Topic: Can HW manufacturers get user info through their apps? (Read 352 times)

I do this.  But this one may be close to the extremes already.  I have multiple devices for separate purposes and never use them for anything else other than the purpose I gave them.  But this is just my paranoia at its finest.

I think a secure Operating System with VM's is just as good long as your behavior is not clicking 'You Just Won $1,000,000!' ads and downloading random crap.  Not sure how open source and reliable it is, but Whonix sounds like it would do a great job at giving you privacy and you can install Live on it too without going through extra steps like you would with Persistent Storage on Tails.  They even offer their Operating System as a VM too.  Running Live on a system wide enabled Tor Operating System that runs as a Virtual Machine sounds like a wet dream.  Only one issue however.  This requires a blank Ledger or Passphrase to be used with it because it makes no sense to use Tor with an account they already spied on.

-
Regards,
PrivacyG

Of course, analytics can be and are used to improve products. That doesn't change the fact that the company learns about usage patterns, preferences and in this case even potentially financial decisions of their users; very sensitive information. After their repeated leaks and questionable company habits, it's hard to trust them with this information.
I can see how many users prefer open-source software without telemetry even if it means the company behind it can't get automatically get insights on what features are preferred or not. They can get the same information through forums, social media and GitHub issues, though, without invasion of privacy.

By spying on their users when they use Ledger Live, they can see what coins and apps are the most popular ones. Maybe that's how they make plans for their roadmap and decisions about what to develop and integrate next. We can see that Ledger keeps introducing new altcoins, NFTs, DeFi, etc. They could have gotten all that information based on the activity of their users who spent most of their time engaging with the ETH app, for example, and by checking that they keep NFTs in their ETH accounts.

Checking what apps are being uninstalled gives them an idea of what is considered unpopular by their userbase. Its quite logical that if they notice that many users installed an app but then uninstalled it, they weren't satisfied somehow. The solution: check what's wrong with it and try to improve based on support messages and complaints over social media.   

I'm not going to 'leak' my own setup, but I do recommend going as far as using segregated machines for different purposes for privacy and security. It's easy to freshly reinstall a 'burner' machine frequently if it holds no important data; and if it does get compromised, it won't be too bad either. You might also want to look into VLAN and put your machines on different VLANs so that viruses from the 'burner machine' won't propagate to your 'high security machines'.

Based not only on past incidents, but now on new ones: https://bitcointalksearch.org/topic/m.59628509.

It is possible that a particular company needs very little information to improve user experience. The collection of the rest information can be imposed on Ledger by other persons. I don't want to get into conspiracy theories. Any government can influence and impose the behavior they want on any firm under their jurisdiction. Can't argue with that.

If I had not seen this text myself, I would also have thought it was a joke. Anyone can check this in Ledger Live app's settings until it's removed. It still amazes me that they are not afraid to openly state this in Analytics and don't even try to hide it. Their honesty is off the charts.

It is possible that one day all the information they collect will one day surface. Either in government structures, like the tax office, or in the hands of hackers.

Curious lifehack. To eliminate repetitive actions and wasting extra time each time, I can offer an alternative. Linux OS emulation (for example, VirtualBox) with installed LL application. Once installed and configured, and after that, let them spy as much as they want (They won't get access to info on main OS). Although even in this case, Ledger will still be able to collect too much information about users.

Sounds like there is someone who needs information about a specific user for a specific purpose.  I wonder who and why.  Jokes on you, they do not need this for improving user experience.  Crypto assets and operations plus clicks, page visits, redirections et cetera does not sound like something needed for improving experience.

That is, unless they are doing this to prioritize showing the most used pages of Live first and such.  But I still doubt it is what they are using it for.  Seems as legit as becoming very intrusive to prevent money laundering.  Hell no, they will find another way to launder while my privacy will still be gone.

I am avoiding this mess by using the 'Try Linux' boot option with a bootable Linux USB stick.  Boot it up in the Try Linux mode, download Live and do your transactions and stuff, shut the computer down.  Next time you boot your computer Live will not be there anymore.  Problem of being spied on now gone.  Much better than installing and running it on your main Operating System anyway.

-
Regards,
PrivacyG

AFAIK, that information alone is only useful to their production and marketing team, but when you combine it with some of the other things that you mentioned, it comes in handy for app optimization and stuff like that...

Based on past incidents, I think it's safe to say that they're not that reliable in regards to keeping any kind of information safe ^{[regardless of it being directly their fault or not]}.
^{- I hope I'm wrong.}

See what I found.


After discussion in this thread, I am not surprised by "actions (send, recive, lock, etc)". This is exactly what you all warned about. Here can add: "(un)installing and app version, number of accounts, crypto assets and operations (the most valuable info), session durations (It's already interesting. Why do they need it?), the Ledger device type and firmware".

But this surprises me a bit: "This includes clicks, page visits, redirections, ...end of page scrolls..." It already looks like espionage. The most surprising thing is that Ledger openly writes about this in the settings of its Ledger Live application.

Together, this all forms a very large array of important information about their user. The questions is how they will use it, who will be given access to this information and whether they will be able to keep it all safe.

I commented about it in one of my posts before, but I had no luck in finding it ^{[it was probably from late last year]}... Actually the latter is exactly what they did on that occasion ^{[they silently altered the content of their earlier statement]}, so perhaps the way I described it yesterday ^{[contradicting part]}, it's not an accurate representation of the situation in question, but regardless of that, they tend to do stuff like that from time to time.
^{- If I find that post, I'll update this one...}

I agree with @Pmalek's comment in the above post.

Update:
- Found it ^{[they kept shipping faulty products for a few more weeks or a month after the removal of that paraghraph]}!

I think that in the first picture they are talking about data concerning your portfolio and balances, the coins you hold, how many accounts you have, the name of those accounts, which crypto apps you have installed, which ones you are using, and things like that. The second image says that Ledger can send certain technical data but if you allow it to do that. You can opt out of if though. 
 
I don't think the approach is different with other manufacturers either. They are interested in how you use their software, which features are mostly used and which ones don't get enough attention. If the software crashes, they want to see logs to figure out why the crash happened, what the user did when it happened, and how it can be fixed.

This should alert any potential user. You are right about Analytics. There is no guarantee that this will be disabled by the button. Below I will explain why I think so.

If we compare Ledger Live and Trezor Suite, then from this angle Suite looks more reliable. If, the source code is open and can audit.

This is another + in favor of Trezor Suite.

I'm assuming this was done on purpose. This alone should alert their future customers and understand how these firms treat their users. Like a wallet from which need to extort money as quickly as possible by any means and not at all caring about the right to the security of private customer data.

Could you remind me of this?
Usually, when they contradict, they try to hide from us or deceive something. In any case, this is a minus for Ledger. Above, we discussed about Analytics. Now, if Ledger has already fooled everyone repeatedly, why don't they do it again? That is why I believe that there can be no guarantees from them.

Of the two evils, Trezor Suite looks like the better solution. Although, as always, there are other options.
As I said before, the world is not limited to these two manufacturers.  What other HW manufacturers have their own app?

You're very welcome

Exactly, if there's a way to verify it, we should do it!

This isn't the first time that Ledger or rather one of their staff has contradicted one of their earlier statements!

That's weird! Even though I'm the one who shared it the other day, somehow I actually misread that part ^{[facepalm (SMH), thanks for pointing it out]}, but I did find a few things on that page:

• Quote from: m2017 on March 18, 2022, 05:56:01 AM
  What changes are you talking about?
  
  I was talking about "Bitcoin full node via Electrum Server" and they've already released it in "beta mode".
  ^{- I just "found out" that Trezor already had a "different software [Blockbook]" that allowed its users to connect to their own node!}

You see, this is what scares me.  One software switch does not ensure at all that Analytics will happen or not.  It is of the same use as a software switch for your computer camera.  Software can be tricked, and bypassed.

But at least as far as I know, Trezor's Suite is open source and it can be analyzed whether any kind of information is shared with servers or not.  Or is Suite not as open source like I thought?  Was it just their device and the device's operating system?

Anyway.  The Trezor Suite software gives you the option to opt out of Analytics upon installing.  That one I remember for sure.  Not sure about Ledger Live though, which if I remember correctly DOES have Analytics on by default.  It sucks, because before you know about the switch, their servers have already collected basic information about you.

-
Regards,
PrivacyG

I wanted to look for this info on the manufacturer's website, but you beat me to it and saved me time.
Thanks for the links. I looked at them and, in general, found some answers, but also new ones appeared.

As you can see in the 1st paragraph "Ledger Live does not store your information on a centralized Ledger server", it is written completely different than what was said in the comments above and no information about servers and personal data transfer. But we will not blindly believe everything that is written on the site, right?

In the 2nd paragraph, the words "Ledger Live  only synchronizes your operation history and balance with the blockchain" confuse me. Isn't this where the weak point with the transfer of data to servers Ledger lies? I would like to know how it is implemented. About the same as blockchain explorer websites with all their shortcomings?


I think that comments are unnecessary here and this is already an occasion to think.
I still want to pay attention to: in the 1st picture it is written that "Ledger Live does not store your information on a centralized Ledger server", but at the same time in the 2nd picture there is already a clear contradiction. It turns out that the app can collect information about the user (look at the "Analytics" line) and can send it to Ledger servers.
 
In this case, it is openly voiced that data collection takes place.
In the 2nd paragraph "Anonymous data", it says what data is not included, but it doesn't say what data is collected. The next words that can not be verified.

From the information above, we can draw a small conclusion:
If you decide to use apps Ledger Live or Trezor Suite, then it is better to disable Analytics in the settings, because this is enabled by default.

HW market is not limited to just these two firms.  What other manufacturers offer their apps to their customers with HWs?  What can you say about them / their app? All the same with getting user data, how do Ledger and Trezor do it? Are there any exceptions?

What changes are you talking about?

They can obtain information, but it will be useless unless it is linked to other information collected about you, such as information from Google, Facebook, and other services.

 - The generation of PVT keys is assumed to be in an environment that has not and will not be connected to the Internet.
 - Broadcasting transactions must be connected to a server, so they may be able to collect information such as addresses, IP addresses, etc.
 - You can connect to your own server to enhance privacy.

When they get your IP and addresses, all they need to do is track them using Google, central platforms, service providers and more.

So for the average user, they will not get important information, but if you are wanted by the FBI or there are enough resources to track you, they will certainly be able to find you.

If you are looking for privacy, you have a few cryptocurrencies that pass the decentralization test, which is considered an entrance to privacy.
If your crypto is central, privacy does not mean anything.


Assuming we have only two decentralized crypto which is Bitcoin and Monero.

Online Bitcoin analytics services collect more information about you than hardware services.


Hardware:

Hardware wallets can get the information if you provide it to them when buying.
you can hide your identity by shipping to another location, paying using mixed currencies or with cash.

You can build these devices yourself if you have some experience.

Softwate:

Software is almost the same as desktop wallets and then you will need to manage your full node, Tor, a trusted VPN, stop using anything related to JavaScript, and only connect to the Internet when necessary.

Privacy is valuable, and you need to be careful to enjoy as much of it as possible.

They have all your personal information if you buy device from them directly, pay online, and send them your real name and home address.
Later down the line this data can be leaked like it happened with ledger, so everyone will know al your details.
When you use your wallet with default app they will have your IP address and all transaction history, unless you use Tor or vpn.

Code for apps and firmware code for hardware wallets are two different things.
Having closed source wallet used with publicly available code app means very little in reality.

Here's what those two brands you mentioned earlier are saying about the type of information that they collect on their apps ^{[the above users are correct]}:

• Trezor Suite: Analytics
• Ledger Live: 1) Ledger Live stores your data locally 2) Step 5. Bug reports & analytics

That's true, but it's a different story if they paid in cash ^{[without giving their names]}.

As a Trezor user, I can confirm that's also the case, but it's going to change soon.

Update:
Refer to "this post" for more information...

Probably everything that you mentioned. If you purchased the hardware wallet from the manufacturer directly, they already know your location. Assuming, of course, you had it delivered to your home. If you paid with a credit card, bank account, or one of those traditional payment providers, they know even more. If you bought the device from a reseller/official distributor, there is now an additional party that knows you. One way around this is purchasing HWs with crypto and not have them delivered to your home but to a PO box, for example.

If you use Electrum and connect to a server, the person who runs it can acquire your IP, list of addresses, and balances. Ledger Live uses its own servers, so the same rules apply there as well. I don't have a Trezor, but I assume it's the same thing.   

Doesn't matter if a database hack happens because private information is stored on some servers somewhere. When Shopify's database was hacked, Ledger (closed-source) was among the companies that was affected. If an open-source company used their e-commerce services as well, it wouldn't be any different.   

Imho they cannot gather info from their HW directly, but they can (and most probably gather) everything they can from their SPV wallets:
* addresses, funds, but also they can link all addresses (and transactions) of your wallet, including the altcoins too.
* link all this to your IP if they can (if you don't use TOR, for example)

But it's nothing really different from what any SPV server operator can do? And it's known that chain analysis companies do run Electrum servers (possibly both on clear net and under TOR)...
The information is important for chain analysis. They may aim to track all your crypto history, like Google or FB want to track all your online history. That's valuable, and not only for taxes or finding criminals; you can easily become the target for certain advertising based on how wealthy you are, for example.


They may be able to also gather this or that when one updates the HW software and apps, but that would be dangerous and will make them lose their reputation in a second. So I don't think they do that.
For example Ledger software is closed source. But there are open source hardware wallets too, you can look here: https://bitcointalksearch.org/topic/list-open-source-hardware-wallets-5288971

I didn't answer point by point, but I think that I didn't miss anything big.