In any case, minimize the number of parties that will have their hands on your data. Uninstall anything that’s unnecessary, compartmentalize personal work in a privacy-respecting browser and office suite, and avoid unofficial Windows ISOs.

If your school is going to install monitoring software on it, consider the laptop compromised. Only do coursework, accessing things licensed through the school, exams, the bare necessities, on the Windows laptop. Start saving up for a (refurbished) laptop to learn and use Linux without risk to your work laptop.

If now is not the time to buy another laptop, consider installing Linux on a second SSD, if a slot is available, or even a USB 3.0 drive, if you’re allowed to boot from one. Just back up and if possible remove the Windows SSD before installing so it’s not overwritten by accident.

Be judicious with debloat scripts as they can interfere with some more invasive programs (e.g. Adobe suite, Autodesk) you may need for your studies. Consider making full disk backups before doing anything drastic. Anyway, if you can’t or won’t use LTSC, the yearly Windows updates can and will undo your hard work debloating and ticking privacy checkboxes.

At the end of the day, Windows is closed-source and we can’t be completely sure what it’s doing behind our back. It’s fine for a dedicated work device, but the time spent on taming it for personal privacy could also be spent getting another machine and getting to know Linux.

You have two options. Either put Linux on it and run Windows in a virtual machine, or buy a second laptop that you only use for work. Because if your university requires monitoring spyware, then you don’t need to be working and doing your studies on the same device.

You do personal stuff on a personal machine. You do work stuff on a work machine. And you do educational stuff on an educational machine. If you don’t want to buy three physical machines, then VMs are your next best bet.

As a privacy consciousness individual, …

I think best to keep the same operating system (OS)

Not gonna work

Universities often have requirements for student computers in order to use their online or distance learning software and anti cheat/anti llm stuff.

Your first step is gonna be to figure out what that is so you can choose an operating system. The most sleek, trimmed down, hackerman version of windows 10 or linux isn’t gonna cut it if you can’t do your classes on it.

The next thing to accept is giving over control of your device to the university. It is often a requirement, separate but intertwined with their educational software, that you allow them to install at the very least a dns shim but often much much more in order for your device to be recognized as a student computer that’s allowed to access university resources.

Recognizing the above three points, you can’t have what you’re asking for.

You can’t have a “safe device” that’s “not monitoring you” when someone else is the administrator. And in the case of university students, your schools it department is the administrator or you can’t access school resources.

Your real, honest to god best bet is to have a separate device.

It doesn’t even seem like a very good computer, just buy one you want and use it to look at porn instead of the one the university paid for.

Lots of good advice in the thread so I’ll add.

Install WSL (Windows subsystem for Linux) -> Install Docker -> Pihole -> set your network connection’s DNS server to 127.0.0.1.

This will break a lot of tracking by not allowing it to phone home with your data.

First, I’m not a Windows user so my knowledge about modifying the OS is very limited. You did message me asking for help, so I’ll do what I can. Normally, I keep out of Windows and Apple threads.

Often what happens when a computer is being supplied by the work/school is the IT department will be the admin. It’s unlikely you will have enough access dual-boot or debloat the machine.

Use your phone. I once used an Android for two years as my only computer. This could serve for activity you don’t want the Uni to know about, at least for a month or two until you are settled at Uni. No need to rush into anything.

Two computers. Hands down the best way to keep work/play separate. Use the Windows for Uni and a separate machine for personal activity. This could get expensive.

TailsOS can work for you in your off hours. It’s Linux OS that installs on a flash drive and sends all your traffic through Tor. When you unmount the flash drive it leaves no traces on your computer. It’s very easy to set-up and comes pre-loaded with tons of software.

As a privacy consciousness individual,

Potentinally there will be some sort of system or software that can monitor my activities

• Don’t save anything personal on that machine.
• And don’t do anything you would not agree to do publicly, on that machine.

Other than that, as already suggested, run some debloat script but I still would not trust Windows. Even less if it was configured with an official spyware from my employer/university/whomever.

Whether you are planning on using Windows 11 or Win10 or Linux, I would recommend doing a clean reinstall from an ISO. You can download a fresh ISO from Microsoft’s own website. This way, if there is any bloatware from your manufacturer, university, or benefits organization, it will be wiped.

Run a Win11 debloat script. It will remove a lot of privacy-invading windows components.

Apart from that, install a browser that isn’t Chrome, and use an ad blocker.

Don’t install any garbage that gives the Uni IT department any control over the device.

I can recommend following tools:

https://github.com/xM4ddy/OFGB (Non tech savvy friendly) https://www.oo-software.com/en/shutup10 (Beginner friendly) https://privacy.sexy/ (Advanced)

Please make sure to verify which changes you do and what possible side effects they could have.

Open task scheduler and look through.each.entry. Disable the useless ones and a lot with ‘login’ trigger can be set to ‘auto’.

It sounds like you will be buying the laptop and that it won’t have loads of college security stuff on it, which is good for what you want to do.

Depending on your needs in terms of bespoke software, Linux Mint OS might solve a lot of your issues. Piece of piss to install and way better option than Windows. As a former Windows user since W95, I moved to Linux Mint this year and I will never go back.

I had an old Windows 10 machine that was unable to run Windows 11, so I installed Mint on it and its like a new machine. The OS is quite similar to Windows in a lot of ways.

You can even try it out live from the bootable USB before you install. I tried it like that and within about 30 seconds I was hammering the install button.

Having said all this, if you are required to give the laptop to the college to install stuff on, you might be a bit limited.

Does the Uni require Win11, or would Win10 work? The Windows 10 IoT enterprise LTSC is quite sleek and debloated out of the box. Insert a powrshell script and it becomes even more debloated. W10 IoT Enterprise LTSC is supported until 2034.

“Use every device connected to the internet like you’re at a public library, and the head librarian is stood behind you with a three letter agent beside.”

You can install Tiny11 as your base Windows OS https://github.com/ntdevlabs/tiny11builder then use a debloat like the ones linked in this thread or this one https://winutil.christitus.com/

I made that on my gaming PC (I use tons of non Linux compatible stuff for flight simming) and zero problems. It’s even riced to not look like Windows DE and act like i3wm.