Author

Topic: 'Technical Data' in Ledger Live (Read 240 times)

legendary
Activity: 1624
Merit: 2481
July 16, 2018, 01:35:01 AM
#11
Thanks Mr. CEO. Or you could let me opt out but I guess you're not going to do that. I hope people keep a very close eye on this. And using one with Electrum or Mycelium may be made harder too.

With their talk of partnering with operations like Google I see the future of hardware wallets, or at least this one, as retrogressive and heading towards the same old shit.


I totally disagree with you.

Information being gathered:

OS: Name, Version, language, region
LedgerLive: Version, language, region and an anonymous unique identifier


The only thing which can be somewhat critical is the anonymized identifier. But, as already mentioned, you can easily just remove that lines of code. HCP even linked the file of the code.

IMO those information are extremely basic. If you have used the google chrome application, you have given WAY more information away (and not just to ledger, but mostly to google).
And google already made money off these information.


There is no possibility to tie this gathered data to your real-life personality (unless someone reverse engineers your PC and looks for the unique identifier, and then afterwards asks ledger about all information tied to this identifier).
Those are really some very basic information.

Each website you are using gatheres WAY more (e.g. most critical: IP addresses).

legendary
Activity: 2758
Merit: 6830
July 15, 2018, 08:14:26 PM
#10
Thanks Mr. CEO. Or you could let me opt out but I guess you're not going to do that. I hope people keep a very close eye on this. And using one with Electrum or Mycelium may be made harder too.

With their talk of partnering with operations like Google I see the future of hardware wallets, or at least this one, as retrogressive and heading towards the same old shit.
You can also just fork the code and remove it yourself. At least that's what the CEO said when people asked him to remove the "Exchanges" tab from the wallet. Tongue
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
July 15, 2018, 04:12:27 PM
#9
From Ledger's CEO on reddit:
Quote
you have the possibility not to use the app
Source: https://www.reddit.com/r/ledgerwallet/comments/8xdgfi/_/e22jqdi

Thanks Mr. CEO. Or you could let me opt out but I guess you're not going to do that. I hope people keep a very close eye on this. And using one with Electrum or Mycelium may be made harder too.

With their talk of partnering with operations like Google I see the future of hardware wallets, or at least this one, as retrogressive and heading towards the same old shit.
legendary
Activity: 1624
Merit: 2481
July 15, 2018, 09:20:19 AM
#8
Wasn't really that difficult, thanks to the helpfully named "analytics" folder Wink Tongue

https://github.com/LedgerHQ/ledger-live-desktop/blob/develop/src/analytics/segment.js

Oh, i was looking at the repository for about 5 or 10 minutes but completely overlooked that  Grin
I am glad ledger does use meaningful variable-/class-/file- names. Definitely makes it more appealing to read  Grin
HCP
legendary
Activity: 2086
Merit: 4361
July 14, 2018, 07:16:06 PM
#7
Definitely possible, but it would require someone to look through massive amounts of javascript(!) code.  Roll Eyes
It may be easier to simply (find and) drop/block this specific packet  Grin
Wasn't really that difficult, thanks to the helpfully named "analytics" folder Wink Tongue

https://github.com/LedgerHQ/ledger-live-desktop/blob/develop/src/analytics/segment.js
legendary
Activity: 1624
Merit: 2481
July 14, 2018, 05:32:31 PM
#6
I'm sure it would be possible to actually just fork the code on GitHub, modify it to include "dummy" (or no) data and then compile it again... Wink

Definitely possible, but it would require someone to look through massive amounts of javascript(!) code.  Roll Eyes
It may be easier to simply (find and) drop/block this specific packet  Grin
HCP
legendary
Activity: 2086
Merit: 4361
July 14, 2018, 04:57:44 PM
#5
Also, due to the wonders of FOSS, I'm sure it would be possible to actually just fork the code on GitHub, modify it to include "dummy" (or no) data and then compile it again... Wink

jr. member
Activity: 98
Merit: 5
July 14, 2018, 03:31:02 PM
#4
Nevermind, I found it. 'Developer mode' in settings.
jr. member
Activity: 98
Merit: 5
July 14, 2018, 03:25:29 PM
#3
Thanks.

Also, is there a way to view bitcoin testnet coins on Ledger Live?
legendary
Activity: 2758
Merit: 6830
July 14, 2018, 03:22:59 PM
#2
From Ledger's CEO on reddit:

Quote
We are very transparent about what we collect. You can see the details here: https://talkimg.com/images/2023/05/14/bloba6ab8fc159b86a12.png This is less that what a web session is collecting (we don't log IP addresses), and much less than was Google was collecting with the Chrome app system.

Sending Ledger Live version, OS & language, and a unique anonymous ID (to count usage) is not invasive, doesn't breach any privacy issue, and is fully shown in a transparent way. If you do not wish to give your consent, you have the possibility not to use the app (please note that nothing is send to our servers unless you complete the onboarding and therefore agree to the technical data collection).

Compared to the Chrome apps, there is a massive progress in data collection as we were able to reduce to the minimum. It is important however for us to have a basic understanding of usage, the same way that a web page is having some basic analytics.

No personal information are sent, in any case.
Source: https://www.reddit.com/r/ledgerwallet/comments/8xdgfi/_/e22jqdi
jr. member
Activity: 98
Merit: 5
Jump to: