A detailed study found Ledger, the world’s leading hardware wallet maker, gathering data. As Ledger Live, the official program for connecting with Ledger’s hardware wallets, sends user data to segment.io, the disclosure has sparked worries. Clicks, website visits, redirects, crypto transactions, page scrolling, accounts, crypto asset names, session durations, hardware device kinds, and firmware versions are communicated.
REKTbuildr called Ledger Live’s code a “gigantic user tracking system.” This surveillance includes Ledger wallets’ digital assets and NFTs, posing privacy and data security concerns.
Despite these findings, Ledger Live’s settings allow you to ignore some analytics. Analytics transmits data on user actions and system information, giving consumers flexibility over data transmission preferences on the settings tab.
Ledger Live harvests data using a JSON object with a properties key, user ID, and ‘writeKey’ for unique PC identification. While the software doesn’t provide private keys or recovery phrases to segment.io, the transferred data includes user activity timestamps and other information that might lead to extortion threats.
Many wonder why Ledger collected so much data. REKTbuildr speculates that Ledger may resell anonymised data to third-party advertisers. Google and other data aggregators sell audiences with engaged digital actions. Ledge’s UX and UI could benefit from the data’s internal use.
In response to community concerns, REKTbuildr forked Ledger Live software, removed its tracking codes, and made it accessible on GitHub as a privacy-conscious alternative.
Ledger has been reserved regarding analytics harvesting questions. After Ledger’s controversial moves, the digital asset community’s distrust grows due to the lack of transparency. Trust was undermined by the company’s Recover service, which allowed remote access to hardware wallet private keys, and a security incident that exposed user emails.
In conclusion, Ledger’s data tracking increases privacy concerns, encouraging customers to adopt tracker-free forked versions or the hardware wallet sans Ledger Live software. The situation highlights the necessity of cryptocurrency hardware wallet transparency and user trust.
ALSO READ
- Microsoft app store security flaw allows fake Ledger live app to steal $588K
- Ledger Launches Cloud-Based Private Key Recovery Tool
- Data breach exposes Bitfinex users to phishing attacks