With Windows Update removed, and no way to patch the system without a full reinstall, I would not use ameliorated.info in any important capacity. The complete unability to patch zero-days makes it very unattractive. They recommend to just take admin privs from the default user. If you're this serious about privacy, use Linux. If you NEED Windows for a program, use a VM and nothing else. If you NEED Windows as your daily-driver... then you shouldn't be risking your daily driver with this. The ONLY update you can apply is simply to just reinstall the operating system. I do appreciate this kind of stripped-down build procedure, but fail to see a good-enough use case.
> Furthermore, as touched upon on the main page, 94% of critical Windows 10 vulnerabilities can be mitigated by revoking administrator privileges from the default user.
I'd just like to touch upon that 94% figure. It's from this source[0], which actually says:
> Of these critical vulnerabilities, 94% were found to be mitigated by removing admin rights, up from 85% reported last year.
It's a very fine line, but they're mitigated by not running stuff as admin, not just removing admin rights from the main user's account. With Ameliorated, people will still want to set up software as admin and install to Program Files, so if they take the advice from the FAQ, they might think they're fine just having a separate Admin account they use for UAC pop-ups to install the programs, while leaving their main as a standard user, which is indeed not going to solve any zero-days compared to users just being able to click 'yes' at UAC.
This reminds me of the old "Windows XP Service Pack 4", or Windows 7 Minimalist ISOs that were going around. Generally, even the idea of using an OS downloaded from a random site (big Linux distributions excepted) is a security nightmare: you're trusting random, anonymous people not to put malware deep enough into the OS image where it won't easily be found. See XcodeGhost that got caught way after the fact.
Same exact reason people should strongly consider staying away from LineageOS builds and other such things, where the dev team of half a dozen non-vetted anonymous forum users is responsible for everything running on your phone. The "open-source means security because code gets vetted" argument only applies to big projects like Chromium, where hundreds of major corporations with world-class software engineers review, and contribute to the source code. Not to Lineage, where every phone model has its own build and dev team, and each build gets used by maybe a few hundred or thousand people, and reviewed by practically nobody. If there was one single Lineage build for all phones, I'd feel much more comfortable with it.
Though I have zero reason to distrust the Ameliorated folks, you generally never want to mess with software (especially OSes) downloaded from anyone other than the official vendor. The risk of using this is much higher than running proprietary ShutUp10, which is already non-zero since it's proprietary.
What a bunch corporate-authoritarian fearmongering BS.
The community is NOT stupid. All it takes is one person to find out someone is trying to be malicious, and mass ostracisation will take place. For most of civilization we didn't need corporate overlords to tell us who to trust --- that's a very very recent development.
where hundreds of major corporations with world-class software engineers
People can get doxxed and ruined in real life. News spreads quickly. If you try to deceive a whole community of intelligent humans you'll get found out sooner rather than later, and unlike the slap-on-the-wrist lawsuit that at best companies get from trying the same, it is much worse for an individual. But of course, that doesn't fit the narrative...
