How can you verify that you must opt-in for Ledger to extract the seed if the code is closed source?
Discussion
I know some parts of their OS is open, but for the sake of this argument lets assume everything is closed source. In this case then obviously you can’t verify what the firmware is doing as has been the case the whole time with ledger. Users can’t verify the firmware running in their device is not malicious, but they also can’t verify the firmware is malicious as you are hinting to. People that use ledger have always had to trust the company is not malicious (until they open the firmware, which is in their roadmap according to them). The fact that there have not been any instances of ledger users getting rugged or devices being broken into is what gives people confidence to continue to use their products. Not everyone will choose to take this trade offs, but asserting that funds are not safe if you’re using a ledger device without providing evidence is FUD.
Don't trust, verify.
You can't verify with Ledger.
So dump Ledger before you get rugged. Don't take the risk.
the ledger live source is here. however I don't know of anyone who has built it