The IP sharing, yes, but what other data are they sharing with their third party partners. I note that the mobile apps also collect information such as your device ID and GPS coordinates. What about which coins you are holding, or even your balances or addresses? And then once you share your KYC to access this Baanx card, is that going to be shared too? Far too risky.

I think it mostly goes back to the root issue, which is most people do not care about their privacy until it is too late. If people are happy to send their KYC off without a second thought to any centralized exchange, or even worse to some complete stranger who can copy and paste an existing token and launch some scam bounty campaign, then good luck convincing them that Ledger sharing their identity with a debit card provider is a concern for them. If you care about your privacy then this behavior from Ledger is unforgivable, but if your KYC documents are already for sale on dark net markets, then this is pretty much irrelevant.

The fact that Ledger have survived seemingly unscathed after literally putting many of their customers in physical danger by leaking their full names and addresses, means I suspect that most people simply won't care about their loss of privacy here either. I had a look through their subreddit and could only find a single user express privacy concerns about this, and he was being downvoted for doing so.