Ledger Live data collection is more than a little concerning

[rektbuildr]

So I've been experimenting with a local copy of Ledger Live

As you probably know, it's an Electron app. So it runs like a web application inside a web-browser-like environment that you can run like a native app.

This means you can open up a developer console just like in Chrome and view network requests, event handlers and so on.

I ran Ledger Live and opened the network tab just out of curiosity. And what I found was more than a little concerning.

The application phones everything about your device AND YOUR FUNDS to an outsourced endpoint at https://api.segment.io/v1/t

The payload is a json object with a properties key. Inside "properties" there is a accountsWithFunds object which sends "segment.io" accounts with funds, along with NFTs :





That's not even a Ledger endpoint, it's an outsourced data collection service.

As if that weren't bad enough, the submitted payload also contains a userId and writeKey which probably identify your device uniquely, along with tons of other data like device model, how much space you've used, your operating system version and so on.

It'd be understandable if Ledger Live were using this data locally, to determine whether you can install additional apps and so on. But why is it sending everything across the network?

tl;dr;

Ledger Live is phoning out data on assets you hold in your hardware wallet the moment you access Ledger Live. It's also sending out tons of other info about your computer and device.

 

[rektbuildr]

I dug a bit deeper into this since last night and, after several hours of tracker removal work, my impression is that Ledger wants to turn Ledger Live into a platform for 3rd party advertisements. The tracking code is too structural to be just counting users and downloads, like regular apps do. LL is doing analytics on everything from screen views, to button clicks, error events, installs, uninstalls, etc. It's basically tracking everything. Anything you do on that app gets tracked.

I posted some updates as I went along in this thread:

https://twitter.com/i/web/status/1732542258698694875

Obviously, Ledger needs a business model. Maybe selling hardware isn't enough and they're looking for alternate revenue streams. Which is fine, we're in the grind.

But, they should offer us an offline tracker-free alternative IMO

So if you want an easy interface, with wallet, prices, etc you can use ledger live. But if you just want to install a new ledger HW and be done with it, there should be a way to do it that does not require contacting Ledger servers.

Here's a fork of Ledger Live that does not contain 3rd party tracking functionality: https://github.com/rektbuildr/ledger-live. I randomly called it Ledger Libre.

I'm aiming for a minimal Ledger Libre where all you do is connect device, install/update and disconnect it. Maybe I'll tag the current code where it is and take it from there. Or branch it into a "minimal" branch or something like that. Either way I'll update the github repo when I have the time.

I do this as a hobby, so I can only contribute to repos when time allows it.

LFG frens!

 

[rektbuildr]

Well, it turns out Trezor also does opt-out analytics on Trezor Suite

https://twitter.com/i/web/status/1733751780633088390

The main question here is why must hardware wallet vendors track their users?

We should be able to use hardware wallets without being tracked and monitored

Hardware wallets should allow incognito operation. The wallet manufacturer does not need to receive an alarm every time you use the thing.

Hardware wallet manufacturers seem to be in the data collection business, not hardware wallet business

That explains why Ledger and Trezor analytics code is built into the core of their apps together with its basic functionality like device installation and update routines?

Analytics would then be the business here and selling hardware wallets is secondary.

Kinda like inkjet printers, the real profit is in selling cartridges. They might as well give the printers away.

I have no idea how anyone thinks it's OK for any of these companies to get an alarm every time you click on a button, open the wallet, access a menu, send a transaction, install a new device and so on. This is crazy!

Just so you're a little extra paranoid, if these apps have analytics all over them and you paste your mnemonic in the wrong place, it's gonna leak your mnemonic to an analytics package. Or worse.....it could "accidentally" leak it when pasted in the correct field as well....who knows, it's sending back a tsunami of data. You can't trust it. It has every menu, every text field, everything in the app wired up to view what you're doing.

The damn fcking thing is sending everything you do to the manufacturer. You just can't trust it. There should be ZERO phoning back in any of these hardware wallet apps. ZERO. It should not be sending anything out, only IN. When you REQUEST a device install, it sends you a firmware, that is all it should do.

Hardware wallet apps should NEVER send anything OUT.