I'm no fan of Ledger's stance on user data and privacy, but this is not unique to them or even unique to hardware wallets. If you use any wallet which goes through any server which is not your own server pointed at your own node, then whoever runs that server will absolutely be able to see your IP address and details of every address you query and every transaction you make, as well as any other unique identifiers the wallet software communicates to them, and can keep that data for as long as they want and share it with anyone that they want.
Exactly. Ledger is probably being bashed because we all know there was a data leak, and they are transparent about this data usage (sharing with partners, etc).
Basically every website and company does that, but they are not so clear about.
Ledger wallet is a device that is useful for security. If you want to use their wallet for convenience (or any other SPV wallet that goes though their server) you are being watched.
If you own a Ledger device and need to use Ledger Live to update it (is there no way to do this offline?)
There is a way.
You can create 2 wallets, using a passphrase. Then, you can use ledger live only in your empty wallet to update the firmware.
When making transactions, go to your other wallet with a passphrase (different pin) and use it in a software where you truste the servers.