[deleted] What you're doing is called badness enumeration. You replace Windows, for example, because of privacy problems, but you replace it with Linux, which has much more serious security problems and doesn't prevent Gafam from tracking you when you surf the Internet.
[deleted] I think I am better off talking to a wall. At least that will just stand there in a calm agreement...
[deleted] You talk too much. Go for a walk out in the woods and give the rest of us a break.
Well, I agree to some extent. @[deleted] has a good point, Linux is not more secure than Windows, contrary to popular belief. This is especially true when it comes to LUKS and Secure Boot.
At least not out of the box (Android is an exception here). A very interesting read is: https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html
But I will always prefer Linux, because it allows me to tinker and does not send a shitload of telemetry.
A gentle reminder that Graphene18 was asking for hardening guides for Windows. Please try to keep this thread on that topic.
treequell Whonix on Windows lets you compartmentalize data, so I don't see what else you can do. Sorry for the off-topic. Even with whonix privacy may not be guaranteed for many reasons. If I may summarize, Windows employs hundreds of people in charge of security, so for me it's stronger than the others, just like Mac OS.
[deleted] if I should use the same analogy, thanks to the fact that only a handful or so people works on GOS security, as a result it should be utter crap. But it isn't. So what was your point again?
Linux is what you make of it. Windows can be secure, if you harden it, so too is Linux. It all depends on how much you care and how much work you are willing to put in.
It's naive to think money (whether through ads, data, donations, or purchase) can simply buy good security. If you want something done right, learn to do it yourself.
[deleted] A mod has asked everybody to keep this thread on topic (hardening guides for Windows). Please be respectful of that.
Sorry for derailing the discusssion, and thanks Aliceoff for clarifying some of my confusions regarding your threat model.
Graphene18 hardening Windows is not that easy since you don't have as much control compared to some Linux distributions like Qubes OS. Definitely try to get an Enterprise or Education license for full telemetry settings. You might also look into Windows 10 Enterprice LTSC 2021, which is the most stable and secure Windows today because it comes without feature updates and is stripped from "Bloatware". It is hard to get a reasonably priced license though, and it won't work well on newer hardware. Windows 11 LTSC will probably not come out before 2025, so that's your best bet.
But here are 2 overkill ideas that might be interesting, too:
If you have a powerful enough machine you could run Windows in a virtual machine on a hardened Linux host system. That would allow you to quickly reset your machine to a fresh install or use multiple windows installations next to each other (one online and one offline for example).
Back in my Windows days I used to make a full disk backup of a fresh, hardened Windows install that had all my needed software set up. Every other week I would wipe the disk, restore the backup, run the updates and have a blank sheet again and therefore minimize my risks and damage potential.
Edit: Typos
Well, in my opinion if you care about privacy and security you shouldn't be using proprietary software in the first place.
Alice has some good points. But I doubt that if you can be sure that Microsoft turns off the telemetry and keyloggers if you buy enterprise or pro license.
For myself I just go with a minimal Arch Linux configuration and have several encrypted copies of my important files. The overall security of Windows just can't be compared to a system with Linux kernel (yeah, Linux it's just the kernel, you can build everything you want with it).
The chances of getting your system compromised using a Linux machine are less likely, most of the internet malware is just not affecting you. People can praise Microsoft how much they want for how many people they have employed for working on security, but the windows security architecture is just crap.
But if you're stick with Windows, minimize your attack surface by keeping it clean and simple. Some "debloat" guides might also help you.
I already got my answer, this thread can be marked as solved, or, even better, locked.
This thread became a mix of misinformation and copium.
