Ledger Live Tracks and Sends ALL User Information to Outsourced Data Harvesting Service
"Ledger Live is phoning out data on assets you hold in your hardware wallet the moment you access Ledger Live. It's also sending out tons of other info about your computer and device," wrote @rektbuildr.
"The application phones everything about your device AND YOUR FUNDS to an outsourced endpoint at https://api.segment.io/v1/t. That's not even a Ledger endpoint, it's an outsourced data collection service."
"As if that weren't bad enough, the submitted payload also contains a userId and writeKey which probably identify your device uniquely, along with tons of other data like device model, how much space you've used, your operating system version and so on."
"The tracking code is too structural to be just counting users and downloads, like regular apps do. Ledger Live is doing analytics on everything from screen views, to button clicks, error events, installs, uninstalls, etc. It's basically tracking everything. Anything you do on that app gets tracked," he added.