This Friday, a controversy arose over the collection of user data by the application of the French physical wallet company Ledger, disclosed by the anonymous developer REKTBuildr. This fact was obviously hidden in Ledger's privacy policy and within the same Ledger Live application.
“Ledger Live sends data about the assets you have in your hardware wallet as you access them. It also sends a lot of other information about your computer and device.” So summarized The anonymous developer REKTBuildr presents the first results of his research on Ledger Live.
In light of the disclosure, Ledger CTO Charles Guillemet said, accepted data tracking and state that they disclose the data they collect in their privacy policy. Guillemet explained that the goal is to improve the user experience, adding that anyone who wants to disable the feature can do so through the Ledger Live settings. However, tracking and information collection occurs by default in the application.
What information does Ledger Live collect?
In the section dedicated to Ledger Live, in privacy policy, The company ensures that it collects information such as IP address, clicks, language, region of your operating system, currencies, amounts, transaction status, transaction identifier, etc even the data used by its partners to identify you.
While Ledger Live integrates services for buying and selling cryptocurrencies on platforms with Know Your Customer (KYC), this identifier may include the name of users. From CriptoNoticias we have contacted Ledger to confirm this information and we will update as soon as we have a response.
The information collected is stored in France for up to 5 years may be disclosed to “legal or administrative authorities”. or to authorized third parties where sharing this information is required by law.” It may also be shared with technical providers, subsidiaries, partners such as services accessible through Ledger Live or personalized advertisers, and other companies.
Ledger says We do not store any information that allows the company to know your personal identityIt clarifies that users' IP address is only collected to be shared with partners when this information is necessary for their services and is not stored by Ledger.
REKTBuildr disclosed that Ledger uses the segment service of the data processing company Twilio to analyze its users' information. “Ledger Live performs analytics on everything from screen views to clicks, error events, installs, uninstalls, etc. Everything you do in this app is tracked,” the developer writes.
It should be noted that this information is tracked corresponds exclusively to the Ledger Live applicationand not to Company-manufactured hardware devices. Users who wish can use their Ledger device through other wallet applications such as Sparrow or Electrum.
Last June, it was revealed in CriptoNoticias that the Ledger app contains trackers that share information with Facebook and Google. On the other hand, it is important to remember that in 2020 The personal information of nearly 300,000 Ledger users was leaked in attacks on its proprietary database and that of its partner Shopify.