The app developer and privacy advocate says Ledger Live tracks users
Ledger Live software tracks its users and stores information about them, according to a report from anonymous software developer and privacy advocate REKTBuilder. The developer has examined the software's Python code and says it will perform a “true device check” every time a user connects their Ledger device to their computer or phone. This check lists every app installed on the device, REKTBuilder said, allowing Ledger to know which networks the wallet's owner uses.
Ledger Live includes a real check in the application listing process. As such, you always dock your device when installing or updating apps and firmware. I've removed most of the tracking in Les Libre, but they still track you.
I've been trying for the past two days… pic.twitter.com/Q1aF1qpjge
— REKTBuildr (@rektbuildr) December 27, 2023
REKTBuilder is a fake researcher who posts on the Crypto.bi forums and on X (formerly Twitter). On December 6, Ledger Live published a report stating that it was recording users' crypto balances. The next day, they released an open-source alternative to Ledger Live, called “Lake Libre,” which they claim is “track-free.”
REKTBuilder now claims to have discovered an even bigger privacy issue with Ledger Live. According to their December 27 post, they discovered that several lines of code contained the phrase “genuine check.” When you add “trace prints” to this code, you discover that the software doesn't work when it appears to be checking the device. Indulging their curiosity, REKTBuilder investigated further and found that the correct check was included in the “listApps” subsection. The check can be used by Ledger to determine the time and date of each moment a user connects their device, according to REKTBuilder.
Related: Ledger Announces US PayPal Integration, Lets Users Buy Crypto In-App
The developer of the mockup tried to remove the code, but doing so broke the software and rendered it unusable. This implies that no truly “trace-free” live version of the ledger can be created.
REKTBuilder “I tried to disable remote monitoring and it's impossible, if you do it, it will be disconnected.” “This means that every time it enters the device, Ledger knows it's you.”
Although this is a privacy issue, REKTBuilder says they still use Ledger Live on X because[n]or other HIV [hardware] Alternative #Avalanche on the original.
Cointelegraph reached out to the Ledger for comment, but did not receive a response by the time of publication.
Ledger is a manufacturer of crypto hardware wallets. The device claims to have more than 6 million users. In March, Ledger raised $109 million in capital to further expand its operations. In October, it released an alternative cloud-based recovery tool for users who fear losing their private keys.
