If you won't use Tor (you should), then at least use a clean install of a new browser with a fresh VPN exit node so as to minimize being tracked by tracking cookies from Facebook, Google, etc.

The extension you want is uBlock Origin, not uBlock. The two are different, and the latter allows through "approved" ads and trackers.

This is probably the hardest step, and also very dependent on what country you live in. Generally speaking, PO Boxes or similar have to be registered in your own name, and you need to provide ID to be allowed to open them or sometimes to access them. Even so, this is still a good step, as it breaks the link between your real name and the retailer, and an attacker would have to be very determined to go about de-anonymizing your PO Box (provided you aren't careless and don't advertise it elsewhere). Other options include general delivery or poste restante, delivering to a work address (but then it either has your real name, or you need to have a receptionist who will look out for a package with the fake name on it), or sometimes you can arrange delivery to a store or similar drop off location which won't require ID to pick up.

Seems a bit unfair on that family member. If you are looking to unlink your identity from the purchase of a hardware wallet, then obviously you are considering or are concerned about $5 wrench attacks. By shipping to a family member, all you are doing is moving the risk on to them, and they truly will have no coins to give up to prevent or end such an attack. If they don't even know what BTC is, then they won't even understand the risk you have placed on them.

That all seems far more unethical to me than simply receiving mail under a pseudonym.

You suggestions have only one disadvantage: you can forget about warranty with all that “being anonymous” paranoja In case you have any troubles with your hardware wallet - you will face lots of troubles or inconveniences.

Yeah. I don't even know why it's showing as "Ledger" - different phone number each time and I don't have them in my contacts. Must be screwing with Google somehow, or whatever malware dialer the carrier might have installed on my phone.

They're also sending text messages and addressing me by full first/last name and asking me to click some sketchy link.

I don't know what 'paranoja' is, but exposing your name, address and phone number to hackers sounds a lot more like 'lots of troubles or inconveniences'.

Fake Ledger tech support now started calling people  
You can try to block their number, and in future you can buy reserve prepaid number used only for registrations and ordering stuff.


I like the idea for PO boxes, but they are not available in all countries and cities, and they are not perfect solution.
Best option for me is to buy something in your local authorized reseller shop and pay with cash or crypto if possible.

 

It's good suggestions if you want to protect your data from phishing attacks, but not everything will work.
Using fake name can cause problems when you will have to take your wallet if it's delivered by courier or you take it from post office. Probably only way to stay anonymous - if your hardware wallet is delivered on parcel machine (don't know how exactly it's called in English). Your name isn't needed there, phone number or email is enough. You'll get PIN code through SMS or email and this code is needed to open doors of that parcel machine.
And if you're using PO boxes, it's impossible to stay anonymous.
One option - buy it from official reseller. But usually resellers have higher price than buying directly from Ledger.

Were you one of the allegedly only 9.500 users who had their full personal details leaked? Did you receive an email from Ledger informing you that you had all your details leaked?
I received only two emails so far, at the beginning of the phishing campaign. They both contain only the first name, not the last name. And there haven't been any calls or SMS messages. Which means they are either using different ways to approach the users, or not everyone has had everything leaked. A third option is that they haven't had time to call yet, due to the share number of other users above me on the list.   

Unless the hackers used fake IDs when registering the phone numbers (which they probably did), the carriers could help in identifying the users behind those numbers. To the police or government agencies, of course, not to the general public. 

Amazon run Amazon Lockers in a number of cities, and you only need a code which they will email you to pick up a package. A new account not linked to your real name or address and a throw-away email address could be a possibility, although knowing Amazon, they will lock your account at the first sign of any shenanigans.

I'm no expert on the matter, but it used to be that simply phoning your carrier and saying that it is business phone and you would like it to be registered under the name of your business (in this case "Ledger") would be sufficient. It's even easier if they are using a VoIP service, with many letting you simply fill in the field yourself. No ID required.

Depends on whether or not Ledger or any other company would every actually need to "contact you about your order". I think most people give out their phone number far more often than they realize. For the sake of $5 for a prepaid SIM which I change every 6 months or so, a disposable phone number I don't care about and can hand out freely is great. I maintains my privacy, I know I'll never get phished or scammed via my real phone, and completely eliminates my concern regarding database breaches like this. Just think how many other databases somewhere your phone number is sitting in.

Like all things Google, there will be zero effort put in to protecting their end users. It is the same trick that telemarketers and scammers use to hide their phone numbers. It is illegal, but it is easy to do and difficult to trace, so the vast majority get away with it.

I was meaning more about being phished for crypto via my main phone. If my doctor's office leaks their database, it's highly unlikely that someone will target it with Ledger phishing texts or similar. Still, I use my disposable phone not infrequently to communicate with other people while trading peer to peer in my local area, and I suppose people signing up to centralized exchanges or other crypto services could benefit from a disposable number as well. Even signing up to something like Telegram if that's your thing I would only do from a disposable number.