Ledger Live Collects Lots Of information

I just wanted to share this to anyone using Ledger Live. I had no idea how much data they collect about their users.

ledgerlive

4 Likes

thanks for this valuable info @BrGr01 & welcome.

Realistically one has to include even things that are not on the “Data collected” list (though there isn’t much left over about the context & identity of transactions) and expand the “Data usage” list to cover uses by government representatives which Ledger will be unwilling and probably unable to disclose.

The precedent that government security and tax agents effectively own all data collected by all companies is well established in the USA, where Ledger does a lot of its business, and their base in France puts them in the EU domain in which the banking authorities have stated publicly many times that the government will have oversight on all crypto transactions.

In case such warrants are exposed or disclosed, it will be presented that these are cases of “Legitimate interest” (the third column)… and finally the “Retention period” for “intelligence” gathering purposes is of course infinite. So the conclusion would be that whatever you do with Ledger or any equivalent will have no privacy whatsoever.

There are some alternatives like the one @johnshearing has developed and a software-only platform that I introduced with this motivation (this was written after the earlier December 2020 Ledger security incident in which personal data was freely circulated after being “hacked”):

3 Likes

It seems to me that “legitimate Interest” is not an obligation by law?

Therefore I would have expected an option to “opt-ou” for this data collection.

Either way I will look for another solution as well. Thanks for sharing an alternative

2 Likes

Exactly why open source software is so important. When looking into hardware wallets, I ruled out Ledger because it wasn’t fully open sourced and went with Trezor T instead.

2 Likes