Ledger Live Tracks and Sends ALL User Information to Outsourced Data Harvesting Service
"Ledger Live is phoning out data on assets you hold in your hardware wallet the moment you access Ledger Live. It's also sending out tons of other info about your computer and device," wrote @rektbuildr.
- "I ran Ledger Live and opened the network tab just out of curiosity. And what I found was more than a little concerning." wrote @rektbuildr.
- Ledger Live is a free and open source companion app for Ledger signing devices.
"The application phones everything about your device AND YOUR FUNDS to an outsourced endpoint at https://api.segment.io/v1/t. That's not even a Ledger endpoint, it's an outsourced data collection service."
- "As if that weren't bad enough, the submitted payload also contains a userId and writeKey which probably identify your device uniquely, along with tons of other data like device model, how much space you've used, your operating system version and so on."
"The tracking code is too structural to be just counting users and downloads, like regular apps do. Ledger Live is doing analytics on everything from screen views, to button clicks, error events, installs, uninstalls, etc. It's basically tracking everything. Anything you do on that app gets tracked," he added.
- According to the post's author, Ledger Live started its 'intensive' user tracking campaign with its v1.2.0 release, which occurred on December 23, 2019. Apparently, that's when user tracking was switched to opt-out instead of opt-in by default for all new installations.
Lol holy shit. If you have a @Ledger you should at LEAST stop using Ledger live. Switch to @SparrowWallet asap, then consider getting different hardware when you've got the funds. https://t.co/L3CPUgQY2h
— BTC Sessions 😎 (@BTCsessions) December 8, 2023
