Bitcoin Forum

Bitcoin => Hardware wallets => Topic started by: tarball on July 14, 2018, 08:20:37 PM



Title: 'Technical Data' in Ledger Live
Post by: tarball on July 14, 2018, 08:20:37 PM
Why is 'Technical Data' in Ledger Live App mandatory?

https://media.discordapp.net/attachments/454371654769049642/467787081108815872/unknown.png

https://media.discordapp.net/attachments/454371654769049642/467787081108815872/unknown.png


Title: Re: 'Technical Data' in Ledger Live
Post by: TryNinja on July 14, 2018, 08:22:59 PM
From Ledger's CEO on reddit:

Quote
We are very transparent about what we collect. You can see the details here: https://talkimg.com/images/2023/05/14/bloba6ab8fc159b86a12.png This is less that what a web session is collecting (we don't log IP addresses), and much less than was Google was collecting with the Chrome app system.

Sending Ledger Live version, OS & language, and a unique anonymous ID (to count usage) is not invasive, doesn't breach any privacy issue, and is fully shown in a transparent way. If you do not wish to give your consent, you have the possibility not to use the app (please note that nothing is send to our servers unless you complete the onboarding and therefore agree to the technical data collection).

Compared to the Chrome apps, there is a massive progress in data collection as we were able to reduce to the minimum. It is important however for us to have a basic understanding of usage, the same way that a web page is having some basic analytics.

No personal information are sent, in any case.
Source: https://www.reddit.com/r/ledgerwallet/comments/8xdgfi/_/e22jqdi


Title: Re: 'Technical Data' in Ledger Live
Post by: tarball on July 14, 2018, 08:25:29 PM
Thanks.

Also, is there a way to view bitcoin testnet coins on Ledger Live?


Title: Re: 'Technical Data' in Ledger Live
Post by: tarball on July 14, 2018, 08:31:02 PM
Nevermind, I found it. 'Developer mode' in settings.


Title: Re: 'Technical Data' in Ledger Live
Post by: HCP on July 14, 2018, 09:57:44 PM
Also, due to the wonders of FOSS, I'm sure it would be possible to actually just fork the code on GitHub, modify it to include "dummy" (or no) data and then compile it again... ;)



Title: Re: 'Technical Data' in Ledger Live
Post by: bob123 on July 14, 2018, 10:32:31 PM
I'm sure it would be possible to actually just fork the code on GitHub, modify it to include "dummy" (or no) data and then compile it again... ;)

Definitely possible, but it would require someone to look through massive amounts of javascript(!) code.  ::)
It may be easier to simply (find and) drop/block this specific packet  ;D


Title: Re: 'Technical Data' in Ledger Live
Post by: HCP on July 15, 2018, 12:16:06 AM
Definitely possible, but it would require someone to look through massive amounts of javascript(!) code.  ::)
It may be easier to simply (find and) drop/block this specific packet  ;D
Wasn't really that difficult, thanks to the helpfully named "analytics" folder ;) :P

https://github.com/LedgerHQ/ledger-live-desktop/blob/develop/src/analytics/segment.js


Title: Re: 'Technical Data' in Ledger Live
Post by: bob123 on July 15, 2018, 02:20:19 PM
Wasn't really that difficult, thanks to the helpfully named "analytics" folder ;) :P

https://github.com/LedgerHQ/ledger-live-desktop/blob/develop/src/analytics/segment.js

Oh, i was looking at the repository for about 5 or 10 minutes but completely overlooked that  ;D
I am glad ledger does use meaningful variable-/class-/file- names. Definitely makes it more appealing to read  ;D


Title: Re: 'Technical Data' in Ledger Live
Post by: gentlemand on July 15, 2018, 09:12:27 PM
From Ledger's CEO on reddit:
Quote
you have the possibility not to use the app
Source: https://www.reddit.com/r/ledgerwallet/comments/8xdgfi/_/e22jqdi

Thanks Mr. CEO. Or you could let me opt out but I guess you're not going to do that. I hope people keep a very close eye on this. And using one with Electrum or Mycelium may be made harder too.

With their talk of partnering with operations like Google I see the future of hardware wallets, or at least this one, as retrogressive and heading towards the same old shit.


Title: Re: 'Technical Data' in Ledger Live
Post by: TryNinja on July 16, 2018, 01:14:26 AM
Thanks Mr. CEO. Or you could let me opt out but I guess you're not going to do that. I hope people keep a very close eye on this. And using one with Electrum or Mycelium may be made harder too.

With their talk of partnering with operations like Google I see the future of hardware wallets, or at least this one, as retrogressive and heading towards the same old shit.
You can also just fork the code and remove it yourself. At least that's what the CEO said when people asked him to remove the "Exchanges" tab from the wallet. :P


Title: Re: 'Technical Data' in Ledger Live
Post by: bob123 on July 16, 2018, 06:35:01 AM
Thanks Mr. CEO. Or you could let me opt out but I guess you're not going to do that. I hope people keep a very close eye on this. And using one with Electrum or Mycelium may be made harder too.

With their talk of partnering with operations like Google I see the future of hardware wallets, or at least this one, as retrogressive and heading towards the same old shit.


I totally disagree with you.

Information being gathered:

OS: Name, Version, language, region
LedgerLive: Version, language, region and an anonymous unique identifier


The only thing which can be somewhat critical is the anonymized identifier. But, as already mentioned, you can easily just remove that lines of code. HCP even linked the file of the code.

IMO those information are extremely basic. If you have used the google chrome application, you have given WAY more information away (and not just to ledger, but mostly to google).
And google already made money off these information.


There is no possibility to tie this gathered data to your real-life personality (unless someone reverse engineers your PC and looks for the unique identifier, and then afterwards asks ledger about all information tied to this identifier).
Those are really some very basic information.

Each website you are using gatheres WAY more (e.g. most critical: IP addresses).