Yes I’ve seen that post linked in the article. But I remember activating my Windows 10 totally offline using the MAS tools. I’ll clean install once again and try it out myself. I could be wrong, but I don’t remeber MAS requiring network connection (other than downloading the tools, which can be prepared offline)
Edit) I haven’t tried it out, but the TSForge option doesn’t seem to require network. HWID activation does. I’ll check out whether I can activate my Windows 10 via TSForge in an air-gapped environment.
I don’t see how offline vs. online activation changes anything. If the machine ever goes online and starts talking to Microsoft, it’ll likely end up with a GDID anyway.
What’s more important is disabling as much telemetry as possible, so there’s as little data as possible associated with that GDID.
You’re missing the point. It matters because the activation process per-se can be a part of telemetry. Permanent activation via HWID sends the hardware identifiers to MS servers. Offline activation methods like TSForge prevent this. Disabling GDID and any other telemetry prior to first internet connection is important, as well as offline on-device activation.
The two paragraphs are contradictory. If Windows is used air-gapped, it doesn’t matter whether or not you disable telemetry at all. And GDID itself is a part of Windows’ invasive telemetry, so it’s crucial to turn off GDID along with other options.
There are some scripts on GitHub that automate the process. Example, another example
I don’t understand what you’re trying to achieve. It doesn’t matter how you activate the system, Windows will still send your HWID to check digital license on the servers and restore it. Disabling GDID is practically impossible without breaking the system: disabling DO will break system updates, disabling wlidsvc will break all UWP apps. Even after disabling CDPSvc, Microsoft still has ways to track the user. I did a clean install with all these services disabled, and somehow Microsoft Store still synced my app history, and that’s without even using a Microsoft account.
The only thing that makes sense is either not using Windows at all, or completely blocking all system connections with a firewall when necessary.
What Windows edition are you using? The Enterprise LTSC for Windows 10 has significantly less base telemetry compared to the consumer editions.
It does matter how I’m trying to activate. According to MAS, it is possible to activate Windows totally offline. As you said, disabling as much telemetry possible in addition to using firewalls to manually block traffic related to MS servers can drastically improve privacy even in Windows. Don’t use MS store when you can manually install via .exe and verify the checksum. I disabled GDID, and despite using various software including games, I haven’t experienced any issues. Windows updates works fine as well(though I can’t say that Windows updates work with zero telemetry).
Use TSForge for activation, not HWID. I won’t talk about this deeper since it’s related to piracy.
p.s. the wildsvc doesn’t even exist in my windows.
Achieving privacy isn’t all or nothing. You should still strive to enhance yours even it might not be perfect. Simply stating “don’t use windows, switch to linux” isn’t a very constructive argument. It’s essentially the same as “don’t use computers. just use pen and paper”.
This is not a good faith statement. There are plenty of ways to use computers fairly easily and fairly privately that most people would be able to learn.
Most people cannot learn how to do these convoluted steps to use Windows semi-privately. Anyone who knows how to do this stuff probably has enough knowledge that they don’t need to be taking basic privacy advice from strangers on a forum.
We should absolutely be telling people who care about not being tracked by malicious tech companies on a privacy forum not to use Windows.
If you care about privacy and you are not highly tech competent, do not use Windows.
Operating systems are not like ordinary softwares where one can easily replace another. There are basically three major OSes available(Windows, Mac, and Linux distros), and each have their pros and cons. Also, not everyone can migrate to Linux. Not because of their technical incapability or lack of knowledge, but for the sake of work. Many commercial softwares/games run exclusively on Windows, and those who have their entire workflow integrated into it would need excessive effort to change their OS, and even after it doesn’t guarantee it works.
You’re overlooking the fact that not everyone is capable of switching to Linux. The existence of huge amounts of github repos related to Windows hardening and their stars represent this fact. It’s okay to recommend Linux, and it’s also fine to say Windows is awful for privacy. But stating Windows should NOT be used whatsoever isn’t.
This is not true. Basic telemetry is the same, but unlike Home and Pro editions, Enterprise offers the option to reduce it.
I don’t know what kind of privacy you’re planning to improve on Windows, when until recently nobody knew about this GDID until someone got caught with it. Turn off telemetry, good luck, but how much more hidden telemetry like GDID will remain in the system? Nobody knows.
How did you disable GDID? How did you verify that it was disabled? Did you just trust a random script on GitHub? I have all those services disabled, but the system still generated a GDID. So what happened? Nobody knows.
I’ve never seen a decent privacy guide for Windows that’s actively maintained. It’s literally impossible on Windows because full privacy on Windows would break the entire system. The number of stars on GitHub literally means nothing, it doesn’t mean all telemetry will be removed from the system.
though I can’t say that Windows updates work with zero telemetry
You can’t prove anything, yet you’re talking about Windows privacy. Why?
I mean, the article unveiling the use of GDID in an investigation by LE shocked the most but it’s not a novelty. Apple had collaborated in the past with authorities for investigations too.
My point is not to defend Microsoft nor Apple, tracking is awful.
It’s about the “obvious solution to switch to Linux” which is sadly impractical in a lot of cases.
The freedom that comes with using Linux is also tied to big downsides that the community here is often too easily willing to dismiss.
Linux for the masses is not a thing unfortunately even if I would love it to succeed.
That said it really sucks today to know that every device we have can be strictly id in a way or another.
Not sure if it’s the same thing but I remember from my Hackintosh days that the Mac has a serial number that it needed at least to get iCloud, iMessage etc to work. I.e. it phones home to Apple with it. And in fact if you’re logged into iCloud, their tech support can request to see the screen of your Mac at any time (in theory it always asks first and would only be initiated if you ask for help, in practice if Apple are handed a warrant all bets are off). So the same advice would apply, if targeted law enforcement is a threat, then at minimum don’t log into any of the Apple services. I’d be mildly surprised if it’s not still including the ID in software update checks though.
It didn’t “bypass” VPNs. Telemetry was sent to Microsoft associating visited sites with the GDID. This allowed correlation of browsing activity with and without the VPN, as Microsoft had a record of everything tied to the same GDID. The VPN was still functional, however.