I just wanted to share this to anyone using Ledger Live. I had no idea how much data they collect about their users.
4 Likes
thanks for this valuable info @BrGr01 & welcome.
Realistically one has to include even things that are not on the āData collectedā list (though there isnāt much left over about the context & identity of transactions) and expand the āData usageā list to cover uses by government representatives which Ledger will be unwilling and probably unable to disclose.
The precedent that government security and tax agents effectively own all data collected by all companies is well established in the USA, where Ledger does a lot of its business, and their base in France puts them in the EU domain in which the banking authorities have stated publicly many times that the government will have oversight on all crypto transactions.
In case such warrants are exposed or disclosed, it will be presented that these are cases of āLegitimate interestā (the third column)ā¦ and finally the āRetention periodā for āintelligenceā gathering purposes is of course infinite. So the conclusion would be that whatever you do with Ledger or any equivalent will have no privacy whatsoever.
There are some alternatives like the one @johnshearing has developed and a software-only platform that I introduced with this motivation (this was written after the earlier December 2020 Ledger security incident in which personal data was freely circulated after being āhackedā):
3 Likes
It seems to me that ālegitimate Interestā is not an obligation by law?
Therefore I would have expected an option to āopt-ouā for this data collection.
Either way I will look for another solution as well. Thanks for sharing an alternative
2 Likes
Exactly why open source software is so important. When looking into hardware wallets, I ruled out Ledger because it wasnāt fully open sourced and went with Trezor T instead.
2 Likes