Dear CC community,
after the latest Ledger Recovery feature story something new emerged what might interest you. According to dapp developer and X User REKTBuildr, Ledger is able to track you everytime you use your device making it impossible to stay anonymous when using the hardware wallet, thereby defeating the very reason to use Ledger (besides the already compromised security promise following the Recovery feature).
He writes (https://twitter.com/rektbuildr/status/1739984215070888316):
Ledger Live embeds the genuine check into the apps listing procedure. As it is, they always doxx your device when installing or updating apps and firmware. I removed most tracking in Lecce Libre, but they still track you regardless.
For the past couple days I'd been trying to find the genuine check code in Ledger Live
There's "genuine check" labeled code everywhere, but I added tracing prints to it and none of that code was ever run when it checked the device. I thought that was funny so I continued digging.
Looking at the Python code (below) instead of the convoluted Typescript from Ledger Live desktop, I finally understood what's happening. Ledger's genuine device check is embedded with the listApps subroutine. It's kinda hidden there TBH I tried disabling the remote tracking and it's impossible, it breaks if you do.
Which means Ledger knows it's you every time you plug the device in. During that procedure it lists which apps are installed in your device, so they also know what you're running on your HW.
So right now there's no way to operate Ledger HW's anonymously. They know every time you plug your device in and which apps you have installed. It was even worse before Lecce Libre, it also tracked your crypto balances!
So, the obvious question is why did they glue together apps listing and genuine check? They're not trying to save network calls, that's for sure because their software makes 2 thousand network calls for all sorts of unnecessary stuff (I've removed them from the sources and the system still works).
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments