Anonymous, I think Brian was probably referring to this but there are plenty of other examples and research proving that Windows intentionally disrespects your privacy no matter how much you lock down your system. Even firewalling your connection doesn’t prevent keystrokes being sent to Redmond. The telemetry is encrypted so monitoring your traffic will regrettably not assist you in this because of how the traffic is sent. The privacy interference is so bad that China have been supplied with a special copy of Microsoft Windows.
I’ve seen people using various third-party tools in the false belief these keep them safe but they only minimise the amount of data sent and keystrokes are sent. Microsoft use various terms/names to conceal the fact that they’re doing this. Those within the security community regard Windows as a privacy threat. Some go so far as calling it malware.
VeraCrypt is a good choice for containers but again you have the problem of keystroke logging of your password.
Your Windows UAC password can be stolen by visiting a specially crafted website thus if you visit a malicious page then the web host will get your password because of an unfixed vulnerability which Microsoft don’t consider to be a vulnerability despite it being misused. The standard BitLocker deployment uses the same password as it does for logon so it’s a critical security flaw.
OpenBSD is the only OS that will provide you with a good level of security and only then if you use trusted hardware and a smartcard to store your password.
Hjalmar makes a good point – cloud transfers. BCArchive files can be cracked rapidly but AxCrypt files can’t. Therefore unless the endpoint is hacked (and then any software can be compromised) the only way to break an AxCrypt file is in billions of years. To break a BCArchive file is a matter of minutes.
Stephen – can I ask a question please? I think from your writing that we have spoken before.
We have. Contact me using your Tox please.