As a side note about BIOS

Framework’s official stance on Coreboot:

“As this keeps popping up even after multiple responses, let this be the “official” response so we can put this to bed, at least for now.

It is not that Framework “does not care” about Coreboot, it is that we have a very long list of priorities for a very small team (we are less than 50 globally and have existed for less than 3 years) and while being able to support Coreboot would be fantastic, it is just not a priority for Framework right now given the sheer number of initiatives that we have to launch now and in the immediate future. We pivot from one NPI (New Product Introduction) to the next, back to back, and have since our first product launch. Our firmware/BIOS team is small and is supplemented by an outside 3rd Party partner. The consistent, “well, just hire more people then” is unfortunate as those in the know understand that’s not how it works, especially for a small, private company trying to exist in a very mature market segment. While tech in general is shrinking, layoffs are in the news constantly, and global economies are getting hit hard, we’re still here, releasing new products, and working hard to support everything we’ve already launched.

If and when we decide to add Coreboot to the docket of active projects, we’ll let the Community know, but if you want Framework to continue to exist, and you believe in our mission, we’ll have to continue to ask for your patience. If not having Coreboot is a blocker for you, personally, to join the Framework Family, we do hope that we can earn your business in the future.”

https://community.frame.work/t/responded-coreboot-on-the-framework-laptop/791/239

thanks

If you’re already on a Linux-based operating system, and you gotta run a real instance of Windows for some reason, your safest bet from both a security and privacy standpoint is to run it in a virtual machine (I like VirtualBox, personally, but VMWare, or whatever else will do the job fine also) and firewall the hell out of it. In a virtual machine, you can totally lock it down as much or as little as you need for the task at hand, and ain’t a damned thing Windows itself can really do about it, and as an added bonus, it saves you from the required reboots of dual-booting. It’s confined to a “safe space” (until you start opening enabling network stuff and opening ports to it). You’re in control.

edit: or QEMU/KVM (with virt-manager)

Really you’d have to fire up Wireshark and see what telemetry Windows was blabbing away behind your back. Analysing those logs can be a tedious business, especially as you’d need a large dataset.

Thing with just about any tech related question posted is likely some geek will have done the heavy lifting for you already. Here is a nice start:

https://www.zdnet.com/article/windows-10-and-telemetry-time-for-a-simple-network-analysis/

Here is another one:

https://www.comparitech.com/blog/information-security/windows-10-data/

That’s logs required to be collected, doesn’t say whether or not the data is sent back to Windows. Best assume yes.

Course, all that proprietary software will have a voluminous licence agreement that nobody reads. They’ll collect as much data as they can to “maximise user experience” or whatever rubbish.

Pro is a little bit better because of features like Bitlocker. A lot better would be Education/Enterprise variant. You’d need special licenses for running enterprise I think. There are also registry hacks that would give you some protection against telemetry (I personally haven’t done this).

Privacy-wise though, any “windows” is going to fare lower than linux is what I’d say. Wait for others in the sub for more insights.