For professional use, I require the use of windows, but I’ve always preferred to use Ubuntu for my own use. Considering a few privacy issues, I’ve been contemplating installing a dual-boot on my home machine. Since it’s not feasible to remove Windows for work on a day to day basis, I thought that perhaps a dual boot could be an actual privacy benefit to me. Or maybe if I just had more to do in terms of curtailing Microsoft data gathering in Windows itself.
Is it possible to scale back Windows’ native telemetry to some significant degree? I already have Brave as my browser, Proton for mail, VPN, and cloud storage, and BitLocker turned on for encryption. But I know that Windows’ tracking capabilities are deep.
My first question, therefore, is: Is dual-booting Linux even worthwhile for my own needs of privacy considering that I am not able to completely eliminate Windows from my computer? Would it even be practically useful, or should I then work harder on hardening Windows instead?
I’m already using GrapheneOS on my phone to enhance security and reduce tracking, so I’d like to extend the principles to my desktop environment as much as possible. I’d appreciate any advice on a solid approach to balance my security, privacy, and practicality.
Edit: I have heard great things about Silverblue
Edit 2: I have read the posts here and apologize if this was duplicated, should I delete this one?
The following are quite helpful but maybe not informative when regarding hardening of windows. They do however confirm both the dual boot scenario plus Silverblue specifically. I seemed to have missed that the first look through Dual boot and security - Privacy - Privacy Guides Community
Maybe I’m crazy but “Windows tracking” doesn’t really fall into anyone’s threat model unless you are signed in a Microsoft account or creating/distributing malicious software.
I could be wrong or mistaken, but doesn’t Windows fingerprint hardware and assign your machine an advertising ID? To my knowledge, even when I disable location, activity tracking, voice, and typing data, Microsoft still receives some information because these features are never fully disabled.
Because Windows 11 is layered on top of TPM 2.0, wouldn’t encryption keys then be available to the TPM provider and Microsoft as well? And while ads in the Start menu can be disabled today, Microsoft could simply remove that capability in the future. With AI-based features such as forced Copilot now being rolled out through updates (where registry modifications are needed to disable it) it seems like control of the system is being removed.
I’ve seen lots of arguments that Linux is stealthier (and perhaps more secure) due to the degree of control it allows. With all this, can one make Windows strong and eradicate tracking to the same degree as Linux? I’m no wizard or anything, but tracking seems to still happen when you work within a local account.
Because Windows 11 is layered on top of TPM 2.0, wouldn’t encryption keys then be available to the TPM provider and Microsoft as well?
If you use default bitlocker settings sure. If you save the recovery key locally, delete it, then configure tpm+pin+startup key combo the weaknesses of TPM are no longer a concern.
I could be wrong or mistaken, but doesn’t Windows fingerprint hardware and assign your machine an advertising ID? To my knowledge, even when I disable location, activity tracking, voice, and typing data, Microsoft still receives some information because these features are never fully disabled.
Use windows enterprise version and you can fully disable these things. You cannot fully disable this with Pro or Home edition
Thank you for the response, as I was not aware that enterprise has this capability. The TPM process you mention seems like a valid option to remedy my concerns.
I am assuming this has been verified by you as an Admin? Also does this remove the Advertising ID?
Trying using a VM first. See if you find yourself switching between guest and host machine e.g. Windows for work, boot into Linux VM when not working. If you find yourself using Windows and Linux 50/50, then it’s probably worth it. It’s generally a good idea to separate your work and personal activities on your device. If you end up using Windows most of the time, it’s probably better to harden Windows as much as you can, starting with using a local account.
Thank you for providing a viable solution to my dilemma and I was thinking to utilize one of my SSD for Linux and the other for Windows. The VM may be a solid solution for testing out which distro feels like the better option.
