so:
1. private key - cant be expose for online transaction - so most of online wallet like blockchain.info are not safe.
2. cold wallet - if computer was hacked, hacker could sniff private key even with one time private key scan app like blockchain.info
3. ledger nano s - if computer was hacked, hacker create phishing destination address.
What are other parameter for newbie checklist?
*sorry if its out of topic.
1 - Blockchain.info - biggest problem is that your coins are only secured by a password and 2FA, usually SMS or email. A hacker can take control of your email, phone and get your password if the computer you're using it with has a virus. I would never use blockchain.info because I can never be sure my computer is 100% safe.
2 - Do you mean paper wallet? Either way, yes the moment you scan the private key with a compromised machine connected to the internet it's possible someone else can see it. I always empty paper wallets completely and I use the Mycelium cold storage spending feature on a phone to do it and have never had a problem.
And of course a paper wallet must only be made completely offline.
3 - Hardware wallet - no known possibility of a hack in normal use.
When you create the hardware wallet it asks you to write down the 24 word seed and store it. That allows you to restore the coins in another wallet and that's where the risk is. If someone else finds the seed then they can restore in another wallet.
So the seed must be kept safe and offline. Write it on pieces of paper or write it in an encrypted folder on a computer that will never be used on the internet. Also only open that folder on a computer that will never use the internet.
Yes, if the computer is hacked it's possible it would try to change the address on your Ledger app. All you need to do is double check the address you want to send it to on the Nano screen.