Your personal data might be the most valuable commodity in today’s world. Microsoft (and most other big tech companies) likes to collect as much data as they can about how you use your computer. We want to keep as much of our data private as possible. They do this, often without your express permission, relying on long, confusing privacy policies and terms of service that most of us don’t read and wouldn’t understand anyway. By default, Windows 10 gathers large amounts of your personal information. If you value your privacy, it only makes sense to take what steps you can to minimize the amount of information they can gather.
For this article, I used Windows 10 Home, version 1909, the Windows 10 Anniversary Update.
Almost everything we will do today takes place in Windows Settings. Let’s not waste any time and head directly over to Windows Settings. To get there, click Start, then Settings.
From here we can make the following changes, which we will methodically cover below.
- Put limits on Cortana
- Make privacy-friendly apps the default apps
- Eliminate unwanted startup apps
- Tweak Sign-in options
- Adjust General privacy settings
- Practice safe Wi-Fi
- Control Diagnostics & feedback
- Limit Delivery optimization
- Keep your activity history to yourself
- Set app permissions for maximum privacy
- Make Windows stop hiding stuff from you
We’ll also discuss using Windows in virtual machines (VMs) for more privacy and security.
1. Put Limits on Cortana
Cortana is the digital assistant built into Windows 10. It is also perhaps the feature most hated by privacy advocates. Why? Because of the huge amounts of personal data that Cortana scoops up and the way it shares your personal data with Microsoft. I’m not here to bash Cortana. I’ll simply say that most people who value their privacy want to shut Cortana down completely.
Unfortunately, one of the changes Microsoft made in the Windows 10 Anniversary Update was to eliminate the option to shut Cortana down completely. It seems that they really want us to use Cortana, whether we want to or not. While there are some technical tricks to completely disable Cortana, they are beyond the scope of this article.
What we are going to do here is everything we can do to prevent Cortana from functioning, without resorting to hacking the registry or creating local group policies.
On the Windows Settings page, enter Cortana into the Find a setting box. You should see a list of search results that looks something like this:
Select Cortana permissions. On the Permissions page that appears, click the Manage the information Cortana can access from this device link. On the page that appears, you can cut down on what information Cortana can see and use. Since we want to disable Cortana to the maximum extent possible, I suggest you turn off everything: Location; Contacts, email, calendar & communication history; and Browsing history.
Next, scroll down the page and click the Speech privacy settings link. While it is very cool that Windows 10 can understand spoken commands, the way speech recognition works is a privacy risk. Cortana and some other apps rely on online speech recognition capabilities provided by Microsoft. That means that they listen to what you say and send it to Microsoft to be analyzed. Indeed, Microsoft says that they, “will use your voice data to help improve our speech services.”
Unless you want to trust Microsoft not to misuse your voice data, I suggest you disable online speech recognition. This will prevent Cortana and some other apps from responding to voice commands, but eliminates a major privacy risk. Note that the Windows Speech Recognition app and some other speech services will still work, since they don’t rely on online speech recognition.
Hide the Cortana button
We’re almost done. Since we don’t want Cortana to do anything, it only makes sense to remove the Cortana button from the Windows taskbar. Here’s how you do that:
- On the Windows desktop, right-click the taskbar.
- In the menu that appears, clear the Show Cortana button option.
While Cortana will still be there, these simple changes should minimize the privacy risk she poses.
NOTE: On February 28, 2020, Microsoft announced that they are making major changes to Cortana. The changes are supposed to turn Cortana into more of a productivity booster than a personal assistant. At the same time, the changes are supposed to enhance your security and privacy. At least in the beginning, the most significant changes will affect Windows 10 users in the United States. Depending on how this goes, we may have to revisit Cortana and privacy once the new version appears.
2. Make privacy-friendly apps the default apps
Not surprisingly, Windows 10 comes with Microsoft apps set as the default for various functions, including email and browsing the web. If you’ve started using privacy-friendly apps for these functions, you can tell Windows to use them as the defaults for these functions. To see how this is done, let’s configure Windows to use Firefox as my default browser, instead of Microsoft Edge. Note that the desired app needs to already be installed on your computer. Privacy-friendly apps tend not to be available in the Microsoft Store.
To change a default app, follow these steps:
- In Windows Settings, select Apps. This opens Apps & features.
- In the menu on the left side of the window, select Default apps.
- Under Default apps, scroll down and select Microsoft Edge (the current web browser). This opens the Choose an app list.
- The list displays all the installed web browsers. Select Firefox from the list and wait a moment. Firefox will now appear in the Default apps list.
Note: We like Firefox because it is a privacy-respecting browser that is also highly customizable. See our Firefox privacy modifications guide.
3. Eliminate unwanted startup apps
Some apps automatically start when you start Windows. Let’s make sure that you are in control of the apps that start automatically when Windows starts, since the odds are excellent there will be at least one that is not privacy-friendly.
To control which apps start automatically when Windows starts, select Startup in the menu on the left side of the Apps window. A list of the apps that are currently starting automatically appears on the right side of the window.
One startup app I suggest you always disable is Microsoft OneDrive (I did so in the image above). If you need OneDrive style (cloud) storage, I suggest you install a privacy-friendly cloud storage app like MEGA or Tresorit, and use that in place of OneDrive. (We have other cloud storage reviews as well.)
4. Tweak Sign-in options
Windows does a couple of things here that are not great for privacy. Follow these steps to tweak the Sign-in options:
- In Windows Settings, select Accounts. This opens Your info.
- In the menu on the left side of the window, select Sign-in options.
- Under Sign-in options on the right side of the window, scroll down to Privacy.
- Set both Privacy options to Off.
The Show account details… option should be off by default. You want to turn off the Use my sign-in info to automatically finish setting up… option to prevent Windows from signing you in on its own. With that option set to On, you could be away from your computer and Windows could sign-in and launch apps on its own, leaving you totally exposed to anyone who happens to be passing by.
5. Adjust General privacy settings
Now we need to get into the Privacy section of Windows Settings. We’ll just start at the top with the General privacy settings.
To adjust Windows 10 General privacy options:
- In Windows Settings, select Privacy. This opens the General privacy page.
- The best thing to do here is simply to turn off all of these options. They all involve allowing Microsoft to gather information about what you do while in Windows 10. You don’t need any of these to use the product. Leaving any of them turned on simply helps Microsoft build a bigger profile on you.
If you would like to learn more about what each of these options does, you can check out this General privacy settings in Windows 10 page.
6. Practice safe Wi-Fi
Do you remember the days before Wi-Fi? The bad old days when our computers needed to be connected to the rest of the world by wires? Wi-Fi makes life much more convenient. But it also can be a privacy risk. Here are the changes I suggest you make to Windows 10 Wi-Fi settings to maximize your privacy.
Settings on the Wi-Fi page
There are a few changes to make on the main Wi-Fi page. We want to enable the use of random hardware addresses and disable Hotspot 2.0 networks. One of the things that Wi-Fi transmits while looking for available networks is your system’s physical MAC address. In some places (a shopping mall, for example), the MAC address could be used to track your movements, when you visit the place, and so on. Random hardware addresses, if supported by your Wi-Fi hardware, send out fake MAC addresses when scanning for networks. This would make it much harder to track you.
Hotspot 2.0 is a standard that is meant to make using wireless hotspots more like using your mobile phone. As you move around in the world, your phone automatically selects new cellphone towers so you can stay connected. Hotsport 2.0 is meant to do the same for wireless hotspots that support the standard. This standard hasn’t become widely accepted yet, and I’m not convinced that it is a safe way to use Wi-Fi. I suggest you shut it off.
To change these settings on the Wi-Fi page:
- In Windows Settings, select Network & Internet.
- In the left-hand menu, select Wi-Fi. This opens the Wi-Fi page.
- Turn on Use random hardware addresses.
- Scroll down to Hotspot 2.0 networks and turn that Off.
Next, I suggest you make sure that the Mobile hotspot feature is turned off. When on, this turns your computer into a hotspot that other devices can log into for Internet access. This makes it another point of attack for a hacker. Normally, this feature will be off by default, but it will only take a second to check.
Select the Mobile hotspot menu option on the left side of the page and make sure it is set to Off.
If you are using a wired connection to the Internet you can really fortify your system by turning on Airplane mode. In this mode, all your system’s radios are turned off, making it impossible for anyone to get into your system wirelessly. The radios this affects include not only Wi-Fi, but Bluetooth, and if your device has the ability, cellular access.
To go into Airplane mode, simply select that option on the left side of the window and turn it On.
7. Control Diagnostics & feedback
As much as possible we want to limit the information we send to Microsoft. To do that, we need to change a couple of settings on the Diagnostics & feedback tab. Here’s what you need to do:
- In Windows Settings, select Privacy.
- In the menu on the left side of the window, select Diagnostics & feedback. This opens the Diagnostics & feedback page.
- Under Diagnostic data, select Basic. This prevents Windows from sending Microsoft personal data like the websites you visit and which apps you run.
- Under Improve inking and typing, turn off the option to send inking and typing data to Microsoft.
The less data you send the better.
8. Limit Delivery Optimization
Windows 10 can do some tricks to possibly download updates faster. It does this by pulling update information from locations other than the Microsoft website. Specifically, it can pull updates from other machines on the local network, as well as other computers on the Internet. The idea is to share the load of downloading Windows updates.
I am not a fan of this approach. You should have your Windows installation well-protected from viruses and malware, but downloading updates from other computers on the network or even random machines on the Internet is just an invitation for trouble.
Add in the fact that allowing downloads in this manner also means that others can download parts of their updates from your computer. Windows should handle all of this automatically and safely, but you have to trust that they will do it right. The potential for privacy and security problems isn’t worth the possible time savings.
To make sure Windows 10 only takes updates directly from Microsoft, follow these steps:
- In Windows Settings, select Updates & Security. This opens the Windows Update page.
- In the menu on the left side of the window, select Delivery Optimization.
- Under Allow downloads from other PCs, set Allow downloads from other PCs to Off.
9. Keep your activity history to yourself
Windows 10 can keep track of your activities for you. This “activity history” includes things like information about the web sites you visit and the apps and services you use. This information gets fed into the Timeline, and gives you a way to go back to what you were doing in the past 30 days. By default, Windows tracks your activity history. It also sends your activity history to Microsoft so you can use it on other devices.
From the privacy perspective, I’m not sure I would want Windows 10 to record all my activities in this way, but you might find it useful. But I’m sure I wouldn’t want it sending this data to Microsoft. Follow these steps to control your activity history;
- In Windows Settings, select Privacy.
- In the menu on the left side of the window, select Activity history. This opens the Activity history page.
- Uncheck the Store my activity history on this device option unless you have a good use for it.
- Uncheck the Send my activity history to Microsoft option.
- Scroll down to the Clear activity history section and click the Clear button for any accounts that don’t need their activity history saved by Windows.
10. Set app permissions for maximum privacy
Windows apps often need (or simply want) access to data that many people would consider private. For example, one app might want access to location information so it can provide you with ads for nearby restaurants. Another might want to see your contacts, or control your webcam, or look at your call history. Apps may have perfectly legitimate reasons for the permissions they request, but you need to decide whether you want any particular app to have access to the private data it requests.
In this section of the guide, we’re going to hit the various types of app permissions that are available. I’ll tell you how to turn them on and off, and give recommendations as necessary.
But before we do, let me clear up one thing. As we work our way through the settings, you are going to see references to “desktop apps.” Microsoft distinguishes between desktop apps and other types of apps. Among other things, desktop apps may not be controlled by the Windows 10 privacy settings we are about to look at. So what is a desktop app? Here’s what Microsoft says:
What are desktop apps? They’re usually downloaded from the internet or installed with some type of media (such as a CD, DVD, or USB storage device). They’re launched using an .EXE or .DLL file, and they typically run on your device, unlike web-based apps (which run in the cloud).
Desktop apps play by different rules than other apps when it comes to privacy. That means you’ll need to scrutinize the privacy policies of each one individually. It also means that Windows privacy settings may not protect you if you install desktop apps from dubious sources. To learn more desktop apps and privacy, check out this page.
Control access to location data
When turned on, Windows uses your computer’s capabilities to determine your location. Microsoft uses this information to improve its location services. Windows uses this information for various features, as well as sharing it with apps. At times it can be useful for Windows and certain apps to know your location. But do you really want Windows constantly checking your location and sending it to Microsoft?
Happily, Microsoft gives you a good bit of control over when, how, and by whom location data is used. You can:
- Turn off location completely, meaning Windows doesn’t use your computer’s capabilities to figure out your location, period.
- Control which apps, if any, have access to location data.
- Set a default location for use when better data is not available
- Clear the location history stored on your device
You do all this from one page, so let’s go there.
In Windows Settings, select Privacy. In the menu on the left side of the window, select Location. This opens the Location page.
- If you want to prevent Windows, Microsoft, and any apps from calculating your actual location, under Allow access to location on this device, click the Change button, and set Location access for this device to Off.
- If you left location on, you can still prevent apps from using the data. Under Allow apps to access your location, set the switch to Off. Desktop apps may ignore this setting.
- If you wish, you can set a default location that Windows, apps, and services can use when they don’t have any better data. Under Default location, click the Set default button and select a location.
- Scroll down a bit more to see the Location history section. If you want to erase the location history information that is currently stored by Windows 10, hit the Clear button.
- Finally, if you are allowing apps to have access to location data, you can still select which apps have access. Scroll down a bit more and you will see a list of apps, along with switches that tell you whether that app has access to location data. Unless you can think of a specific reason why an app should have access to your location, set the switch for that device to Off.
Windows 10 location settings can be confusing. If you want more information on location and the privacy implications, visit this page.
Control access to the camera and microphone
You control permissions for access to the computer’s camera and microphone the same way you control access to location data. The pages are laid out the same, except that there is an additional switch for each of these. You use that switch to prevent desktop apps from using the camera or microphone.
However, even if you turn this off, some desktop apps may still use the camera or microphone. Note also that it has long been reported that the NSA and others have the ability to turn on your computer’s camera and microphone remotely. So is there a way to really prevent the use of the built-in camera and microphone on your Windows 10 computer? Maybe.
You may not be able to prevent a hacker from turning on your computer’s camera, but you can keep it from being useful to them. How? Cover the camera lens. Putting a piece of opaque tape or some sort of sticker over the camera means it won’t be useful for spying on you.
The microphone is a bit more tricky since blocking sound from reaching it isn’t as easy as putting a piece of tape over the input. I’m not an expert on this, but I have seen one suggestion that seems like it might work. The trick is to cut the microphone jack off an old headset or another device, then plug that jack into the microphone input on your computer. Reportedly, inserting this (now non-functional) jack into the microphone input will physically disconnect your computer’s internal microphone.
Control other types of app permissions
There are lots of other things that apps might do to violate your privacy. Controlling app permissions for these things works very much like controlling app permissions for location data. I don’t want to waste your time repeating virtually identical steps over and over for each type of permission. Besides, Microsoft provides pretty detailed explanations of what the permission is for and what each individual control does on each page. Instead, I will list each permission type, and give my suggestions on what to do about them to maximize your Windows 10 privacy.
When in doubt, I suggest you disable a permission completely by clicking the relevant Change button and setting the switch that appears to Off. If an app that is important to you complains, you can always turn the general permission back On, then under the Choose which app can access your… heading, turn Off the permission for every app except the one you need.
- Voice activation – Allows you to activate speech recognition without having to first hit a key or click the mouse. I would turn this off and rely on the keyboard and mouse instead of having Windows constantly listening in case you happen to be talking to it.
- Notifications – Shut it down completely.
- Account info – If you are using any of the default Windows apps such as Microsoft Edge, I suggest you use the Choose which apps can access your account info option and turn On only the specific apps you use. An even better move would be to stop using any default Windows apps, and instead choose privacy-friendly ones like those listed in the Restore Privacy Recommended Privacy Setup on the bottom of this page. (See also our best password managers guide.)
- Contacts – Lots of default Windows apps want access to your contacts, although I don’t know why apps like Maps and Microsoft Photos would need this information. Check the list of apps looking for this permission, and if you aren’t using any of them, completely disable this permission.
- Calendar – Check the list of apps looking for this permission, and if you aren’t using any of them, completely disable this permission.
- Phone calls & Call history – If you have a phone linked to this computer, these permissions allow apps to make phone calls using your computer and to look at your call history. The People and Messaging apps built into Windows 10 always have permission to at least make phone calls, so I would disable this permission completely to prevent other random stuff from using your telephone.
- Email & Tasks – Disable both of these completely. The Windows 10 Mail and Calendar apps have access to this information whether you disable permissions or not. Few types of data contain more private information than your email. (Use one of our recommended secure email services that respect your privacy.)
- Messaging – Similar to the Phone calls setting, enabling this allows apps to send and receive text or MMS messages using a phone connected to your computer.
- Radios – You really don’t want random apps to be able to turn your computer’s radios (typically WiFi and Bluetooth) on and off. I would disable this permission completely, and turn the radios on and off manually. (See our guide on Controlling Communication Channels for a deep dive on this topic.)
- Other devices – Unless you wirelessly connect your computer to your Xbox One or some other device, disable this completely. If you do connect to other devices, don’t turn this off but check the list of devices that want this permission to make sure you don’t allow some rogue app to wirelessly talk to who knows what device within radio range.
- Background apps – This one you probably will not want to disable completely. This permission allows apps to run in the background. That is, allows them to run when you are working in another app. If you disable this completely, apps like your music player, Skype, and your mobile data plan won’t work in the background. This is one permission I suggest you leave enabled, but turn off for any individual apps you don’t want running in the background.
- App diagnostics – This allows apps to access diagnostic data from other apps. I would disable this completely.
- Automatic file downloads – This controls whether Windows can automatically download files from your online storage provider for apps that request them. If you are using online (cloud) storage, I suggest you start by switching to one of our recommended secure cloud storage services. Once that is done, return to this option. Leave this permission enabled, but turn it off for any app that requests it except for the secure cloud storage service you are using.
- Documents – This gives apps access to your documents library. I wouldn’t disable this completely, because if you do, Windows Defender won’t be able to scan the documents library for infections. I suggest you leave it enabled, and turn off access to individual apps, being sure to leave it turned on for Windows Defender.
- Pictures & Videos – These two permissions grant apps access to your pictures library and videos library respectively. I would disable both completely and see if anything you actually use squawks about it.
- File system – This one gives apps access to all of your files and libraries. If you use Microsoft Office, you need to leave it enabled and turn off access to individual apps, being sure to leave it turned on for Office.
11. Make Windows stop hiding stuff from you
By default, Windows 10 hides many things from you. It hides the extension on some types of files, it hides certain programs, and it hides entire folders. I think the idea is to save you from worrying about the extensions, and to keep you from poking around at Windows 10 stuff Microsoft doesn’t want you messing with.
There are various problems with this approach, including a potential privacy issue. If an attacker penetrates your computer’s defenses, they are likely to install malware on the machine. Allowing hidden files and folders on your system could give the malware a place to hide.
Another way to hide stuff on your computer is to give it the same name as a legitimate file, but with a different extension. For example, this might be an executable file on your system named, “happy-birthday.jpg.exe.” With file extensions turned off, that would look like, “happy-birthday.jpg,” possibly making you think it was a nice birthday photo. Instead of seeing a photo, double-clicking it would run the program, “happy-birthday.jpg.exe,” which could do something bad to your computer.
Follow these steps to make Windows stop hiding stuff from you:
- Using the Windows search box, search for and open: file explorer options. This opens the File Explorer Options dialog box.
- Select the View tab.
- Under Advanced settings, set the Show hidden files, folder, and drives option.
- Uncheck Hide extensions for known file types.
- Uncheck Hide folder merge conflicts.
- Uncheck Hide protected operating system files (Recommended). Windows will object to you doing this by displaying the following warning.
- Go ahead and do it anyway (select Yes). Just remember not to mess with the files that are revealed unless your computer is compromised and you have no other choice.
- Click OK to exit.
Using Windows in a virtual machine for more privacy and security
Many people need to use Windows for work or to access specific applications. Therefore the “Switch to Linux!” advice may not hold water for Windows-critical tasks. With that being said, there are still some good options for this situation.
One recommendation we often stress here on Restore Privacy is to use virtual machines (VMs). A VM is basically a virtual operating system running on your (host) computer. This is very easy to do, and it’s also free with Virtualbox.
One of the big advantages of using VMs is that it gives you a strictly isolated environment to run Windows, which is separate from the rest of your system. This allows you to run Windows in a VM on a host computer, which could be running a privacy-respecting operating system, such as Linux.
You can get started by simply downloading Virtualbox for your host operating system (available for Windows, Mac OS, and Linux). Then, download the operating system you want to use, in this case, Windows 10. Then you can go about setting up your Windows 10 VM (there are many tutorials for this).
Note: Both Windows 10 and Virtualbox are free, and you don’t need to register your Windows 10 version. Then, whenever you need Windows for specific tasks, simply fire up your Windows 10 VM.
With this method, Windows will be safely secured and isolated from the rest of your operating system, data, and files.
Conclusion on Windows and privacy
As you can see, there are many things you can do to improve your privacy when using the latest version of Windows 10. While users of the home edition can no longer turn off Cortana without fooling around in the Registry, we can rein in Cortana to some extent, thereby minimizing her access to our personal data. We’ll have to wait and see the impact that the upcoming changes to Cortana have, but hopefully they will give us back a little more control over her.
While this guide was mainly focused on configuring your Windows settings for more privacy, there are other considerations as well. For example, a good VPN service will encrypt internet traffic between your Windows computer and a VPN server, while also hiding your IP address and location. We cover the best VPNs in detail on this site. There are also other privacy tools worth considering as well.
What Windows 10 privacy tricks have I missed? Let me know in the comments.
I was finding it more and more difficult to deal with Windows’ 10. I’m in my 70’s & didn’t want to figure out my way around trying to get updates to stop and mange every roadblock that was put in my way. I loaded Windows’ 8.1 and until I can figure out Linux, I would like to find out which version of Windows’ (like 1809, 1909, etc) is considered the best. I want it to still easily allow me to stop Updates, Cortana, and Microsoft making me agree to let them use my info, etc. Even if it lets me just pretend I can check a “no box” for awhile I’ll be happier than I was with the recent evolution’s. Unfortunately with Window’s 8.1, I would have to add more drivers to get additional wifi adapters to work and it would just be easier to move to a slightly better update that was easy to put your security recommendations on. I would really appreciate any help I can get… Thank You!!
Hey Melly, have you ever thought of going with Mac OS and picking up a Macbook? Mac OS is much easier, faster, simpler, and more secure and private than Windows. It just works better. I recommended it for my parents who also struggle with Windows.
On privacytools.io saw this mentioned:
[https://www.oo-software.com/en/shutup10] (calling itself a free antispy tool for Windows 10 and 11)
and
[https://safing.io/portmaster/] (to monitor and control all of one’s network activity).
Portmaster is in alpha, also available for Ubuntu Linux, free and open-source. Any opinion on either of those whether it would be beneficial to use on Windows? – Haven’t been on Windows 10 for several weeks. Reading about Windows 10 on Wikipedia, it looks like the Home edition will be supported until October 14, 2025, so I and others don’t seem to have to be in a rush to install Windows 11. Hopefully in the meantime I’ll be able to find and learn to use more alternatives besides Trisquel.
Thank you very much to the ones from RP who have taken time and care to go over and update important guides on this website!! Your work is appreciated!!
When I typed “Cortana” into the settings search bar, it came back with “no results for cortana”
Can you please do an update for Windows 11?
Yes, we will try to get this out later in the year.
Could you please review Windows 11 (now that it’s released)?
Hi Heinrich and RP Team,
Another very informative and detailed article!
What would be the view on using installed apps verses browser apps from a privacy perspective. In nearly all cases I use a web version rather than installing an app. Are there pros and cons for each?
I feel more comfortable with web versions though I don’t know if this belief is sound.
My experience is that on a laptop / desktop the browser experience is as usable and functional as an installed app (Maybe not the case on a smart phone).
Regards,
BoBeX
Hi BoBeX, it really depends on the situation and the app. We discussed this issue a bit in the secure email guide with regards to use browser-based email or a dedicated email client (app) on your desktop. Again there are pros and cons to each and it always depends on the specific app. But since browser clients usually use javascript, I’d opt for a good desktop app instead, but that’s just my two cents.
Hi Sven,
Thank you for your reply it is much appreciated. Privacy far from is simple and I have more to learn.
Regards,
BoBeX
thanks a lot for the tip
Should we cover the camera lens of the smartphones due the same reason we do it on computers? Or it doesn’t make sense?
Not a bad idea.
Thanks for this guide big help A++++++++++
Thanks Heinrich,
I missed the Exploder settings on other privacy sites. Pity MS is still dumbing down the user.
Now Win 10 is installed in Virtualbox on Linux Mint. Need it to play games 🙂
Sorry, used 10minutemail.com for e-mail. I also like my privacy online. CU
I have dual-booting Windows 10 with Debian GNU/Linux. I want to use GNU/Linux for more privacy, but I don’t want to leave Windows 10 behind. Is that OK?
MS says to create a online account with them for more advanced privacy, security options for a new laptop just purchased. Any opinion’s on why or why not to make a account with them?
Hi Sven,
Thanks for the great article.
Are there any alternatives to the default Windows apps?
1.Photo viewer
2.Video player
3.Music player
1. Open-source alternatives to Photo viewer: ImageGlass, nomacs, qimgv, etc.
2. Open-source alternatives to Video player: VLC, SMplayer, mpv.net (by ‘stax76’).
Anybody herd of
Privatezilla, integrates the most critical Windows 10 privacy settings and allows you to quickly perform a privacy check against these settings. Active settings are marked with the status “Configured” and indicates that your privacy is protected. The inactive ones are declared as “Not configured”. All available settings (currently 60) can be enabled as well as disabled.
System Requirements
Windows 10 (supports 1809 – 2004)
.NET Framework 4.5
[https://github.com/builtbybel/privatezilla]
Great article. I was shocked after unchecking all these options. I did not know that Win10 was stealing all my data. I deleted what I could. Thanks again!
After doing update to Windows version 2004, when typing ‘Cortana’ in the Settings search box nothing(!) comes up. In the task bar there’s still ‘show Cortana button’, which is still unchecked. Cortana is listed in ‘Apps’, but the uninstall button is light grey, doesn’t seem to function.
I really don’t know that windows 10 has this kinds of privacy settings. This is awesome.
Finished the recommendations, except virtual box. For a lot of the settings, like camera etc., it said “*Some settings are managed by an administrator.” so could not change them because I’m not the administrator. The apps I could turn off, which hopefully will help.
Since unchecking ‘Hide protected operating system files (Recommended)’ and restarting the computer, on the startup page now have two desktop.ini files, with different dates and sizes (one day difference). Because it said in your guide not to mess with files, is it safe to delete the older one? If more files ‘show up’ over time, where am I supposed to keep them, or should I recheck that box? Someone’s answer here could help other people like me. Thanks!
Just starting to do the things recommended in this list. Have the 1909 version. Looked at ‘check update history’, have 1909 version. However, there’s ‘uninstall updates’ option on that page. Would it make sense to get back to a version where Cortana can be completely disabled by uninstalling updates? Probably am not tech-sayyv enough to do possible technical tricks mentioned at beginning of article, but for those capable who want to follow through, where can the info be found?
Thanks for the detailed article., though its a pretty big hurdle for many of us to take all these steps.
There are tools around like blackbird and O&O ShutUp10 that can automate this process for a certain extent. have you looked into these sort of programs and can you recommend any ?
Mr x
Definitely BlackBird as I’ve used it and it’s good. It and most of the others need to be ran again right after taking an updated to win 10, as is given to update the OS too.
In BB documentation, see how they’ve spent the time to decompile windows 10 to know what and how – to not just block them but rid the OS of these privacy harming windows telemetry.
Sven you guys Rock! thanks for the comprehensive fantastic job you do for all of us.
Sonar thank you Sir as well for being that active and adding interesting infos!
Clueless sheep.
Hey Ron,
That’s appreciated.
The trackers and offenders on the web have a head start besides big budgets.
– They work in the shadows of the back ends to websites which almost any thing rendered on your screen over the web comes from a server. Your browser also calls out to a server to link you with your search terms. How these servers all ties the things together we seek as website links in our search – is of the related facts as how much the Ad-Tech industry corrupts the final meanings in our hops for us to get at the information of our search. Follow that logic?
– – I mean we get to a site and it’s whole contents seen may come from any number of multiple servers being used.
One servers call made is for rendering the images we see, another server handles our site logins, still another server handles our purchases securely, another server for site support and contact – get my drift of how it’s not just one server that’s used.
I feel that any server in the chain established, can very well throw out third-party trackers at us. Though, if a site is relatively strong towards it’s user privacy as a respecting site there of. That respect can all get washed away by simply how the modern web works because it’s need for calling up these CDN servers.
Thanks
Do I need to do all this if I’m running Windows 10 in VirtualBox? Looking after all this privacy stuff is exhausting. The minute I think I’ve got it all under control, there’s something else that needs fixin’…
Well, it depends on what you are doing, but with a strictly compartmentalized environment (in Virtualbox) there’s a lot less to worry about. Just don’t break the compartmentalization (as discussed in the How to Be Anonymous guide).
@glix
As technology advances it’s the same old story over again of keeping you on your toes – to maintaining your privacy of a chosen device and it’s platform.
Once your versed enough and in time it becomes a second nature aptitude as like the order in which you get dressed.
Virtualizations best quallity is it’s in a sense a paralle dimension of your real systems environment. It lives as long as you deem it to…♧
@Sven I couldn’t do a direct reply to the comment from the desktop – only mobile works. That hiccup looks to have come back again ♡
Thanks for the heads up Sonar, I’ll look into this again.
UPDATE: Ok, I think I fixed the problem. Try clearing all cache on your browser and reloading the page.
Yea,
Thanks Sir – what ever you did worked, now on my desktop to making this reply.
@sonar,
Thank you. Sorry for not responding sooner as things have been extremely busy around here with all of this stuff going on. When I can, I will reach out to Sven. Outside that, thank you for the other information. I appreciate it.
@J.M.
No trouble – no sweat, and in your own time reach out.
I know just getting groceries here has been a train wreck. Dahm pizza places think you can eat it 7-days a week. Order groceries online locally to be delivered (I don’t drive anymore), and wait 3-4 days cause that’s the only delivery window from when the order is placed. Then only get half of it because they were out of things when your delivery day happens.
Then EBT system is only in test markets across the nation as it’s not yet wide spread adopted for online purchases but in a store for most of us on it – so I can’t use my $70 funds there online.
Why not QEMU/KVM (via a front-end like gnome-boxes or virt-manager) instead of VirtualBox?
Reasons;
1. It’s an order of magnitude more performant.
2. It doesn’t stink of Oracle.
Hello. What do you think about using third-party encryption tools when using services without end-to-end encryption? Like emails and cloud storage. Because I’ve been seeing NordLocker a lot recently and I was wondering if it’s a viable alternative to secure my cloud files when using a free service, because I don’t need it that much to warrant a paid service. And thanks for the thorough guide.
Yep, that can work well. Some people encrypt files locally and then store them somewhere else, such as DropBox, for example.
@J.M. no I didn’t study read the topic as I prefer not being a ninja hacker at heart. Simplicity is a key role to any downtrodden soles learning about self privacy in a rapid technology paced world – which I’am one. Truth and honesty has very little to do with a users privacy, and more in trust – so to as one’s history, not without their own security for self protection – preservation.
Remembering the KISS principle: The KISS (Keep it simple, stupid – I’d prefer use of studs or simply as KIS, as do rivets meant to building something).
As it’s main principle of a mission here stating that most systems work best if they are kept simple rather than made complicated;. See the bottom as I’ve expanded this further.
For virtualization made simple especially on the Windows platform I suggest the lifetime license (yes in this day to find a soft w/100% free updates), of the application named – Shadow Defender.
It is an easy-to-use security solution (for Windows operating systems) that protects your PC/laptop of it’s real installed host OS environment against malicious activities and unwanted OS changes of it’s installed environment.
Shadow Defender can run your system in a virtual environment called the ‘Shadow Mode’. This redirects each system change to a virtual environment with no changes to your real installed OS environment. As you simply install it’s application and understanding what settings there are to use. If you ‘d then experience any malicious activities and/or unwanted changes, perform a reboot to restore your OS host system environment back to its original state. As if nothing had happened before hand. With Shadow Defender, you have the flexibility to specify which files and folders are permanently saved to the real host OS environment. This ensures important files and folders are kept after a reboot. But you must understand a purposed roll in it’s running to set it up for that specific roll related.
Ex: just surfing the web as opposed to retaining something dl to it. Though if you’d dl something and have another drive shown in your systems File Explorer. As not being covered in the Shadow Mode as your main system C:drive would be. After testing and scanning it for cleanliness move it there.
Though, I question about and with some regards to it’s claim of features in #2-2nd half and #3 below.
I believe it can discard some trackers as flash and evercookies, e-tags, and possibly some ID-ing and other tracking methods, except for the variety of fingerprinting methods used against your basic systems environment. Such as what the web and sites uses to render websites just for your device and that info of it’s device data and it’s machines meta-data trial that it’s left behind.
Shadow Defender Features:
1. Prevent all viruses and malwares.
2. Surf the internet safely and “eliminate unwanted traces”.
3. Protect your privacy.
4. Eliminate system downtime and maintenance costs.
5. Reboot to restore your system back to its original state.
Shadow Defender Use:
1. Maintain a system free from malicious activities and unwanted changes.
2. Test software and game installations in a safe environment.
3. Protect against unwanted changes by shared users (suitable for workplaces and educational institutions).
Back on your question:
-Your last meaning of the asked initial question – falls back to your prior mention in, Some How & Some Way, of that theory you’ve share on the site.
Basically, what a VM does is acting as a software layer so that the host OS environment does not collide with or interfere with what the ‘guest OS’ is trying to do, and sandboxes the ‘guest OS’ so that it can’t compromise or interfere with the main hosts OS. Because as a modern OS wants to exclusively control ALL your hardware and is written with an assumption that it is the only thing that is running on your machine. It wants all the memory, it wants to exclusively talk to your HDD, graphic cards and every single peripheral you have. VM’s allow non-corruption by sandboxing a guest OS of the Hosts OS in data and hardware, because they’ll be sending control sequences to hardware, memory and CPU believing that nothing aside from them exists, which without a VM will lead to mixed command sequences and corrupt data to both OS you’d try using otherwise without a VM. Virtual machine provides then a proxy (for lack of better term) in virtual hardware to a guest OS, so it can run without messing up any control of a real OS (hosts) environment of it’s hardware and data.
-Noteworthy, Oracle has released patches for ten vulnerabilities in VirtualBox which allow attackers to break out of a guest operating system and attack the host operating system that the VirtualBox may run on. Exploits using this method, are known as a “virtual machine escape,” and have been the subject of intense interest among security researchers following the disclosure of the Venom vulnerability in 2015. See [shorturl.at/CR156]
Understanding then:
* “It was based on a thought that I could run two systems simultaneously. Basically the Linux running and shown on two screens and the third running a VM with windows.”
-Yes you’d run two separate systems simultaneously but not as you may think – by thinking host & guest one supplies then the other if you will. And, No not really active without some kind of virtual environment as in the virtual hardware by it’s assignments chosen.
-If the third mentioned (as in your laptop), then is running a Windows OS as installation already, and a VM app based on the windows platform is installed on the laptop. (Yes) you can use a hosted OS as Windows to have a guest of same/different Windows OS running again in a virtualbox virtualization platform built for the Windows platform as it’s a guest on or of. Otherwise go back and read at the point ‘Understanding then:’.
I suppose too, that a Linux to Linux or Win and the same possible with Win to Win or Linux is very possible. Just as long as the main installed OS is based as the host uses the right version or virtualization platform for the hosted VM guest operating system to be installed. Make any sense as I’am thinking afar in what’s you’ve asked.
Simplicity again is my key to using something as simple, versa virtualization sandboxed platforms as are intended to provide the full isolation between a guest OS and hosts installed operating system, VM escape vulnerabilities have seen their increased scrutiny, though. Novice experienced users be ware!
If I may, the main OS on a machine hosts a subsystem OS using the virtualbox virtualization platform as a sandbox area, as it’s intended to provide full isolation between a guests (virtualbox) or even a guest instance as Shadow Defender allows to the installed real OS hosted operating system.
VM escape vulnerabilities (LEAKS between the guest to host) are fact. Simply meant as leakage to host OS system from the guest OS.
PS: I would like to stay in touch with you J.M. and a few other valued RP readers – anywhere but on the RP and reddit sites, got any ideas ?
@sonar,
Thank you for the info. I had not heard of shadow defender and appreciate the input. I looked at it and it seemed pretty interesting.
But my question would be, and I didn’t look at it yet, what will SD do with my info when I purchase from them? Then how much would I have to keep track of?
In concept, it looks good though and worth looking at deeper. Maybe I missed some parts to my search. Has it worked well for you?
As far as VM’s I knew there was vulnerablilities. I appreciate the link to those issues. I never have used them but they sound as though it requires two hard drives to do my idea and a second video card. I have that but setting it up may be beyond me :).
As far as other places online I have one other forum I pop in and out on. It is actually funny but on one forum I used to visit, my account is deleted and the other I don’t even have the password or email address anymore. My travels just has me visiting and viewing not really joining anything. Did you have anything in mind?
@Sven, I am sure it has been mentioned but a PM function may be really good. Not to throw too much on you ;).
@J.M.
First contact in Sven to get news of a route.
Direct inquiries can also be sent to: contact [at] restoreprivacy.com
I’d suggest using a Tutanota account if you have it as then a two way encryption route to myself from then on…
–
Register Shadow Defender:
You must register Shadow Defender with a valid serial number/registration code obtained from ShadowDefender[.]com.
@ NOTE – Otherwise, the software will expire in 30 days.
Free 30 days ride then to check it out and decide for yourself.
(There is small tax fee added to the purchase)
Technical Support:
To ask questions or report bugs, please send email to support@shadowdefender.com
[http://www.shadowdefender.com/help.html]
How Does Shadow Defender Work?
(Installs like any installed program on windows usually will – I let use it’s default location).
Pretty smooth and fluid in starting it – to the reboot need as stopping it, the way I mainly had need in testing things and surfing to find stuff to try on my rig. Really you don’t know it’s there in the in-between times as any things you do, or not should idle the real OS. I would be curious for you to ask Dev, what if a crash should occur while being in virtualization?
It’s never happened to me.
Shadow Defender’s protection concept is very easy to grasp.
For the software to do its job properly you have to place the disks installed on your computer into Shadow Mode.
By doing this, the application will take a snapshot of the disk and run every file in virtual mode. (on that disk – or others disks you’ve indicated in the settings menu of it’s UI).
You will have the same access to the files on the disk but any write action will be virtual to it now. This means that no matter how many worms bugs and spyware you have infected your computer with, they will not affect the real system environment at all because of the virtualization. Once you snap out of this “parallel dimension” (reboot is best) as you can live snap out but I don’t think then – every change that has been made to the system and the files on the disk will be discarded.
Till an actual reboot…is to happen.
The conclusion in this sense is that the computer will not be affected by any change and no malicious files will be written to the PC. The greatest thing is that you can choose what can actually get stuck and/or is to stay on the disk while in Shadow Mode. More than this, you can decide in advance what files and folders should not benefit from Shadow Mode protection. (hope I got that right), as I’ve been up for awhile now reading and writing 49 strong.
Minimum System Requirements
Operating System:
Windows XP Home
Windows XP Professional
Windows Vista (32-bit)
Windows 7 (32-bit and 64-bit)
Windows 8 (32-bit and 64-bit) – worked on my 8.1 pro
Windows 10 (32-bit and 64-bit)
CPU: 1 GHz or faster
RAM: 1 GB or above
SPACE:
Hard drive space requirements are 10 MB for program files
and 1 GB or more free space for each partition in Shadow Mode
–
NOTE: If you select ‘Exit Shadow Mode when shutdown’ the volume will exit Shadow Mode automatically when OS reboot or shutdown. If you select ‘Enter Shadow Mode on boot’ the volume will exit Shadow Mode automatically when OS reboot or shutdown. BUT when you log into windows next time, the volume will enter Shadow Mode automatically.
Screeshots:
http://www.shadowdefender.com/screenshot.html
Only thing may be any interest is the dates you find.
Hi RestorePrivacy
What about switching to a local account, instead of a Microsoft online account for log-in?
Is it still possible to do this?
Thanks for the fantastic work !
@N.K
I’ve covered this as ‘HardSell’ about a year+ pasted please have a look.
[https://restoreprivacy.com/privacy-tools/#comment-37071]
Your main question, sounds as if your wanting to switch after having installed and used the M$ online account – correct?
If so you’d need to start again of a fresh Win install, maybe an option is to dual boot as not to forgetting the way you set it all up to now – as the point in time.
So yes it’s possible to do from my link mentioned, and do make a clone / backup of the whole newly installed basic operating system after your settings – as no other System updates or installed apps and programs added just yet to it. This or these c/bu make a good reference point in progress to fall back on. Even if ransom ware should attack of a non-bootable crash occurs.
Understand : )
Please also make periodic clones / back-ups till you’ve set it all up the way you want. I suggest Win updates first and moving on to your preferred apps/programs.
That when it’s been prior tested of course, which allows you to wipe everything or buy an SSD and use it replacing the other older drive to store away from system drive of any thing it’s able to hold. Ex: your clones and or back-ups.
Quick take away: simply disconnect your computer from the Internet when your installing a Windows 8, 10 it’s that easy to see a different menu offering a local account.
Otherwise it’s quickly been known, you’ve overlooked the options that are given in the initial few system settings windows menu choices to a local account.
Two questions.
1) Isn’t using a windows, even with these changes, still defeating the purpose of privacy? Microsoft, the program and add ons, are inherently invasive. These minimize the amount but is it going to stop everything? I may be wrong and if it does, great.
2) I notice you didn’t (at least from what I read) mention a VPN. I am assuming use that as well?
Lastly, I saw VM being suggeated to run windows. I have three monitors and two hard drives. Can I run one monitor and hard drive as a VM with Windows, and the other two with my Linux at the same time?
That could open some interesting doors. Thanks for the info as these steps are very good.
1. From the guide: “Many people need to use Windows for work or to access specific applications. Therefore the “Switch to Linux!” advice may not hold water for Windows-critical tasks.”
2. Yes. I can add a note about that.
I’m not following your last question. Virtualbox is an application that runs on your operating system through which you can run VMs. Perhaps this video tutorial can answer your questions.
@Sven,
I understand the just go to Linux. I am one of those that has to have a windows so I am not throwing that out. If that was how it was taken that was wrong and not intended. Windows runs on my laptop at the same time my desktop runs my Linux and I go from one desk to another as I need. Hence I asked my last question.
It was based on a thought that I could run two systems simultaneously. Basically the Linux running and shown on two screens and the third running a VM with windows.
Appreciate the guide and will check my laptop tomorrow. Thanks.
@J.M.
When I tested the short link I gave to you it worked, so I can’t say what happened?
The long link is-
[https://www.techrepublic.com/article/10-new-vm-escape-vulnerabilities-discovered-in-virtualbox/]
@sonar,
Thanks.
Give Sven an email holler, cause it’s the safest way I see us using PM to deepen our answers. I’ve maintained that contact with Sven since my early days here.
Yep, I can put readers in touch if that is wanted by both parties.
https://restoreprivacy.com/contact/