
Not JTAG, but it should be entirely possible to trojan the bootloader such that it accepts legitimate firmware updates over USB, stores them, but still runs the old modified code (or even dynamically patches the new code, if it hasn't changed much).
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
