[mirimir]

Sure, it would be chaos if you expect everything to just work out OK. But if you defang Windows 10 properly, it doesn't need to reach Microsoft servers. That is, blocking is a supplementary measure.

When I last used Windows, you could host updates locally. And I believe that Microsoft actually recommended that for large firms.

[wolrah]

> But if you defang Windows 10 properly, it doesn't need to reach Microsoft servers.

Something has to get the updates in the first place, even with the local P2P sharing.

If you're one of those "I never update my Windows install" people at this point you're beyond hope..

[mirimir]

Yes, but the server that gets and shares those updates need contain no PII.

I do not trust Microsoft. And so, when I need to use Windows 10, I do it in a very careful way. I start with an anonymously obtained installer. I install and update in a VM, with Internet connectivity through a nested VPN chain. Then I clone the VM, and work in the clone, with *.microsoft.com blocked.

When necessary, I update another fresh clone. Then I clone that, and securely transfer files from the first clone. That way, Microsoft never sees anything except for a clean install, and has no PII to track.

[craftyguy]

Don't assume everyone uses windows.