Are there any good guides on hardening Windows for privacy and security?
Hardening Windows for privacy and security
[deleted]
Windows is private and secure
[deleted] Hah, nice joke.
FYI, you will need at least the Pro version of Windows 10/11 to be able to turn off telemetry and data collection through Group Policy Editor. As far as I know only Windows Enterprise allows for turning off telemetry completely. (Correct me if I'm wrong on that part).
[deleted]
Use windows enterprise or education, then use GPO.
https://github.com/beerisgood/Windows11_Privacy
https://github.com/beerisgood/Windows11_Hardening
- Edited
Relaks FYI, you will need at least the Pro version of Windows 10/11 to be able to turn off telemetry and data collection through Group Policy Editor. As far as I know only Windows Enterprise allows for turning off telemetry completely. (Correct me if I'm wrong on that part).
[deleted] Use windows enterprise or education, then use GPO.
I already use Windows 11 Enterprise.
[deleted] https://github.com/beerisgood/Windows11_Privacy
https://github.com/beerisgood/Windows11_Hardening
Thanks, will take a look.
[deleted]
Then just turn off everything you don't need in privacy settings
For the rest, use GPO to modify telemetry and other settings you need.
Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds : and set it to level 0
Don't use weird scripts to make system modifications.
[deleted]
- Edited
I can't remember if they're in the guide I posted: But take a look at how to install windows sandbox : https://www.xda-developers.com/set-up-windows-sandbox-windows-11/?newsletter_popup=1
Edge also has a sandbox mode, which can be set by GPO. A second browser, well isolated from the rest of the applications, is then possible : https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard
Note that edge benefits from some of the same telemetry settings you'll be setting on windows.
It has a secure mode that can be activated in the settings to disable JIT, like vanadium.
Disable other optional settings that you don't need.
[deleted]
Relaks
I know that some people block DNS on certain queries.
I don't know if it's really relevant,
- Edited
Load windows as a temporary VM into Qubes-os; copy in any data to process; do your Windows thing; copy any updated data to an isolated database; flush the VM.
If Windows is hacked, the damage will be confined to the VM and not the computer firmware.
When updating Windows, load it in as a temporary VM; update (do nothing else); save it for future uses.
https://www.qubes-os.org/
[deleted] lmfao
[deleted]
Yes, very funny. The reality is that some of us are stuck with Windows for various reasons; even if I personally would prefer to use less privacy-invasive OSes. Minimizing data collection is what we can do in these cases.
[deleted] it's funny because it's an incorrect statement
[deleted]
titaniumtown ok it's funny... windows is secure and privacy friendly. https://madaidans-insecurities.github.io/security-privacy-advice.html#operating-system
[deleted]
titaniumtown and if windows isn't enough for you, you can install whonix.
- Edited
and if windows isn't enough for you, you can install whonix.
I haven't used windows in 10 years. I don't need advice on switching operating systems. Also, who uses whonix as a daily driver?
ok it's funny... windows is secure and privacy friendly. https://madaidans-insecurities.github.io/security-privacy-advice.html#operating-system
lol no
[deleted] While Windows is somewhat secure it doesn't necessarily mean that it's private as well. Privacy and security aren't the same thing. Even the source you mentioned only states the following about privacy:
Also no specifics have been given there and the emphasis lies on usually.