🎊 PR Preview 76f5417 has been successfully built and deployed to https://privacyguides-privacyguides-org-preview-pr-1380.surge.sh

🕐 Build time: 115.06s

_{🤖 By surge-preview}

I need to add What are the issues present in Windows and things referencing it.

I would like to talk more about pros and cons of Windows as compared to other OSes like macOS, GNU/Linux, BSD, etc., and why. But I am an avid windows user from start and don't have a bigger taste over other OSes. So, Enlighten me here.

cc @noClaps

This PR will be ready within a month and be complete about 70% within a couple of weeks.

Just need some additional resources and Guides. If anybody could make the Windows Issue popular on Reddit, I might think of adding more info by the redditors comment.

@dngray Just don't rebase again.

Hello, I think it is worth mentioning you can make BitLocker to have a stronger cipher you can make XTS-AES 128 bit (default) same but 256 bit. What do you guys think ?

https://i.imgur.com/LmG4ggf.png

Cool Idea. Thanks, I will look on this.

Come to think of it there are a LOT of errors related to what an ESL (English as a second language) speaker would make. Please use clear and concise English. I hope you aren't offended by my saying that.

Detail this for the reader?

**Control Panel** > **System and Security** > **BitLocker Drive Encryption** > **Turn on BitLocker**

See: Microsoft: Writing step-by-step instructions

Windows 11 secures its bootloader by default using Secure Boot through the TPM

privacyguides.org/docs/windows/hardening.md

Line 106 in 4e8009a

- Windows 11 secures it bootloader by default by using Secure boot with the usage of TPM.

Windows 11 secures its bootloader by default using Secure Boot through the TPM

#1380 (comment)

I will fix all the grammar errors today and will continue working on this further.

2. We may also like to recommend the use of open-source VeraCrypt instead of proprietary (and possibly backdoored) Bitlocker.

No, we should only use BItlocker for Windows imo. As it is native app.

And it's not bc veracrypt is foss that it is not backdoored.

For FDE I'd prefer to see listed:

• Hardware Accelerated: AES (Rijndael) 256 Bits with HMAC-SHA-2 or HMAC-SHA-3
  • (This is what Veracrypt, Bitlocker, Filevault 2, KeepassXC, and LUKS use by default). Prefer SHA-3.
• Non-Hardware Accelerated: Same as accelerated above or if available consider:
  • ChaCha20 or XChaCha20
  • Serpent

@uranuspucksaxophone LTSC Edition is used in Industries such as Healthcare, hospitals, etc. cuz they don't want unstable software when helping people on their health or fail them when a New Update breaks down.

LTSC edition is mostly stability and security. Not Security Improvements, that doesn't mean security improvements don't come. It's late. I need to know about LTSC and will think on it.

This is just a PR on my own. Things might change by the PG team.

For FDE, Bitlocker is the only thing that is best in several ways compared to Veracrypt. Veracrypt is suggested when the device doesn't have Secure boot or it is a Older device.

We are going mainly for Win11 and 10 at times. So, I think sticking to the latest and telling things for the fore-seeing the future would be better idea.

I am very busy IRL. So, I can't work. I am hoping to finish this atleast within the end of this year. Contributions are welcome.

I closed my PR due to many conflicts using git at the same time. So, I reset branch to Main which closed this PR. I will work on the guide locally and reopen this PR later at sometime.

If anybody is keen to work on the PR. Here is the copy of the Branch before it is reset.

privacyguides.org-Windows.zip

If you are gonna work, Please do tell me. I would stop working if you are more interested. I am looking forward to hand this over to an individual who has high knowledge in this.