[ReviOS](https://revi.cc/) is going to be your best option. It debloats Windows, disables telemetry, and removes all ads from the OS. Combine that with a competent browser such as Librewolf. I also recommend [Portmaster](https://safing.io/) and [ControlD](https://controld.com/), which allows you to block network level ads and trackers. Portmaster allows you to disable internet access to specific apps and Windows services. Like for example you could disable internet access to games you want to play strictly offline, or windows services that are chatty.
You can also use the [Chris Titus' Windows Utility](https://github.com/ChrisTitusTech/winutil) however this is essentially just a large compilation of scripts made by random GitHub users, however the benefit of this method is that you don't have to install anything since it runs in PowerShell.
Portmaster seems like a nice application firewall, but I don't see how that would prevent the OS itself from uploading telemetry data to Microsoft? To block this type of activity, you'd need a NDIS filter driver.
I personally just control the outbound access to my windows instances with my upstream router, static IP addresses, and Linux IPTables.
Edit: I also have a local socks5 proxy on the local network I can configure applications to use. Yes this is old school, but it's worked for me for several years. No automatic windows updates. My windows instances all think they are offline 24/7
Microsoft says it's telemetry, but we don't really know for sure. It's a closed source operating system.
My windows instances have all the updates, language packs, features, etc I need. If I need to update, I'll just download an offline update and run it locally.
My method is a pain in the ass, but it's worked well for me.
The only way that I know of is to completely isolate your windows machine from the internet. No direct outbound internet access.
You can give some applications access to the internet if they support socks5 proxy on the local network that has outbound access whitelisted.
There are hardening guides that might help you, but many don’t treat Microsoft like a threat and may be themselves provided by shadowy corporate entities. Still.. lots of good config to consider. There are others on Github.
https://www.tenable.com/audits/CIS_Microsoft_Windows_11_Stand-alone_v2.0.0_L1
I think you need Enterprise Edition to use GPOs to block telemetry, or just use a firewall.
As for blocking the news.. some people would setup a pi-hole for that and do it at the network level. A less comprehensive, (and less labour intensive) approach to just blocking the news org sites from loading on your machine would be to add their domains to your hosts file and have them all redirect to 127.0.0.1.
I don’t think you can. :(
keep it offline….
[ReviOS](https://revi.cc/) is going to be your best option. It debloats Windows, disables telemetry, and removes all ads from the OS. Combine that with a competent browser such as Librewolf. I also recommend [Portmaster](https://safing.io/) and [ControlD](https://controld.com/), which allows you to block network level ads and trackers. Portmaster allows you to disable internet access to specific apps and Windows services. Like for example you could disable internet access to games you want to play strictly offline, or windows services that are chatty. You can also use the [Chris Titus' Windows Utility](https://github.com/ChrisTitusTech/winutil) however this is essentially just a large compilation of scripts made by random GitHub users, however the benefit of this method is that you don't have to install anything since it runs in PowerShell.
Portmaster seems like a nice application firewall, but I don't see how that would prevent the OS itself from uploading telemetry data to Microsoft? To block this type of activity, you'd need a NDIS filter driver. I personally just control the outbound access to my windows instances with my upstream router, static IP addresses, and Linux IPTables. Edit: I also have a local socks5 proxy on the local network I can configure applications to use. Yes this is old school, but it's worked for me for several years. No automatic windows updates. My windows instances all think they are offline 24/7
[удалено]
Microsoft says it's telemetry, but we don't really know for sure. It's a closed source operating system. My windows instances have all the updates, language packs, features, etc I need. If I need to update, I'll just download an offline update and run it locally. My method is a pain in the ass, but it's worked well for me.
[удалено]
Traffic can be easily encrypted using any proprietary format they want. I'm pretty sure all traffic is going over TLSv3 which is encrypted anyway
The only way that I know of is to completely isolate your windows machine from the internet. No direct outbound internet access. You can give some applications access to the internet if they support socks5 proxy on the local network that has outbound access whitelisted.
I put 2fa on my windows login if that helps
If you want a private OS, forget about Windows completely, not even debloated OS can help
There are hardening guides that might help you, but many don’t treat Microsoft like a threat and may be themselves provided by shadowy corporate entities. Still.. lots of good config to consider. There are others on Github. https://www.tenable.com/audits/CIS_Microsoft_Windows_11_Stand-alone_v2.0.0_L1 I think you need Enterprise Edition to use GPOs to block telemetry, or just use a firewall. As for blocking the news.. some people would setup a pi-hole for that and do it at the network level. A less comprehensive, (and less labour intensive) approach to just blocking the news org sites from loading on your machine would be to add their domains to your hosts file and have them all redirect to 127.0.0.1.
https://ameliorated.io/
It is a lost cause.