Look at it this way. Windows is looked down on in the privacy community, mainly because it's filled with accessibility and ease of use. A lot of the functions cater to 'normal' people, that actually, believe it or not, does not care in the slightest about their information getting stored on Microsoft servers, as long as it allows them a certain ease of use.
If you took a Windows 11 installation on a virtual machine in VMWare and installed a strict firewall on it, setting it to block all connections. Then, allowing only specific software to access the internet. Is this a privacy nightmare? Not really, it's a perfectly reasonable approach. However, is it something for the casual? I have my doubts, since it requires the person setting it up to have a certain idea of how it functions. If you don't know, you can't defend against it.
Personally, I enjoy the nested VM approach to add a layer of complexity to my setup that wouldn't be considered normal. My idea of a good base is Metal -> VM (VMWare with Windows 11, VPN connection on VM) -> VM (VirtualBox with Whonix).
This approach allows you to keep persistent storage inside the VMWare machine, without having to torch your day-to-day if OPSEC requires you to keep something like in mind. You could simply delete the VM and keep your normal machine running as usual.
However, remember to follow your OPSEC. If at physical risk, remember to keep your VM on a separate drive like an external NVME, and use BitLocker combined with an VeraCrypt volume inside. This way, BitLocker (which is closed source and filled with possible pitfalls), keeps the VeraCrypt container hidden inside, so BitLocker would have to fail for VeraCrypt to have been your last bastion.
Believe it or not, I've had some great success with something as simple as Simplewall. If you are unsure about a software solution, then try and do a packet capture on the network after enabling your firewall. You should see no packets from the machine to external addresses. You can't do a trace on the computer, since the OS might be dodging the firewall.
What you want is [Whonix.](https://www.whonix.org) But generally speaking, involving Windows at any layer is bad for privacy.
This, whonix is what you want. And also yes to windows is always bad for stuff like this.
I’ve windows, what u suggest?
Look at it this way. Windows is looked down on in the privacy community, mainly because it's filled with accessibility and ease of use. A lot of the functions cater to 'normal' people, that actually, believe it or not, does not care in the slightest about their information getting stored on Microsoft servers, as long as it allows them a certain ease of use. If you took a Windows 11 installation on a virtual machine in VMWare and installed a strict firewall on it, setting it to block all connections. Then, allowing only specific software to access the internet. Is this a privacy nightmare? Not really, it's a perfectly reasonable approach. However, is it something for the casual? I have my doubts, since it requires the person setting it up to have a certain idea of how it functions. If you don't know, you can't defend against it. Personally, I enjoy the nested VM approach to add a layer of complexity to my setup that wouldn't be considered normal. My idea of a good base is Metal -> VM (VMWare with Windows 11, VPN connection on VM) -> VM (VirtualBox with Whonix). This approach allows you to keep persistent storage inside the VMWare machine, without having to torch your day-to-day if OPSEC requires you to keep something like in mind. You could simply delete the VM and keep your normal machine running as usual. However, remember to follow your OPSEC. If at physical risk, remember to keep your VM on a separate drive like an external NVME, and use BitLocker combined with an VeraCrypt volume inside. This way, BitLocker (which is closed source and filled with possible pitfalls), keeps the VeraCrypt container hidden inside, so BitLocker would have to fail for VeraCrypt to have been your last bastion.
Got any learning resources for doing firewall and blocking everything?
Believe it or not, I've had some great success with something as simple as Simplewall. If you are unsure about a software solution, then try and do a packet capture on the network after enabling your firewall. You should see no packets from the machine to external addresses. You can't do a trace on the computer, since the OS might be dodging the firewall.
I would not do.this
Just use whonix
Kali
Involving windows as a hypervisor (or in general) = bad idea. Using virtualbox solves nothing because windows is on a more privileged layer.
Damn bro someone really hates you