The thing is I want to keep my coins in ledger.
Then do it. You're not a child. You don't need our permission. You're making a poor decision, but it's your decision to make.
Be an adult.
Make a decision and if anything bad happens due to your decision, you accept the consequences for your decision.
Be an adult.
So you think there is extraction firmware even on the nano ledger s then?
Yes. How many times do you need to be told the same answer?
Yes you are correct we don't know because it's closed source.
Then why are you asking?
If you can't prove it's safe, you shouldn't be trusting it. Period.
I recall you said you it took you several months to think about what to do and in the end, you went with another hardware wallet.
Yes, because I spent my time researching better alternatives. You're spending yours looking for permission to do nothing. You're an adult. Make an adult decision.
You said you felt like if something was going to happen, it wasn't going to happen soon.
Yes.
So during that entire time when you were learning and researching on what to do, were you nervous a bit or not really since your coins was in the ledger?
Oh, wow.
If you don't even understand that your coins are NOT in your hardware wallet, you should not be doing self custody.
You don't know what you're doing.
Your coins are not in your Ledger. Your coins are on the blockchain. Your hardware wallet protects your keys and signs your transactions.
Wow.
Oh, dude. You should not be doing self custody. You don't even know the basics.
Going back to your question:
So during that entire time when you were learning and researching on what to do, were you nervous a bit or not really since your coins was in the ledger?
The moment I learned that Ledger was working on key extraction firmware, and that they'd lied about it, I stopped using my Ledger devices and I stopped using Ledger Live.
I didn't touch anything made by Ledger because I couldn't trust any of it, and I didn't want to risk my coins.
I forgot to ask you but you have a nano ledger s plus or x or another ledger device?
It doesn't matter. Even if Ledger says Recover isn't compatible with a specific device, there's no way to prove the device doesn't include any of the Recover code in its firmware since the firmware isn't open source.
Let's say you like eating at a restaurant & one day you find out somebody died there due to eating poisoned chicken. I'd stop going there. I'm guessing you'd be, like "I don't order the chicken. Is it still ok to go there? Is it still ok? I feel comfortable there. Is it ok? I don't like change. I want to go there. So if I'm going to go there is it ok is it ok is it is it is it?
Dude.
Okay so if I have no plans to move my coins from ledger, at least don't update the firmware from 1.1.0 to 1.1.2 correct?
NO.Oh my god.
Is it safe to update the firmware? NO.
Is it safe to stick with the current firmware? ALSO NO.
You can't prove it's safe.
Wow.
But you say the 1st option of what you suggest of not updating firmware is still better since you won't have recover option on it right?
You're doing something foolish. There is no better option.
Did you give an amount of time before you said you had to make a decision?
Yes, because a deadline keeps me focussed on reaching a goal. My goal was to find better security. I broke it down into chunks of things I wanted to learn: Singlesig vs multisig. Native Segwit vs Taproot. BIP85 vs a nondeterministic backup. Etc. I'm not recommending any of that for you, because you don't even understand the basics of self custody yet.
I remember you said it took you months.
Yes. Only because I wasn't just looking for a better hardware wallet. I was looking for an entirely different and significantly more advanced setup.
So would you say it's fine just don't update firmware...
Wow.
How many times do we need to say this?
Is it safe to update the firmware? NO.
Is it safe to stick with the current firmware? ALSO NO.
You can't prove it's safe. For the short term, you're probably fine, though you can't prove it. For the long term, why would you stick with a company that lies to you and uses closed source firmware that contains key extraction APIs?!?!?
Wow.
but what if I have to do a transaction then and ledger live doesn't allow me to do a transaction then? Either don't do the transaction or use electrum with it then?
You shouldn't be doing self custody. You are clearly in over your head. You don't even understand the basics.
As of now, I do open ledger live from time to time.
Ledger Live is loaded with trackers, and you added more of them to your computer by updating it. That thing is awful. If you get hacked, do not be surprised if Ledger Live ends up being how hackers find you. That thing is an info honeypot.
Ledger Live cannot be trusted.