I wanted to contribute to EZ for a while now, however I was trying to find something useful to post and something people may use and can add to. So I made this guide about trying to bring back privacy for Windows 10. Hope you like it.
Introduction
Some parts in this guide can be done by the many programs that people have already created to automate this process, however you could use this as a check list as you are installing Windows 10 or if you wish to do each step manually and not have it done by a program. Also I would agree some steps in this guide are a little anal and take things to far but I tried to go as deep as I could
Yes I know the first step to privacy with Windows is never to install it and use Linux or no computer at all, but some of us need it for work related tasks or development. So here is my guide that should increase privacy on Windows 10...
Basic - These are standard/ basic options and settings to complete. This is for people who kind of care but not really about privacy.
First thing I would go and do is make sure to download and install Windows 10 Enterprise just so you can turn of telemetry completely and have control over Windows updates. You will have to torrent this or buy it if you have the money. Once you have your Windows ISO ready for install do the following:
Basic- Do not choose express settings in the installation process. Click custom and turn everything off or to your liking.
- Use a local account and never use a Microsoft account to login with Windows 10. Same if you are on Windows 8/8.1
- After the install is done go to PC Settings > Privacy and disable everything unless you need some settings on. I would turn all that crap off
- While in the privacy settings page remember to turn off any Feedback...
- Turn off sharing updates, go to PC Settings > Update and Security > Advanced Options > Choose how updates are delivered and check the PCs on my local network and then switch it off.
- Disable Cortana.
- Disable web search by going to the search bar and clicking settings icon and choose never to include web results.
- Change the name of your computer by going to PC Settings > System > About and PC name should be at the top with a button saying rename PC. Change it to something random.
- Install the Classic Shell Start Menu to replace the horrible mess the start menu in Windows 10 is loaded with like Cortana, web search and metro apps. You can get this from: http://www.classicshell.net/
Advanced - For the more privacy concerned individuals out there.
Advanced- Open the command prompt as administrator, and enter the following which will disable two Windows 10 data collection services
sc delete DiagTrack
sc delete dmwappushservice
echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl- Disable telemetry in Windows 10 Enterprise: Click start and search for and run as administrator gpedit.msc go to Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds. Double click Telemetry, hit Disabled, then apply. This method does only work on Enterprise versions of Windows 10, if you have Home or PRO please look below under the extras tab.
- Instead of performing the following manually I recommend using a program called O&O ShutUp10 which you can find here: http://www.oo-software.com/en/shutup10
Here is an example of some of the features this program offers, I would say it is one of the best out there to use to disable things like OneDrive, feedback, peer to peer updates and so on. I will also include some other programs in the extras tab below which are open source and may be useful to others.
- I also recommend running a program called Anti-Beacon from Safer-Networking; the creators of Spybot. Spybot Anti-Beacon is a standalone tool which was designed to block and stop the various tracking (telemetry) issues present in Windows 10. Anti-Beacon is small, simple to use, and is provided free of charge. It was created to address the privacy concerns of users of Windows 10 who do not wish to have information about their PC usage sent to Microsoft. Simply clicking “Immunize” on the main screen of Anti-Beacon will immediately disable any known tracking features included by Microsoft in the operating system. You can find this program here: https://www.safer-networking.org/spybot-anti-beacon/
- Next, to completely make sure OneDrive won't bother you ever again, open up gpedit.msc while running it as admin, go to Computer Configuration > Administrative Templates > Windows Components > OneDrive, double click Prevent the usage of OneDrive for file storage, hit Enabled, then apply.
- While still in the Group Policy Editor, go through Computer Configuration > Administrative Templates > Windows Components > Windows Defender, double click Turn Off Windows Defender, hit Enabled, then apply. Then either use no antivirus or install a third party one, really you only need an antivirus if you are a complete noob and are downloading untrusted content. Use a sandboxie or virtual machine... Antivirus programs use CPU time and memory as well. I am using Common Sense 2015 currently.
- Next to further more disable Windows telemetry go to regedit as admin go through HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection, select AllowTelemetry, change its value to 0, then apply.
- I then recommend running another Windows 10 Ati Spy program which you can find here https://github.com/Nummer/Destroy-Windows-10-Spying This enables you to disable certain services, add firewall rules and uninstall those horrible Metro Apps.
- IMPORTANT: Windows 10 has a new DNS feature called multi-homed named resolution, which gets around making only DNS request directly through your VPN tunnel. This works by Windows 10 sending multiple DNS requests through all available network interfaces, it does this to try and "improve" web performance; which is does but it completely makes your VPN/ Proxy pointless as you will then be leaking DNS requests through your normal ISP IP/ connection and not the VPN IP/ connection. Then Windows 10 will use the fastest DNS response which may not be your VPN every time. Please look in the extras tab for more information about this.
Fix for The Above ProblemWindows 10 Enterprise/ Server Only: To fix the Windows 10 DNS problem goto gpedit.exe and disable Smart Multi-Homed Name Resolution under Administrative Templates → Network → DNS Client → Turn off smart multi-homed name resolution.
Windows 10 Home Users: The only solution at the moment is to set predefined DNS servers in your network interface under Control Panel -> Network and Sharing Center -> Change adapter settings -> right click your internet connection -> Properties. Disable IPv6 and change the IPv4 settings to use a custom DNS server. I recommend using your VPN DNS server IP and then an open source DNS server for the alternative one, or a DNS server your trust won't log you or track you.
- I then would recommend you change your hosts file to block some of the Microsoft and ad IPs that are used by them, however Microsoft have said that their host names will ignore the hosts file and bypass it. But this does not mean every host name of theirs, if you wish to add this extra layer please add these host names in your Windows host file: (Please refer to PeerBlock if you want to block Microsoft IPs at the outgoing network level in the extras tab below.)
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 urs.microsoft.com
0.0.0.0 bing.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 public-family.api.account.microsoft.com
0.0.0.0 adnxs.com
0.0.0.0 c.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 msedge.net
0.0.0.0 rad.msn.com
0.0.0.0 ads.msn.com
0.0.0.0 adnexus.net
0.0.0.0 ac3.msn.com
0.0.0.0 c.atdmt.com
0.0.0.0 m.adnxs.com
0.0.0.0 sO.2mdn.net
0.0.0.0 ads1.msn.com
0.0.0.0 ec.atdmt.com
0.0.0.0 flex.msn.com
0.0.0.0 rad.live.com
0.0.0.0 ui.skype.com
0.0.0.0 msftncsi.com
0.0.0.0 a-msedge.net
0.0.0.0 a.rad.msn.com
0.0.0.0 b.rad.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 m.hotmail.com
0.0.0.0 ads1.msads.net
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msn.com
0.0.0.0 apps.skype.com
0.0.0.0 b.ads1.msn.com
0.0.0.0 view.atdmt.com
0.0.0.0 preview.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 static.2mdn.net
0.0.0.0 a.ads2.msads.net
0.0.0.0 b.ads2.msads.net
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 secure.adnxs.com
0.0.0.0 www.msftncsi.com
0.0.0.0 live.rads.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 pricelist.skype.com
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 msntest.serving-sys.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 www.vortex.data.microsoft.com
0.0.0.0 www.vortex-win.data.microsoft.com
0.0.0.0 www.telecommand.telemetry.microsoft.com
0.0.0.0 www.telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 www.oca.telemetry.microsoft.com
0.0.0.0 www.oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 www.sqm.telemetry.microsoft.com
0.0.0.0 www.sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 www.watson.telemetry.microsoft.com
0.0.0.0 www.watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 www.redir.metaservices.microsoft.com
0.0.0.0 www.choice.microsoft.com
0.0.0.0 www.choice.microsoft.com.nsatc.net
0.0.0.0 www.df.telemetry.microsoft.com
0.0.0.0 www.reports.wes.df.telemetry.microsoft.com
0.0.0.0 www.wes.df.telemetry.microsoft.com
0.0.0.0 www.services.wes.df.telemetry.microsoft.com
0.0.0.0 www.sqm.df.telemetry.microsoft.com
0.0.0.0 www.telemetry.microsoft.com
0.0.0.0 www.watson.ppe.telemetry.microsoft.com
0.0.0.0 www.telemetry.appex.bing.net
0.0.0.0 www.telemetry.urs.microsoft.com
0.0.0.0 www.urs.microsoft.com
0.0.0.0 www.bing.com
0.0.0.0 www.telemetry.appex.bing.net:443
0.0.0.0 www.settings-sandbox.data.microsoft.com
0.0.0.0 www.vortex-sandbox.data.microsoft.com
0.0.0.0 www.survey.watson.microsoft.com
0.0.0.0 www.watson.live.com
0.0.0.0 www.watson.microsoft.com
0.0.0.0 www.statsfe2.ws.microsoft.com
0.0.0.0 www.corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 www.compatexchange.cloudapp.net
0.0.0.0 www.cs1.wpc.v0cdn.net
0.0.0.0 www.a-0001.a-msedge.net
0.0.0.0 www.statsfe2.update.microsoft.com.akadns.net
0.0.0.0 www.sls.update.microsoft.com.akadns.net
0.0.0.0 www.fe2.update.microsoft.com.akadns.net
0.0.0.0 www.diagnostics.support.microsoft.com
0.0.0.0 www.corp.sts.microsoft.com
0.0.0.0 www.statsfe1.ws.microsoft.com
0.0.0.0 www.pre.footprintpredict.com
0.0.0.0 www.i1.services.social.microsoft.com
0.0.0.0 www.i1.services.social.microsoft.com.nsatc.net
0.0.0.0 www.feedback.windows.com
0.0.0.0 www.feedback.microsoft-hohm.com
0.0.0.0 www.feedback.search.microsoft.com
0.0.0.0 www.public-family.api.account.microsoft.com
0.0.0.0 www.adnxs.com
0.0.0.0 www.c.msn.com
0.0.0.0 www.g.msn.com
0.0.0.0 www.h1.msn.com
0.0.0.0 www.msedge.net
0.0.0.0 www.rad.msn.com
0.0.0.0 www.ads.msn.com
0.0.0.0 www.adnexus.net
0.0.0.0 www.ac3.msn.com
0.0.0.0 www.c.atdmt.com
0.0.0.0 www.m.adnxs.com
0.0.0.0 www.sO.2mdn.net
0.0.0.0 www.ads1.msn.com
0.0.0.0 www.ads2.msn.com
0.0.0.0 www.ec.atdmt.com
0.0.0.0 www.flex.msn.com
0.0.0.0 www.rad.live.com
0.0.0.0 www.ui.skype.com
0.0.0.0 www.msftncsi.com
0.0.0.0 www.a-msedge.net
0.0.0.0 www.a.rad.msn.com
0.0.0.0 www.b.rad.msn.com
0.0.0.0 www.cdn.atdmt.com
0.0.0.0 www.m.hotmail.com
0.0.0.0 www.ads1.msads.net
0.0.0.0 www.a.ads1.msn.com
0.0.0.0 www.a.ads2.msn.com
0.0.0.0 www.apps.skype.com
0.0.0.0 www.b.ads1.msn.com
0.0.0.0 www.view.atdmt.com
0.0.0.0 www.preview.msn.com
0.0.0.0 www.aidps.atdmt.com
0.0.0.0 www.static.2mdn.net
0.0.0.0 www.a.ads2.msads.net
0.0.0.0 www.b.ads2.msads.net
0.0.0.0 www.db3aqu.atdmt.com
0.0.0.0 www.secure.adnxs.com
0.0.0.0 www.www.msftncsi.com
0.0.0.0 www.live.rads.msn.com
0.0.0.0 www.bs.serving-sys.com
0.0.0.0 www.pricelist.skype.com
0.0.0.0 www.a-0001.a-msedge.net
0.0.0.0 www.a-0002.a-msedge.net
0.0.0.0 www.a-0003.a-msedge.net
0.0.0.0 www.a-0004.a-msedge.net
0.0.0.0 www.a-0005.a-msedge.net
0.0.0.0 www.a-0006.a-msedge.net
0.0.0.0 www.a-0007.a-msedge.net
0.0.0.0 www.a-0008.a-msedge.net
0.0.0.0 www.a-0009.a-msedge.net
0.0.0.0 www.aka-cdn-ns.adtech.de
0.0.0.0 www.cds26.ams9.msecn.net
0.0.0.0 www.lb1.www.ms.akadns.net
0.0.0.0 www.az361816.vo.msecnd.net
0.0.0.0 www.az512334.vo.msecnd.net
0.0.0.0 www.msntest.serving-sys.com
0.0.0.0 www.secure.flashtalking.com
0.0.0.0 www.s.gateway.messenger.live.com
0.0.0.0 www.schemas.microsoft.akadns.net
0.0.0.0 www.settings-win.data.microsoft.com
0.0.0.0 www.msnbot-65-55-108-23.search.msn.com
0.0.0.0 www.vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 www.vortex-cy2.metron.live.com.nsatc.net
Miscellaneous - Additional things to consider when using Windows 10.
- Install PeerBlock (Link in extras tab below) and add the Microsoft IP Blok List from https://www.iblocklist.com/lists then run this program 24/7.
- Change your Mac Address from time to time.
- Never use Microsoft Edge/ Internet Explorer. Use an open source browser or FireFox... Chromium..
- Use VLC instead of Windows Media Player.
- Encrypt your storage drive(s) with VeraCrypt, however VeraCrypt does not support GPT partitions at this time and has not got full support for UEFI yet, you can get VeraCrypt from here: https://veracrypt.codeplex.com/
- Do NOT use Windows BitLocker ever, it is closed source and who knows what backdoor they have.
- Use a VPN or Proxy. Make sure you read there terms and conditions and making sure they have a no log policy.
- When installing any program check the settings and see if you agree with any privacy settings or change them to your needs. Look for things like send program use information, turn that off for example...
- Use Linux for any sensitive tasks and only use Windows operating systems if you need it.
Extras - Additional links, reads and articles if you wish to explore.
Disable telemetry in Windows 10 in Home and Pro-
http://winaero.com/blog/how-to-disable-telemetry-and-data-collection-in-windows-10/Open Source Windows 10 Privacy Programs-
https://github.com/Nummer/Destroy-Windows-10-Spying-
https://github.com/10se1ucgo/DisableWinTracking-
https://github.com/W4RH4WK/Debloat-Windows-10Windows 10 VPN Users at Big Risk of DNS Leaks-
https://www.bestvpn.com/blog/28318/warning-windows-10-vpn-users-at-big-risk-of-dns-leaks-2/-
http://www.qwealthreport.com/windows-10-users-beware-of-this-new-security-risk/Peer Block-
http://www.peerblock.com/Extra Reads and Information-
http://thenextweb.com/microsoft/2015/07/29/wind-nos/#gref-
http://www.theguardian.com/technology/askjack/2015/aug/15/windows-10-microsoft-should-privacy-problems-worry-me-
http://www.digitaltrends.com/computing/windows-10-privacy/-
http://lifehacker.com/what-windows-10s-privacy-nightmare-settings-actually-1722267229-
https://www.youtube.com/watch?v=r8_kXzTjU0k-
https://www.youtube.com/watch?v=goy0jBquW10-
https://fix10.isleaked.com/-
http://thehackernews.com/2015/08/secure-install-windows-10.htmlSome Goodies-
https://i.imgflip.com/ou470.jpg-
https://i.imgflip.com/ou4lq.jpg-
https://i.imgflip.com/ou470.jpg-
https://i.imgflip.com/owi6h.jpg-
http://i1-news.softpedia-static.com/images/news2/this-windows-10-joke-just-won-the-internet-491641-3.jpg-
http://memecrunch.com/meme/8U4EU/windows-10-is-free-right/image.gif?w=400&c=1
Conclusion
Thank you for reading. Please respect people who favor their privacy, if you don't agree I ask you to please leave and don't flame at people with standards towards their own privacy online.
I do hope that Linux kicks off more in the future and more support for better programs and games are produced with open source software in mind, as really that is the only way we can know for sure if we are safe.
I may add to this list and update it every now and then or if there is anything you can think of to add please feel free to post in this thread with suggestions. Sorry for any grammar or spelling, I did not have time to proof read all of this, please let me know if anything is wrong. Furthermore if you need help with any of the above feel free to ask away. I am happy to help.
Updates
(18/01/2016)
-Spelling, grammar and sentence changes.
-Added recommendation to use another Windows 10 Anti Spy program in the advanced tab.
(10/01/2016)
- Added a new open source Windows 10 spy program, removed copy of one as well.
