Data Harvesting Inside Ledger Live App - Is this really part of Non-custodial?

[CryptoGirl_200x]

Hi guys,
I do not know if this same topic have been brought up here recently, I've search and found none, but if actually there is, please point me to it and I will lock this one.

There have been a lot of controversies surrounding the mode of operations of ledger - one of the top hardware wallet manufacturers, meant to be complete non-custodial, but recently, researchers have discovered data Harvesting Inside the ledger live app.

For whatever reason best known to ledger, and hard to comprehend for users, ledger live app is transmitting information about..
- Clicks
- Page visits
- Redirects
- Crypto transactions
- Page scrolls
- Number of accounts
- Crypto asset names
- Session duration
- Hardware device type
- Firmware version

To ledger's analytics provider known as segment.io.

For those who do not know what ledger live is, like explained HERE^[1]- Ledger Live is the official software for interfacing with any Ledger hardware wallet. The vast majority of PC users download this software in order to set up their hardware wallet and sign transactions.

It was while inspecting the ledger live software code that a Twitter user by the handle Rektbuildr^[2] discovered that user tracking is built into the entire software.
Use the [1] or [2] links shared above to read more about this.

How exactly are crypto holders who believe in decentralization and privacy still buying ledger?
If this is because most don't know this things, aren't we being robbed by this companies, due to our ignorance?

[1714606975]

1714606975

[Lucius]

Someone already shared that news here: https://bitcointalk.org/index.php?topic=5469941.msg63308706#msg63308706

It's nothing strange to me, considering that various apps have an "analytics" option that collects data about how the user uses the app and a lot more that the company wants to know. The real problem is that this option is turned on by default, and those who are not aware that it exists at all are not aware that they can turn it off.

However, even if the user turns off that option, can we say with certainty that the app still does not (secretly) collect data and send it to someone for analysis?

[bitmover]

Someone already shared that news here: https://bitcointalk.org/index.php?topic=5469941.msg63308706#msg63308706

It's nothing strange to me, considering that various apps have an "analytics" option that collects data about how the user uses the app and a lot more that the company wants to know. The real problem is that this option is turned on by default, and those who are not aware that it exists at all are not aware that they can turn it off.

However, even if the user turns off that option, can we say with certainty that the app still does not (secretly) collect data and send it to someone for analysis?

The best option for those who have a Ledger wallet and are worried about data harvesting, is just to use another software.

For example, you don't need Ledger live to use bitcoin, you can use electrum + ledger.
https://support.ledger.com/hc/en-us/articles/115005161925-Set-up-and-use-Electrum

You can also use Metamask + Ledger for ethereum.

[Meuserna]

However, even if the user turns off that option, can we say with certainty that the app still does not (secretly) collect data and send it to someone for analysis?

Uhm...  what about the key extraction code that's not built into the firmware?

I seriously do not understand why anyone is trusting Ledger at this point.  What ever happened to the days of Bitcoiners saying "Don't trust.  Verify."  Now, it seems to be "Don't trust, unless the company's CEO wears at least nine rings while defending key extraction firmware.  Nine rings or more makes it okay."

There are only three safe uses for a Ledger:

Door stop.
Target practice.
Decoy wallet.

[www.Gambler.Casino]

I think that collecting information looks like an anonymous cryptocurrency wallet is bad. Unfortunately, this is how every product works these days((

[Fivestar4everMVP]

I have always known ledger to be the biggest and most popular manufacturers when it comes to hardware wallets and so, but recently, all this news about how they have been secretly gathering personal information of their users is really alarming and discouraging to be honest.

I am actually planning to get a new hardware wallet for myself, and that is what brought me into this board, to find out which is the best to go for, I actually was looking at buying a ledger, but based on all that I have read here, i think I've changed my mind, I will probably do my research on trezor and see if I will go for this one.

[Lucius]

The best option for those who have a Ledger wallet and are worried about data harvesting, is just to use another software.
~snip~

There is no doubt about that, but still from time to time you can't avoid using LL, at least when it comes to things like updating or adding a coin app, or maybe when it comes to a firmware upgrade. I turned off that questionable option a long time ago because I have a habit of checking such things, but this is a good warning for all those who haven't done it yet or are about to install LL.

Uhm...  what about the key extraction code that's not built into the firmware?

Maybe that code has always existed, only recently they decided to tell us about it because they want to charge us for a service that has a direct connection with that code.

I seriously do not understand why anyone is trusting Ledger at this point.  What ever happened to the days of Bitcoiners saying "Don't trust.  Verify."  Now, it seems to be "Don't trust, unless the company's CEO wears at least nine rings while defending key extraction firmware.  Nine rings or more makes it okay."

Some actually have no idea what it's all about, some others simply can't afford another HW, others think that the recovery option is actually something that gives them greater security. Besides, how many people actually understand Bitcoin as more than a get-rich-quick scheme? If so many believe in CEX as a crypto bank, it's no wonder that they still trust the company that allowed it to be hacked (data leak) and then came up with the idea of enabling seed extraction and sharing the same with third parties.

There are only three safe uses for a Ledger:

Door stop.
Target practice.
Decoy wallet.

I agree, and maybe someone could think of another way to use it - I know that some have managed to install a simple game on Ledger in the past🐍

[o_e_l_e_o]

For whatever reason best known to ledger, and hard to comprehend for users, ledger live app is transmitting information about..

Newsflash: So is almost every piece of software on your computer.

Do you use Windows or iOS? Then your OS is transmitting all that data and more to Microsoft/Apple and a ton of third parties. Do you use Chrome or any browser based on Chromium (i.e. anything except Tor, Firefox, or one of its forks)? Then your browser is transmitting all that data and more to Google and a ton of third parties.

You can also use Metamask + Ledger for ethereum.

Here's a great example. Let's take a look at Metamask's privacy policy:

Information we collect from you may include:

    Identity information, such as your first name, last name, username or similar identifier, title, date of birth and gender;
    Contact information, such as your postal address, email address and telephone number;
    Profile information, such as your username and password, interests, preferences, feedback and survey responses;
    Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Service, receive customer support or otherwise correspond with us;
    Financial information, such as your credit card or other payment card details;
    Transaction information, such details about purchases you make through the Service and billing details;
    Usage information, such as information about how you use the Service and interact with us;
    Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them;
    Financial information, such as bank account number and bank routing number; financial assets holdings; and
    Technical information, such as your Ethereum wallet address, application programming interface (API)-key and network information regarding transactions.

So Metamask collects literally everything. Not exactly a good recommendation.

Since the seed extraction "feature", everyone should have abandoned their Ledger devices a long time ago. But when it comes to privacy, Ledger Live is only as bad as most other software out there. If you aren't using Linux + Firefox/Tor + your own node, then Ledger Live isn't any worse than the rest of your device.

[dkbit98]

You can also use Metamask + Ledger for ethereum.

I think that Metamask is one of the worst ever software wallets I used in my life, and you can lose shitcoins even if you had them on ledger, if you approved access with metamask crap.  
That is the way how people lost money, so I don't understand why use shit hardware wallets with shit contracts anyway..

I seriously do not understand why anyone is trusting Ledger at this point.  What ever happened to the days of Bitcoiners saying "Don't trust.  Verify."  Now, it seems to be "Don't trust, unless the company's CEO wears at least nine rings while defending key extraction firmware.  Nine rings or more makes it okay."

Most people say, but what could go wrong if I use ledger with other wallets like electrum, etc... and I say - a lot could go wrong.
Let's see what is going to happen next after latest fiasco with ex-worker... but I am sure we are going to see more crap from ledger.
At this point I am considering all people who work for ledger to be compromised in one way or another.

[ABCbits]

Someone already shared that news here: https://bitcointalk.org/index.php?topic=5469941.msg63308706#msg63308706

It's nothing strange to me, considering that various apps have an "analytics" option that collects data about how the user uses the app and a lot more that the company wants to know. The real problem is that this option is turned on by default, and those who are not aware that it exists at all are not aware that they can turn it off.

And usually company makes it difficult or annoying for user to opt-out from such data collection.

However, even if the user turns off that option, can we say with certainty that the app still does not (secretly) collect data and send it to someone for analysis?

No, unless you actively monitor network activity of Ledger Live application which almost doing that.

For whatever reason best known to ledger, and hard to comprehend for users, ledger live app is transmitting information about..

Newsflash: So is almost every piece of software on your computer.

Do you use Windows or iOS? Then your OS is transmitting all that data and more to Microsoft/Apple and a ton of third parties. Do you use Chrome or any browser based on Chromium (i.e. anything except Tor, Firefox, or one of its forks)? Then your browser is transmitting all that data and more to Google and a ton of third parties.

Any browser based on Chromium? How about Ungoogled Chromium?

[o_e_l_e_o]

Any browser based on Chromium? How about Ungoogled Chromium?

Perhaps the exception to the rule, but I would argue that no matter how hard you try it is next to impossible to remove all Google code, dependencies, spyware, and so on. Far better to start with a clean slate (i.e. Firefox) and work from there.

[Pmalek]

There have been a lot of controversies surrounding the mode of operations of ledger - one of the top hardware wallet manufacturers, meant to be complete non-custodial, but recently, researchers have discovered data Harvesting Inside the ledger live app.

For whatever reason best known to ledger, and hard to comprehend for users, ledger live app is transmitting information about..
- Clicks
- Page visits
- Redirects
- Crypto transactions
- Page scrolls
- Number of accounts
- Crypto asset names
- Session duration
- Hardware device type
- Firmware version

The information you mentioned that is being tracked and collected doesn't change the non-custodial aspect of the app to a custodial one. As long as you have access to your keys, and you are the only one with such access, and can import them properly elsewhere, it's a non-custodial wallet. And you can do that with Ledger. A big problem would be if someone can prove that Ledger has and/or has always had a copy of all keys. I am not talking about the Ledger Recover feature here.

However, even if the user turns off that option, can we say with certainty that the app still does not (secretly) collect data and send it to someone for analysis?

Someone should prove it then. Unless it's the firmware that is doing nasty stuff, those who can read and comprehend code shouldn't have issues proving if and how Ledger collects data using ledger Live.

[Meuserna]

As long as you have access to your keys, and you are the only one with such access, and can import them properly elsewhere, it's a non-custodial wallet.

But you have to use Ledger Live to add or update apps on your Ledger hardware, at which point you're at the mercy of Ledger's tracking.  A smarter idea is to stop using Ledger hardware entirely.

However, even if the user turns off that option, can we say with certainty that the app still does not (secretly) collect data and send it to someone for analysis?

Someone should prove it then.

Better yet, it's time for Ledger to prove the firmware on their hardware is safe AND HAS ABSOLUTELY NO ABILITY TO EXPORT THE USER'S KEYS.

Ledger hardware isn't safe anymore.

Ledger's security was breached in 2020, leading to users names and home addresses being leaked.  That's ironic since Ledger's entire job is SECURITY.

Ledger's code has now been hacked.  And worse, Ledger blames a previous employee getting phished!  That's a double-whammy of inexcusable ineptness from a company who's entire job is SECURITY.  And it's even worse since Ledger hardware now runs firmware with key extraction APIs.

It's time for Ledger to prove the firmware on their hardware is safe.  They've been lying to their customers for a long time, so their word is no longer good enough.

[dkbit98]

But you have to use Ledger Live to add or update apps on your Ledger hardware, at which point you're at the mercy of Ledger's tracking.  A smarter idea is to stop using Ledger hardware entirely.

You also can't even start using ledger wallet if you don't install their ledger live crapp after you purchased their hardware wallet.
Good luck to anyone trying to bypass that

Ledger hardware isn't safe anymore.

It was never safe in the first place, but it's not that hard to provide illusion of safety... same like governments are doing with their msm propaganda bs.

It's time for Ledger to prove the firmware on their hardware is safe.  They've been lying to their customers for a long time, so their word is no longer good enough.

it's simple to open source everything, right? Right?? 

[Meuserna]

it's simple to open source everything, right? Right?? 

Oh my god, THIS.

Ledger prints "WE ARE OPEN SOURCE" on the boxes for hardware running closed source firmware.

Ledger is not an honest company.

Ledger cannot be trusted.

[Pmalek]

But you have to use Ledger Live to add or update apps on your Ledger hardware, at which point you're at the mercy of Ledger's tracking.

I know, but like I said, that's an entirely different problem that has no affect on the custody of your coins and keys. If you had no access to your crypto outside of Ledger software and needed their permission to move your funds, then we can talk about issues with custody. That isn't the case here.   

Better yet, it's time for Ledger to prove the firmware on their hardware is safe AND HAS ABSOLUTELY NO ABILITY TO EXPORT THE USER'S KEYS.

Doing it now, retroactively, would be pointless anyway. The best you can hope for is them doing it for future firmware versions, and I doubt they will do that. And even if they do, the harm of Ledger Recover has already been done and can't be undone. Sending shards of your keys to other companies for "safe-keeping" is a custody issue in comparison to the tracing problem we discussed above. 

[o_e_l_e_o]

Ledger is not an honest company.

Lied about the security of your data.
Lied about the security of your coins.
Lied about how many people had their data stolen.
Lied about seeds never leaving the device.
Lied about being open source.

Did I miss any?

[tread93]

Ledger is not an honest company.

Lied about the security of your data.
Lied about the security of your coins.
Lied about how many people had their data stolen.
Lied about seeds never leaving the device.
Lied about being open source.

Did I miss any?

Lied about being the most secure hardware wallet in the world! I remember when everyone was dead set on Ledger being the absolute best and most secure and then all of this crap came out. I cound't believe it. I got off Ledger. The fact that they are tracking all of this information and broadbasting it to another seperate company and probably selling that data is infuriating! You can't trust anyone or anything these days.

[Lucius]

Lied about being the most secure hardware wallet in the world!

They (Ledger) or perhaps it is better to say lord of the rings Pascal still claim that they are the most secure HW because their Recovery is one big step forward, and they described the hacking of the user data base as some kind of trivial thing that had no effect on user security.

I remember when everyone was dead set on Ledger being the absolute best and most secure and then all of this crap came out.
~snip~

It was a good lesson for all of us not to trust anyone, no matter what the company's name is or what kind of product it has. We should always be on our guard and not advise others about something we may regret one day. The best hardware wallet that exists is the one that we can just make from an old computer or mobile phone.

[Pmalek]

The best hardware wallet that exists is the one that we can just make from an old computer or mobile phone.

I agree with you regarding the airgapped computers for optimal security. However, I don't have much faith in mobile phones as long term storage for Bitcoin. There is no way to remove all antennas and connectivity chips and sensors like you can on a desktop system.