Long story short here: I tried making Linux my main OS on my PC. I had it dual booted with Win 11 on a separate SSD. Win 11 was going to be solely for work purposes since it was crucial.
However I noticed that I had begun to migrate slowly back to Win 11 because I’m a gamer and Linux just doesn’t get along with my graphics card, so games are almost impossible to play well.
I’ve succumbed to the idea that my PC will just solely run on Win 11. (I do use Linux on a laptop tho). So I got some debloat tools to shut off most of Microsoft’s annoying spy shit and manually uninstalled the rest like Cortana. I also have pihole running on my raspi5 so my PC is connected to that, plus I use ProtonVPN. I use Firefox with plugins like ublock, privacy badger, etc.
I want to try to make Windows as private and away from Microsoft’s prying eyes as much as possible. Got any other recommendations?
Win 11 IoT Enterprise LTSC is what you want. It comes with a grand total of zero drivers, so you’ll need to download them to a USB drive before installing, otherwise you won’t even be able to get online because there’s no driver for the ethernet or WiFi. You can even uninstall Edge! (Which you should definitely do.) I think that massgrave.dev is considered reputable for downloading and activating, which is done by shell scripts. You should be able to turn off pretty much all telemetry on it.
When I’m forced to use windows it’s the LTSC IOT version with telemetry disabled via group policy and a local account. I run O&O shut up after that, then install portmaster. I don’t run it as a daily OS but I think that’s private enough for my limited use case. My only other random recommendations are using either scoop or winget for package management, and komorebi with whkd for tiling window management.
Here’s what I have done to Win10 Pro.
-
First thing I do I go through a new install and uninstall all nonessential apps and programs from MS. The only thing I want from MS is the bare essentials to start the OS. All of the rest of the crap has to go. No OneDrive, no Cortana, none of that.
-
Then I tackle telemetry, going through all the settings and turning off all notifications, etc. I don’t want apps talking to each other. Don’t need apps telling me something. A lot of the telemetry going on in the background can be eliminated with your host file. There are long lists of Windows telemetry ips, DNS addresses, and such that can go right into your host file. Don’t drop a gazillion of them in the host file all at once. Baby steps and monitor for issues. I use HostMan to edit the host file. I’ve used it for quite a while now and it’s just easier for me. There are plenty of ways to edit the host file.
-
Then I start in with the services and blow away all non-essential services. There are plenty of resources to help you, one of which is scripts forked from Dark Viper’s service configurations.. The info is a little dated, but then again, so is Win10 Pro.
-
I employ a stand alone pFsense firewall to also weed out a lot of unnecessary chatter. I also have a 3rd party firewall on my Win10 PC.
There are apps like WPD and privacy.sexy that can help you clean up Windows. These are great, tho manually doing these adjustments is recommended. However, understand first what it is you are turning off or blocking with these apps. Don’t get click happy. Do a little at a time and monitor the results.
Now, I know people will say ‘On the next update, Windows will reset everything.’ In all honesty, I haven’t found that to be the case. In fact, I just did an update yesterday, then checked all my settings, and nothing has changed. I’m not sure if it’s just the way I have it all set up, but no apps gets reinstalled, and changes to services etc don’t seem to happen. It’s something I monitor after every update. I’ll probably get the piss for saying that, but it is what it is. I believe that running Win10Pro has something to do with it. Win10 Enterprise also doesn’t seem to reset your changes either.
I see that Broken@lemmy.ml mentioned Ameliorated.io in this thread, and it is an option. Again tho, do your due dilligence in understanding what you are doing, rather than leaning heavily on what the app says. In this manner, if/when issues arise, you’ll be better equipped to pinpoint the problem area.
Once you have a clean windows install, image the drive so you don’t have to do all of that on reinstall. From this point there are so many ways to be as secure, private, and anonymous as one can be on the internet.
If you’d still like to hang on to Linux, and your PC can handle it, run a Linux distro in a VM. VmWare Workstation is free now, or there is always the solid option of Virtual Box.
Have fun in the rabbit hole.
Thank you so much for such a detailed response and providing resources! I appreciate your effort and help!
Before I do anything more I’m going to read over yours (and a few other comments) a few more times and do some research. But this gives me awesome guidance, thank you. Hopefully I can take control of whatever privacy I am able to with Microsoft while I still use it. I am hoping though to someday make a full switch to Linux with no issue.
No problem. I stress doing this in chunks. Don’t be like me. LOL I’m a ‘more is better’ and ‘one turn to many’ guy. So, I know the temptation is to sock it to your Windows install immediately and with vigor, and that can lead to issues in the future. Take notes. I use Notepad++ but regular Notepad will work. Just something you can review to see where you are in your progress and if you need to drop back and readdress something. If you’re older than Methuselah, like me, it helps out tremendously.
-
People don’t talk about it enough but a firewall is a great solution for clamping down on what data leaves your computer.
I realize I am quite ignorant when it comes to firewalls. Anything you recommend I look into specifically?
I personally handle my firewall via openwrt (firmware) on my router but a lot of people like software solutions for the OS such as Safing Portmaster (Windows / Linux) or Little Snitch (macOS)
There are also hardware solutions but buying a specific device for this use case is probably something you should work your way into if you decide a software solution doesn’t cut it.
What hardware, what Linux OS and are you using steam?
Your gaming experience can vary wildly depending on what you play.
The problem with using those debloat tools is that Windows will quietly re-enable things with Windows Update.
Nuke windows, use Linux, post your problems in the Linux community and we’ll get you operational.
I have heard of this happening, it will probably be something that I’ll have to keep in mind actively while I use Windows for now. But yes, the ultimate goal is to make the huge switch to Linux when I can get my hands on a better graphics card. Linux hated my Nvidia :(
Nvidia
For the time being it looks like you have to stay on Windows. But for the future, unless things change from Nvidia, consider an AMD build.
Good luck
Do you need to be actively connected to the internet? Most passive spying (ie spying that is not specifically targeted at you, but rather just big tech corpos trying to gather data in general) can be blocked by just disconnecting the device from the internet. You can download installers for games and the like on other devices and transfer them over with a usb drive.
Yea unfortunately, a lot of what I do both job and hobby-wise has me leashed to the internet. But I do appreciate the idea of going offline whenever I can
So most people I know do not get rid of their old laptop when they get a new one. If this is you then put linux on the old laptop. I recommend it for anyone looking to switch because when your old machine performs better than your newer one it is pretty impressive. This way at least your browsing is a bit more private.
Generally too one should not be using same hardware for work and personal use anyway for so many reasons.
Plus it kind of goes without saying, choose the OS based on the apps and the hardware based on the OS.
Honestly for me I have just been lazy about getting to anything passed low hanging fruit. A bit about not wanting to rock the boat to. Once, hopefully, im working again Im going to get a new drive and make more of a push to transition the harder part over.
Maybe call it your gaming console and don’t use it for anything else, so Microsoft can’t see anything that matters to you.
Install Win10 LTSC, install explorer7, disable all the telemetry bs (services/policies)
Thank you I’ll look into that!
Good starting point would be looking through privacy.sexy
I have Windows for work stuff on a separate, weaker laptop so there’s no temptation to game on it. In your case, would you consider a more gaming-focused distro like Bazzite? If not, using Windows LTSC might help since the semi-annual major updates on Home/Pro tend to undo your hard work with debloat tools and scripts.
I will look into that thank you!
I think I looked at Bazzite and I can’t remember fully why, but I am pretty sure there were some things about it that I wasnt a fan of. But I can definitely give it a revisit.
what card are you running that linux has problems with?
I would still keep 11 for work if it truly needs to be 11 and dual boot 10 IoT LTSC for games. it sounds like you’re already doing everything I would suggest to harden it besides only running a local user account.
If you’re gong to stick with windows that is a really good way to do it, and super simple to install.
Thank you! I am definitely planning to look into that, I appreciate the recommendation!
deleted by creator
You can use an XML file with the Windows installer to disable/uninstall most of the bloat and spyware. It’ll also automatically configure local accounts for you so you don’t have to manually bypass the Windows account install step.
This site will generate the file you need based on the options you select: https://schneegans.de/windows/unattend-generator/
And this video might help you if you get stuck: https://youtu.be/h9SpKVEc_Yo
Thank you for all of the information and resources! I’ll take some time to check everything out and add them to my growing arsenal
If you haven’t already, I would try a different distribution and desktop environment. In my experience this made significant a difference. If privacy is important to you I would not give up on Linux.
Other than that. Do not login with a MS account, debloat the heck out of it, etc. I can’t help you for any advanced configurations, however, with some basic searching on the internet I found some articles that gave good tips. Do some research on that, you might learn a few things.
If you want to take things a step further you might also look into changing browser, search engine etc. But that’s a whole different topic.
