The Comprehensive Guide to Windows 10 Privacy

At this point, if you’re buying a new PC and it comes with an operating system, Windows 10 is an inevitability. While it has been praised from a usability standpoint, especially as compared to Windows 8.1, it’s also by far the most privacy-invasive OS Microsoft has ever released.

In a utopian world, you wouldn’t have to pick through your operating system making tweaks and changes just to get it to not leak your personal business to the rest of the world. Unfortunately, that’s not the world we live in. At least you can get Windows 10 to an almost completely private state, however. Just follow the steps below and you’ll get the usability without the snooping.

Remove Bloatware

Even with a custom install, Windows 10 usually ends up forcing a bunch of unnecessary software that takes up space and may even be “phoning home” with your personal data.

First, there’s the software that Microsoft installs with every copy of Windows 10. They include copies of a wide range of different services that may not be useful to everyone. It’s impossible to provide a list as individual needs may vary, but optional software that you may want to remove includes:

• Bing (and all of its related features)
• Xbox connectivity features
• Office
• Zune Music
• People
• 3D Builder

To uninstall any item you don’t want, first go to the Settings menu. Then click on System > Apps & Features, and you’ll get a list of the system’s optional apps. You can click on each individually to uninstall it.

In addition to the stock Microsoft software you don’t really need, hardware manufacturers also like to install their own bloatware on the laptops and desktops they sell. This will vary by manufacturer, but each can be manually uninstalled using the method mentioned above.

There’s also the issue of the Windows Store automatically downloading certain games that Microsoft has a promotional partnership with (such as Candy Crush and Minecraft). It’s possible to simply remove the Windows Store entirely if you don’t see any use for it, but if you just want to delete the pre-installed games, they can be uninstalled by simply right-clicking on them.

Secure Your Internet Connections

These steps aren’t so much about preventing an attack as they are about preventing your personal data from leaking out to marketers.

The first and biggest stop is the Privacy menu under Settings. Go through all of these pages thoroughly and untick any options that are sharing data you are uncomfortable with.

The next stop is the Network and Sharing Center. First, go to Advanced Sharing Settings. At minimum, you should turn off Network Discovery and file & printer sharing; these can be manually turned back on when needed, and keeping them off will keep you safer when using public WiFi connections. Also, under the All Networks tab, turn off public folder sharing and media streaming.

From this area you can also tweak Windows Firewall. First, ensure it’s turned on. If you don’t need remote access to the computer, go to the “Allowed apps and features” section and uncheck all boxes connected to any line item that begins with the word “Remote.”

Check on OneDrive

OneDrive is Microsoft’s cloud storage service, similar to Google Drive or Dropbox. It’s included with every copy of Windows 10, and though it shouldn’t be sending all of your personal files to the cloud by default, it’s always a good idea to check and make sure.

Right-click on the OneDrive icon and make sure that the “Start OneDrive Automatically” option under the Settings > General tab is unchecked. Also check the “Auto Save” tab to ensure that is not enabled. If you already had a OneDrive account in place that you no longer wish to use, take the additional step of pressing the “Unlink OneDrive” button.

While it is possible to remove OneDrive permanently if it’s really making you nervous, it involves editing the registry and is somewhat complicated, and you may not be able to recover it without a fresh reinstall of Windows.

Disable Automatic Updates

Though automatic updates aren’t strictly a privacy issue, they can have various undesirable effects like pushing you over your data limits or causing the system to reboot while you’re in the middle of some work. It’s important to keep up with the latest security patches to guard against attacks, but many feel Microsoft went too far in allowing Windows to completely dictate how, when and where new updates are installed.

For Windows 10 Professional users, the most complete and sure way to turn off automatic updates is to disable them in the Group Policy Editor. It’s as simple as checking a bubble, but the bubble is hidden by default. Use the Search function in the Start menu to find the file “gpedit.msc” and run it. Go to Computer Configuration > Administrative Templates > All Settings > Configure Automatic Updates. Here you’ll see enable/disable bubbles, but it’s not as simple as clicking on “disable” just yet. Click on “enable” if it is not already selected, then go to the Options box below and select the “allow local admin to choose setting” option. If you want Windows 10 to never check for updates, you can now click the “disable” button. Go back to the Start menu, find “services.msc”, run it, click on Windows Update, and click OK for the Startup Type: Manual setting.

If you want it to check for updates automatically but prompt you before downloading them, there are some extra steps. Press Apply, then OK to exit out of this window (leaving the “enable” button selected). Now, open the Start menu again and go to Control Panel > System and Security > Windows Update > Change Settings. There should be a “check for updates but let me choose” bubble that you can now select.

Unfortunately, the Group Policy Editor is not available by default in the Home version, so it takes a little more work. Use the installer tool and follow the instructions on this page to install it on your system. Copy the files and folders the installer tool creates to either windows/syswow64 (for the 64-bit version) or windows/system32 (for the 32-bit version). You can then follow the instructions in the previous paragraphs for editing the gpedit.msc file.

If for some reason that route isn’t working, another trick to try is to run Task Scheduler (taskschd.msc) from the Start menu. Click on Task Scheduler Library > Microsoft > Windows > Update Orchestrator, then select the Reboot section and click on Properties. Select the Triggers tab, click on Edit, then change the scheduled time to a very distant date.

Finally, if all else fails, you can get some outside help. The program ShutUp10 allows you to easily toggle many Windows 10 functions on and off, including automatic updates. However, be aware that it plants its roots deep in the system, and if you ever want to go back to “vanilla” Windows 10 you may have to do a full reinstall.

If your only concern is not having automatic updates install while on a limited mobile data plan, you can also go to the WiFi Settings menu (from the Start menu), and under Advanced Options set the Metered Connection toggle to “On.” This will stop automatic updates on this particular WiFi connection. You’ll need to do this for each individual wireless connection as desired, and it won’t work for wired (ethernet) connections.

Kill Cortana

While going through your privacy settings, you probably noticed the options to stop Cortana from monitoring your ambient audio and keystrokes. This disables Cortana’s most invasive features, but doesn’t remove her entirely.

The problem with removing Cortana is that Microsoft tied it to the search function in the Start menu, so if you get rid of her you also lose that tool. It is possible to totally remove Cortana from the system if you really want to, though.

The “low-tech” method is to rename the Cortana folder to anything else at all. Windows 10 won’t be able to find it, and therefore won’t be able to use it. Future Windows updates might automatically fix this, however.

The most sure and permanent method is to use the Group Policy Editor described in the previous section. You’ll want to select Computer Configuration > Administrative Templates > Windows Components > Search. There should be an “Allow Cortana” field located here that you can disable.

You can also edit the following registry key to have the same effect:

HKEY_LOCAL_MACHINESearch

Just right-click on Windows Search, and add a new value called “AllowCortana” with a numerical value of 0.

Telemetry

Windows 10 introduced an entirely new telemetry system that goes far beyond the Windows Error Reporting system in previous versions. Ostensibly, telemetry allows technicians at Microsoft to more quickly respond to and fix crashes and bugs by being able to see what users are doing. Unfortunately, it requires the collection of a sweeping amount of data to be effective, up to and including what you are looking at or typing at any given moment. This data also doesn’t necessarily stay with Microsoft; companies fishing for detailed marketing data can horn in on it as well.

The Windows 10 telemetry system is always on by default. If you have Windows Professional or Enterprise, you can reduce the amount of data collected by editing the Group Policy Editor, but this does not shut it off completely. If you want it to collect no data at all, you’ll need to edit a registry key.

Find and run “regedit” from the Start menu, then look up the following key:

HKEY_LOCAL_MACHINE

Click on AllowTelemetry, and in the box that appears below it, set the Value Data field to 0. Then find services.msc using the search feature, click on “Connected User Experience and Telemetry Service”, and change the Startup Type field to “disabled.”

If you don’t want to entirely disable telemetry, the best alternative way to shut down all of this unwanted data collection by corporate third parties is to refuse connections from any site you don’t manually approve.

Trying to keep up with each of these bad actors is practically a full-time job, however. Install Peerblock instead; this is a continually updated script that will block known malware and hacking attempts as well as privacy-invading government and corporate entities that have been observed harvesting data.

Though Peerblock greatly simplifies this element of privatizing Windows 10, it may initially cause problems in connecting to sites and services that you actually want to authorise. Fortunately, you can temporarily turn it off while connecting to these sites. If you want it to be on constantly, however, you’ll need to add each approved site through Peerblock’s “List Manager” function.

Put A Script Blocker in Your Browser

Flash and Java are the primary attack vectors by which malware is passed while browsing the web. There are also still used on a lot of websites for useful functions, however, so totally disabling them is not always possible.

A good alternative is to install a script blocking add-on in your web browser of choice. These add-ons block all scripts by default until you manually approve them. You can permanently “whitelist” certain trusted sites and scripts so that they aren’t automatically blocked.

Prominent examples of free add-ons of this nature that work with most major web browsers include NoScript, uMatrix and Flashblock.