Highlander •
Hardware Wallet’s and User Privacy
Loading content...
Highlander •
Native Applications. Why is everyone tracking?
TL:DR
Ledger: Opt OUT (Segment)
Trezor: Opt OUT (Internal)
Keepkey: Privacy by default
“At KeepKey, we are privacy by default. None of our software we release includes bundled analytics. Our software is Open Source and adheres to Copyleft principles. We ensure that you’re never required to use closed source software with our product at all levels. We strive to incorporate privacy-first software wherever possible on any opt-in features.”
In my years at ShapeShift AG, and through my involvement with ShapeShift the DAO and final takeover of KeepKey, I’ve engaged in numerous discussions about ethical practices in the crypto space.
Despite being a privacy-first company since ShapeShift’s inception (originally a closed-source web application and a private company with traditional web development), the use of Google Analytics and standard tracking tools was an unchallenged norm for nearly five years. We resisted applying Know Your Customer (KYC) requirements (but lost), however, the concept of anonymized tracking analytics was not initially recognized as potentially inappropriate for crypto software. We always aimed to deliver a high-quality application.
In this article, I’ll delve into why the native application of a hardware wallet is crucial for your privacy, what KeepKey has done to protect users, and why major platforms like Ledger, Trezor, and even ShapeShift have adopted opt-out analytics policies. Spoiler: it’s not as malevolent as you might think.
Internally, I had been a staunch advocate for ShapeShift’s transformation into an open-source company. This view taken to the extreme ended with the formation of the ShapeShift DAO. This vision from Erik was realized. ShapeShift embraced an open-source-first approach, abandoning our previous segment analysis and app tracking practices.
These traditional practices were deeply ingrained in our development workflows. It was challenging to build software without insights into user behavior, error occurrences, user pain points, interface functionality, and A/B testing results. Our development lifecycle relied heavily on tracking user interactions within the application.
“what does the Product Team even DO if they can't analyze applications use?”
However, this approach faced strong resistance from our Security Workstream, led by MrNerdHair, which raised concerns about potential backdoors in the software.
“You are literally asking me to audit a backdoor being put into our software”
This led to internal conflicts between product development and security, with engineers caught in the middle.
This came to a head and resulted in a proposed compromise.
Create an "Alpha" version of the open-source ShapeShift web app with Analytics
We transitioned to using tools like Pendo in the Alpha version, allowing for efficient user data analysis, segment creation, monitoring of funnels, and more, all without significant engineering overhead. This facilitated user onboarding journeys, feature walk-throughs, a comprehensive resource section, A/B testing, and heatmaps.
As a result, private.shapeshift.com was launched and has been maintained alongside the Alpha version for the past two years.
This Privacy-first application provided by ShapeShift allows KeepKey users full functionality of ShapeShift and allowed us as KeepKey to bundle our Native Desktop application with NO TRACKING and full features like no-KYC swaps powered by Thorchain!
Why do Ledger and Trezor implement user tracking? Fundamentally, as traditional companies, their goal is to maximize profit, which often entails expanding their user base by any available means. The likelihood of these companies discontinuing tracking practices is slim, as it’s a standard operational strategy in the corporate world. The shift in perspective for ShapeShift, leading to a more privacy-conscious approach, was catalyzed by its transformation into a DAO. This change, combined with the advocacy of dedicated engineers within a flat organizational model, brought the issue of user privacy to the forefront.
In KeepKey’s world, the journey towards greater privacy has been shaped by the influence of the ShapeShift DAO and the dedication of engineers like MrNerdHair. As a private company, KeepKey leverages the DAO’s approach to privacy, blending it with our own ethos. The essence of KeepKey’s collaboration lies in maintaining the fundamental ethos of the crypto world: it’s not solely about asset protection, but about fostering a technological environment that deeply values and defends user privacy.