Topic: Ledger Live Liars Data Collection - page 2. (Read 380 times)

Something has happened along the years.  The moderator's answer is four years old and the Privacy Policy has been archived today.  Right?

I think what happened is governments put a particular pressure on everything related to Cryptocurrency.  Exchanges, ATM's, wallets, all of it.  See how quickly Know Your Customer became the norm, how quickly Anti Money Laundering became the excuse to remove privacy, how quickly data collection became a general thing.  Ledger is a company and they are part of this too.

I expect this was a government's plan that went two ways.  Ledger either got paid well for doing this or they were just pressured enough to accept the data collection and move on with it now being part of Live.  Every company that is collecting information from Cryptocurrency users for 'legal reasons'.  All this data must be going somewhere.

At this point.  All we have left is fully Open Source and decentralized software and hardware.  This is the way we have to follow.  Purchase Open Source hardware and move away from Closed Source software.  It is clear to me now that any custodial wallet and any Closed Source software is going to collect and sell information about you.  Fuck that.  If we all spent our resources on creating the best of the best Open Source and fully decentralized tools and apps for Cryptocurrencies, we would have our own exchange with Binance like volume and user base.

But even then.  We have some like Wasabi that just turn bad over time.  But if something is Open Source, it can be forked after all.  Fuck data collection.  Fuck hidden interests and plans that are against you.  You are paying someone to sell your information.  All of this is getting clustered up somewhere and it is definitely not your HDD.

-
Regards,
PrivacyG

Some of this has already been discussed here and in the topic itself, but the information you provided adds to the overall picture of Ledger. In general, those who often look into this section should already have a clear idea about this firm and that you need to stay away from them. Info about Ledger should be posted on as many resources as possible to get the attention of as many people as possible.

Formally, this can be done in Ledger Live settings too, but I have big doubts that this is not a fiction and an illusion for users. After all, we can't find out what actions the app performs because of the closed code.

Curious find. Need to include this in the list of "magical" actions that are required to interact with Ledger (I could not find the topic where similar Ledger lifehacks were discussed, otherwise I would have added here.)

I just gave un example and we are not talking about some random people who run servers, we are talking about official wallet developers who openly say what they are doing.
It's well known fact that blockchain analysis companies and government agencies run their servers for tracking, but that is totally different story.
Let's not mix wallet manufacturers with third parties.

I guess you can sort off verify it if you know what you are doing, because Trezor and their Trezor Suite application are all open source.
And yes I know running your own bitcoin node is bets option for privacy, it's not even that hard for average Joe to do it.

''Update'' from one more ledger co-founder aka reddit moderators btchip 

You have absolutely no way of knowing what the owners of the random Electrum servers you connect to are doing with the data they gather from you. Some servers are being run directly by blockchain analysis companies.

Even although Trezor say they don't collect these things, you are still using their servers to update your addresses and transactions and so they could keep logs if they wanted. Just like a VPN, you cannot verify what they say. And you can connect any wallet over Tor if you want.

If you want privacy, then you have to run your own node. There is no other way around it.

I can’t be surprised at all when it comes to Ledger, because that company proved its incompetence, and then it tried to relativize that whole mess by pretending it wasn’t some big deal. The fact that they continue to collect such sensitive data and share it with partners (or perhaps sell it) proves that nothing has changed in their business philosophy.

In one of the possible new database leaks, hackers may have your coin addresses with balances in addition to your personal data, so they know who the valuable targets are. An old saying goes "fool me once, shame on you; fool me twice, shame on me".

Exactly. Ledger is probably being bashed because we all know there was a data leak, and they are transparent about this data usage (sharing with partners, etc).

Basically every website and company does that, but they are not so clear about.

Ledger wallet is a device that is useful for security. If you want to use their wallet for convenience (or any other SPV wallet that goes though their server) you are being watched.


There is a way.

You can create 2 wallets, using a passphrase. Then, you can use ledger live only in your empty wallet to update the firmware.

When making transactions, go to your other wallet with a passphrase (different pin) and use it in a software where you truste the servers.

There is no single way to privacy, it has to be fought for. Taking it from the light client wallets people are using today, they have no privacy, central servers are linking addresses together and linking it to the IP address used. It is privacy conscious people that know they have to run their own full node and make use of Tor to make this privacy invasion impossible. Another is people buying hardware wallet directly from the manufacturing company, data can be breached by hackers at anytime, people that are privacy conscious still go in a way they do not provide information valid enough to trace their real identity.

This is only partially true, because I can use Electrum or some other wallet that maybe have records of my IP addresses and transactions, but they are not sharing that info with any partners of parties that pay more, and they don't keep this data for five years.
In Trezor hardware wallet used with Trezor Suite app I can disable sending of all information (in settings) and I can enable Tor to hide my IP address.
This is what Trezor can collect if you enable anonymous data collection:
https://docs.trezor.io/trezor-suite/misc/analytics.html

There is no way you can update ledger offline and you must use normal computer, not a mobile device for this process.

I'm no fan of Ledger's stance on user data and privacy, but this is not unique to them or even unique to hardware wallets. If you use any wallet which goes through any server which is not your own server pointed at your own node, then whoever runs that server will absolutely be able to see your IP address and details of every address you query and every transaction you make, as well as any other unique identifiers the wallet software communicates to them, and can keep that data for as long as they want and share it with anyone that they want.

If you own a Ledger device and need to use Ledger Live to update it (is there no way to do this offline?) then either wipe your seed phrase from the device first (make sure you have a back up handy), or don't actually store any coins on the base seed phrase and only store coins on hidden passphrased wallets. Run Ledger Live over Tor, so all Ledger can collect is the session identifier linked to an empty wallet and an IP address which isn't yours.

If you are still using ledger live application with your ledger hardware wallet, than I you should really think again about it.
In reality it's impossible to update your device without ledger live application that can be only used on computer, so you are stuck with it at least partially.

You should know what data ledger live collects from users and for how long, because they are not even hiding it, as you can see in their privacy policy page below.
Device session identifier, IP address, clicks, actions, language and region for your operating system, transactions, etc.
They are keeping all this data for ''legal'' reasons and retention period is five years, and they share customer data with their partners.
Knowing that ledger and their partners were hacked and data leaked multiple times, I think it's crazy for anyone to trust ledger with your data for years.

What's even worse is that Ledger chairman and co-founder murzika publicly lies how they don't collect IP addresses.
So now we have proof and confirmation that people who own and work in ledger are liars:


source: https://www.reddit.com/r/ledgerwallet/comments/8xdgfi/warning_ledger_live_collects_information_without/e22jqdi/


source: https://www.ledger.com/privacy-policy
archive: https://web.archive.org/web/20220329104422/https://www.ledger.com/privacy-policy

Best solution for this is to stop using ledger wallet, but temporary fix would be mandatory use of Tor or some good open source vpn like Mullvad.
Don't trust my words, and do your own research about this.