A recent report by a pseudonymous software developer and privacy advocate known as REKTBuilder, has raised concerns about Ledger Live, the software associated with Ledger, a prominent manufacturer of cryptocurrency hardware wallets.
According to REKTBuilder’s findings, Ledger Live is purportedly tracking its users and collecting data on their wallet usage, including details about the apps they install. This revelation has ignited discussions within the cryptocurrency community regarding user privacy and the implications of such tracking.
Ledger Live’s alleged tracking
REKTBuilder claims to have uncovered a “genuine device check” embedded within Ledger Live’s Python code, which activates every time a user connects their Ledger hardware wallet to a computer or mobile device.
This device check compiles a list of all the apps installed on the user’s device, providing Ledger with insights into the networks accessed by the wallet owner.
The alleged tracking is said to be seamlessly integrated into the app listing procedure, exposing user data during app installations and firmware updates.
While REKTBuilder attempted to remove the tracking code, they reported that doing so rendered the software unusable, suggesting that a truly “tracker-free” version of Ledger Live may be unattainable.
“I tried disabling the remote tracking, and it’s impossible; it breaks if you do,”
“Which means Ledger knows it’s you every time you plug the device in.”
Previous privacy concerns and response
This is not the first time Ledger has faced privacy concerns. Earlier in December, REKTBuilder had reported that Ledger Live was recording users’ cryptocurrency balances. In response to these concerns, REKTBuilder introduced an open-source alternative to Ledger Live named “Lecce Libre,” which was promoted as “tracker-free.”
Despite these allegations, some users still opt to use Ledger Live due to a perceived lack of hardware wallet alternatives for certain cryptocurrencies, such as Avalanche.