I’ve read through the guide and it’s a thorough piece of work with a lot of essential information, much appreciated!
I’d be happy to contribute with correcting grammar and make the text a bit more fluid. I basically work with writing all day at a job where being academically and grammatically correct is essential, so even if English isn’t my native language I’m fairly confident in text.
I had a lot of spare time today so here comes a deep dive in some thoughts I had while reading through. I’ll go through them in the same order as the guide.
Under Choosing your Windows edition in the second paragraph it says
If you cannot get the above editions, you must opt for Professional Edition.
I would suggest using the word should instead of must. This since the word must is quite definite, making it seem like you have no other option. Even if Windows Home is severely limited we always have an option. People are usually more susceptible to suggestions rather than demands, and it makes for a more pleasant reading.
Further down under Editions to avoid in the second paragraph concerning windows Home edition it says
It also uploads Bitlocker Encryption keys to Microsoft servers which actually defies the aspect of encryption implemented in a different way.
I think this needs some more clarification. In what way does it defy the aspect of encryption?
Furthermore, in the overview under Installing windows I don’t really understand why suggesting the use of command prompt to flash iso? Why not just use media creation tool to easily format a USB in a user-friendly UI? I see it mentioned in a note further down that you just get the desired version that way and therefore save space, but 1gb more or less shouldn’t be a problem nowadays? Maybe instead suggest the command prompt way as a second solution or tip?
Also, might be a good idea to point out to NOT download pirated versions since it the risk of it containing malware very high (yes people actually do this since it’s free, I never paid for Windows until finding the privacy community and started reading up on it).
Moving on to the hardening section
First sentence
If on Win11 be sure that you use it on supported hardware on
I understand this is incomplete. But wanted to suggest elaborating on this a bit more, as in why it’s important to be on supported hardware.
Under Security it says
UAC with password
Not sure if this is incomplete, but also here I think it could be good to have a short explanation on why it’s important.
Furthermore, under Encrypting the drive in the info box about Choosing the Way to Encrypt, when talking about storing encryption keys on Microsoft account it says
This can be dangerous to your privacy and security as Microsoft could easily view your encrypted files, as could an attacker if they were able to gain access to Microsoft’s servers or any Law Enforcement could by a Gag order.
I would suggest changing Microsoft could easily view your files to “anyone who gains access to your account”. Not sure if we should imply that Microsoft views our encrypted files without proof that they actually do so, also it seems highly unlikely since it would gravely jeopardize their trust. With that said, a hacker or government gaining access is absolutely a real concern.
Might also be good to inform here on why Bitlocker is preferred above other encryption software like Veracrypt.
Next, under Security policies for Bitlocker I think it could be good to add some more insight as to why we change this. Personally I want to know what I’m tampering with to feel comfortable doing it.
Setting up pre-boot authentication should probably come before Bitlocker setup since it’s clearly advised to configure pre-boot authentication first. Else people might do it in the wrong order if not reading through the whole guide first.
In Apps first section says
Avoid any types of Cleaning software at all cost.
I think this needs some more explanation. Why should we avoid it?
The same applies under Security improvements where it suggests to use Winget tool to remove Bloatware instead of third party apps. Why not third party? I think it would help to be clearer about how it increases attack surface by adding a third party to trust and that there are windows tools, a lot of them built in, that does the same thing.
Lastly in the privacy section
The first section, Using Microsoft account states that
You should never sign-in to Windows with a Microsoft account. Signing-in to applications like Microsoft Office (which some users are required to do for their school or company) will trigger a dark pattern offering you to sign in to Windows, which will connect your device to your Microsoft account, and make it easier to send data to Microsoft servers and it is critical to reject this offer.
Why should we never do this? Why is it critical to reject the offer? These statements makes it sound dangerous, and when something is dangerous we need to back it up with facts for it to be legitimate.
Signing in to Microsoft isn’t dangerous to the average user. I think that instead of demonizing it the guide should suggest not doing it if the user strives for more privacy. But I also think there should be a section on how to adjust account settings for more privacy and recommendations on using a disposable mail, phone number, etc.
Also, all telemetry isn’t bad, even if it might not be appreciated. Of course there’s the question about trust, but I’d be more than surprised if it turned out Windows privacy switches were just “dummies”. After configuring privacy settings to minimum telemetry the information sent is mainly diagnostic data and not very usable for tracking compared to full telemetry that tracks app usage, browser history and specifically aims to provide the user with a personalized “experience”. If you already trust Microsoft enough to use it, you might as well trust their privacy policy. Else your going to have to run it without plugging it to the internet at all.
So that’s all. It’s a long awaited guide and with some tweaking I truly think it can help a lot of people. As you can see I’m a lot for educating the reader. I believe that it’s impotent to know why you do something, else you won’t learn anything and it’s hard to understand the point of it. There doesn’t need to be thorough explanations, but rather one or two sentences with a link to further reading. This is already done in the guide, it just needs to be applied a bit more.