There have been a lot of controversies surrounding the mode of operations of ledger - one of the top hardware wallet manufacturers, meant to be complete non-custodial, but recently, researchers have discovered data Harvesting Inside the ledger live app.
For whatever reason best known to ledger, and hard to comprehend for users, ledger live app is transmitting information about..
- Clicks
- Page visits
- Redirects
- Crypto transactions
- Page scrolls
- Number of accounts
- Crypto asset names
- Session duration
- Hardware device type
- Firmware version
The information you mentioned that is being tracked and collected doesn't change the non-custodial aspect of the app to a custodial one. As long as you have access to your keys, and you are the only one with such access, and can import them properly elsewhere, it's a non-custodial wallet. And you can do that with Ledger. A big problem would be if someone can prove that Ledger has and/or has always had a copy of all keys. I am not talking about the Ledger Recover feature here.
However, even if the user turns off that option, can we say with certainty that the app still does not (secretly) collect data and send it to someone for analysis?
Someone should prove it then. Unless it's the firmware that is doing nasty stuff, those who can read and comprehend code shouldn't have issues proving if and how Ledger collects data using ledger Live.