and have considered running https://privacy.sexy/
I advise you to be very careful with it. It is extremely simple to break something with such tools — been there, done that. I and some other people I spoke to, who have been testing/trying all sorts of such third-party tools/tweakers, eventually came to a conclusion that such third-party tools are simply redundant, unreliable, “dirty” and only cause troubles and breakages in the long run. My personal advice to configure privacy/security of Windows is via Group Policy Editor (gpedit.msc). That’s all. It’s a native and “clean” way of configuring Windows. However, be careful when configuring it: if you are unsure what this or that policy does — don’t touch it! You can break the system. GPO is for technically-inclined users. It can take some time to familiarize yourself with GPO when you configure it for the first time, but when you are done configuring, you can just export your GPO configuration and save it for the next install or for another PC. Also, you will find a lot of crucial security-related features in GPO, which no third-party tweaker is able to configure. For example:
Allow administrator account lockout
Account lockout threshold
Account lockout duration
Reset account lockout counter after
People who don’t want or can’t configure GPO for whatever reason (laziness; don’t want to waste time; not techy and don’t understand GPO; afraid to break the system by configuring something incorrectly) — should simply configure their Windows via Settings and Control Panel. Thinking that using third-party “privacy-tweakers” is going to significantly increase your privacy in your Windows install is wishful thinking. No third-party tool is going to give you a significant level of privacy on Windows, unless you just block the internet access altogether. If you want true and real privacy, and having real privacy is your purpose/use-case — don’t use Windows, use Linux (and even then you have to pick a distro which most likely won’t shove telemetry into itself / which most likely won’t succumb to enshittification at some point of time in the future — not Ubuntu, that is). Using third-party “privacy-tweakers” does more harm than good in the long term of using your Windows install. If one is using Windows, they should come to terms with and peacefully, buddhistically accept the fact that they will never be significantly private when using it, and they should stop bothering with third-party “privacy-tweakers”.
Also, regarding security, you can find a lot of useful information here:
And don’t hesitate to search up the internet for info on something from the official documentation, if something from the documentation is too technical or is written in a manner too difficult to get a grasp of. Oftentimes, random websites on the internet have a much user-friendlier/simplified explanation of some aspect of Windows, in comparison to the official Microsoft’s documentation, which appeals more to enterprise system administrators, as it seems to me.
Window’s security is decent, and has improved dramatically in recent years. What is “so bad” — it is Linux’s security. Proprietary operating systems will always be more secure than open-source ones, but will never be as private as open-source ones. I also fully agree with Joanna Rutkowska on that:
So, I’m reinforced in my belief that security of mainstream platforms (from Apple, Google, MS) will continue to improve, likely exceeding the “open source” offerings. But, the open source will still have an edge in:
- trustworthiness/auditability
- customization freedom
Original post: https://twitter.com/rootkovska/status/1136220742662664193
This is factually false. You can use a local account (on both Windows 10 and 11) and use Microsoft Store freely. However, you will be unable to install paid apps or apps that have an age rating that requires verification, such as Spotify or Netflix.
I’ve used both Windows 10 and 11 with a local account and I was (and am) using Microsoft Store freely. I don’t use paid apps or apps with an age rating, so I have zero issues in my use-case. It’s completely feasible to use Windows 11 and take a full (for the most part. Like, 90%) advantage of it without making a Microsoft account.
You lose stability and reliability of your system, especially in the long run. Testing something in a VM doesn’t count. What counts is using your bare-metal Windows install for a long time and subjecting it to “wear and tear” naturally. And only then you should see if
affect the stability of your install.
I don’t know why you recommend using unmaintained, outdated Windows telemetry blocklist dug out from the deep depths of GitHub, from some random no-name author (no offense to them, they just don’t have any credibility) which hasn’t even visited GitHub in a long time, all the while when there are several popular and maintained options from credible, reputable authors. I won’t list them because I don’t recommend anyone using this approach of blocking telemetry: via third-party tools/tweakers/blocklists.