Yes you can make windows completely 100% private as if it was linux.
Ofcourse privacy doesn’t fix zero day security exploits.
For a first impression of what a truely optimized windows looks like check the screenshots below.
➤ 1 Download the official windows iso from microsofts website (The iso NOT the mediacreationtool !!)
If you can’t download the iso install the useragentswitcher browser extension and switch to linux
https://microsoft.com/en-us/software-download/windows10ISO
User-Agent Switcher and Manager – Get this Extension for 🦊 Firefox (en-US)
➤ 2 Download rufus and use it to create a bootable usb drive with the windows iso file
Rufus - Create bootable USB drives the easy way
➤ 3 Use the bootable usb drive to Install windows 10 pro offline
You will have to boot into BIOS mode and change the primary boot device to the usb drive
➤ 4 Use https://privacy.sexy to generate a script that will rip the guts of microsoft out of windows
Use either one of the predefined settings (standard, strict, all) or create your own script via options.
Be careful when creating your own script, you can break functionality like windows search.
➤ 5 Install Device Drivers
If you have an nvidia GPU use NVCleanstall for an installation that will remove MOST of the
integrated driver spyware https://techpowerup.com/download/techpowerup-nvcleanstall/
Install your CPU chipset but DO NOT install intel management engine!
Intel Desktop Chipsets - Latest Motherboard Desktop and PC Chipsets
https://amd.com/en/support
➤ 6 Install Netframework Offline
Many programs require old netframework version to work.
To install offline without using windowsupdate you need a copy of the windows iso you previously
downloaded.
Mount the windows iso
Open powershell as administrator
Use this command to install netframework:
Dism /online /enable-feature /featurename:NetFX3 /All /Source:X:\sources\sxs /LimitAccess
Replace Source:X: with whatever the location of your mounted iso is, for example Source:D:
➤ 7 Install Visual Studio Redistributables
Latest supported Visual C++ Redistributable downloads | Microsoft Learn
➤ 8 Install Librewolf WebBrowser (no extensions required, ublockorigin is already preinstalled)
Installation – LibreWolf
Searchengines:
https://search.brave.com
https://searx.tiekoetter.com/
➤ 9 Use ShutUp10 to modify windows privacy settings
Recommended: Klick on “actions” select “activate all privacy settings”, then manually uncheck what
you need.
Examples: microphone, camera, bluetooth, notifications.
O&O ShutUp10++ – Free antispy tool for Windows 10 and 11
➤ 10 Go Online for the first time, instantly install Portmaster from https://safing.io
Configure portmaster to block all connections by default and only allow what you need.
Check the systemdnsclient connections in portmaster and block anything you don’t know.
There should not be many connections to block if you used https://privacy.sexy to cleanup windows.
Examples you should block:
go.microsoft.com
ctldl.windowsupdate.com
services.gfe.nvidia.com (block if using nvidia GPU, even if you use nvcleanstall)
Also make sure you set Quad9 as your DNS server within portmaster.
➤ 11 Install ProtonVPN (use this VPN whenever you go online to protect your identity)
Download VPN | Proton VPN
Obviously as you will do almost all of these steps offline you will have to downloaded all the software beforehand and copy it to an offline drive which you can access without any internet connection.
A usbdrive would be enough.
Software that is generally recommended and you should use because https://privacy.sexy will delete all preinstalled garbage apps.
https://7-zip.org/ (compression software)
https://notepad-plus-plus.org/ (windows notepad on steroids)
Official download of VLC media player, the best Open Source player - VideoLAN (video and photo viewer)
If you wish to delete certain parts of windows or take ownership of them which by default your administratoraccount has no access to, use NSudo which is a extremly powerfull windows admin-tool that lets you take full control over windows.
https://github.com/M2TeamArchived/NSudo/releases/download/6.2/NSudo_6.2.1812.31_All_Binary.zip
Examples of what you should delete: (No deleting those won’t break anything, renaming also works)
smartscreen.exe
upfc.exe
Compatibility Telement.exe
CompPkgSrv.exe
mobsync.exe
GameBarPresenceWriter.exe
microsoftedge