Protect your privacy: Recommended Windows Privacy Settings
Since the launch of Microsoft Windows 10. Actually retroactive even since, Windows 7 and 8 (with an aftermarket update). There are questionable privacy concerns regarding Windows. As manufacturer Microsoft is actively deploying telemetry. In other words: The company is gathering far-reaching personal data about you.
These are data that, in combination with other data, can tell something about a person. Or in other words, can be traced back to a person. By logging various computer-related activities of you. The collection of personal data is comprehensive. The Dutch government declared Office and Windows, most probably to be in violation of the General Data Protection Regulation (GDPR (article in Dutch).
"The assessment, carried out by the Ministry of Justice and Security, revealed that data provided by and about users was being gathered through Windows 10 Enterprise and Microsoft Office and stored in a database in the US in a way that posed major risks to users’ privacy".
Are Microsoft products GDPR compliant?
"To modify its products such that their use for the Dutch government within the context of the GDPR and other applicable laws and regulations".
Microsoft indirectly confirms that Windows is not GDPR compliant. After all why are you going to modify a product "within the context of the GDPR", that should already be GDPR compliant? And to an adjacent probability is not GDPR compliant at this moment. If a large and powerful customer demands it, suddenly it can be done. While the home user is left with a data hungry system that is inadequate and not compliant.
External analyses also confirm a unified conclusion on both Office and Windows. The operating system in its present form, cannot meet the set requirements of the GDPR. In addition, there is a plausible privacy risk, when using the software:
"Microsoft systematically collects data on a large scale about the individual use of Word, Excel, PowerPoint and Outlook. Covertly, without informing people. Microsoft does not offer any choice with regard to the amount of data, or possibility to switch off the collection, or ability to see what data are collected, because the data stream is encoded".
"Similar to the practice in Windows 10, Microsoft has included separate software in the Office software that regularly sends telemetry data to its own servers in the United States. For example, Microsoft collects information about events in Word, when you use the backspace key a number of times in a row, which probably means you do not know the correct spelling".
Also abroad by Dutch neighbor and fellow European member: Germany's The (Federal Office for Information Security, German: Bundesamt für Sicherheit in der Informationstechnik (BSI); Has similar doubts about whether Microsoft products comply with the GDRP:
"Germany’s Federal Office for Information Security has already expressed concern that Windows 10 and 11 operating systems collect telemetry data, including typing data and even speech-to-text".
Windows diagnostic data gives users a voice
Gross of the data is used to improve the user experience. Marketed in a tasty sauce as: "Diagnostic data gives users a voice". Perhaps what they mean by "a voice" that you are the product. An advertising profile is created. By tailoring ads to the user's current location and habits. You could expect advertisements in Windows, Edge or third-party apps and services with access to your advertising ID. For example, if you often visit the website of the local fish and chips shop. You may be served ads from a competing fish and chips shop nearby.
And as your profile confirmed your fast food habits. Ads about weight loss, sport and exercise. Of course Microsoft can also start developing an app. Having analyzed that competing app A or B from competitor A or B is being used a lot. Since the company can monitor application usage. To then promote its own app in the start menu. And analyse and combine data (current location, surfing, typing, voice, app usage etc.) obtained from multiple sources even one step further. To create the ultimate, all-encompassing user profile. As personal data is the new gold.
Analysis of telemetric data
Analysis reveals that an unmodified Windows computer sends unprecedented amounts of data to Microsoft's telemetry servers. Including telemetry servers from the Netherlands, the United States and Ireland.
"On a Windows 10 without system hardening. In some cases, data was sent up to 15 times per hour! The unhardened Windows 11 system sent 448 data packets to Microsoft in one week".
Since European data is processed and stored outside the European Union, in the United States. In addition to the unsolicited and unclear collection of indirect personal data. Windows seems not to be GDPR compliant. Apparently already on two key elements.
On the way to a privacy friendly Windows
Setting up a privacy friendly Windows starts simple. Logging in as a user for the first time. The operating system asks a number of questions about privacy-related settings. We recommend answering these questions as follows:
- "Let Microsoft and apps use your location". Choose the option: No.
- "Find my device". Choose the option: No.
- "Send diagnostic data to Microsoft". Choose: Send Required diagnostic: and choose the minimum of data processing. We will return to this topic later.
- "Improve inking & typing". Choose the option: No.
- "Get tailored experiences with diagnostic data". Choose the option: No.
- "Let apps use advertising ID". Choose the option: No.
- "Le'ts customize your experience". Choose 'no items' and thereafter 'skip'.
Specific Windows related privacy settings
Unfortunately, after setting the available settings, provided by the manufacturer. There are more than enough telemetry related servers that are accessed by Microsoft. Probably personal data will still be transmitted. Despite the fact that you refused as many data settings as possible. In order to avoid data transfer of a personal nature.
There are two more specific options, to set Windows even more privacy friendly. This can be done fully automatically, yet unattended (you don't know exactly what changes) with an app. Or take some time to set up the system manually, privacy friendly. Where you could set each individual policy yourself. So know what's going on (as far as possible). The choice is up to you.
Windows privacy friendly, with an automatic application
You could use an application like: O&O ShutUp10++ to easily and quickly setup Windows 10 and 11 to be privacy friendly. Back-up the computer registry beforehand, of course. Security above all else. Download the O&O ShutUp tool and simply run it.
- Choose Actions > Apply only recommended settings. And confirm with Ok.
- Close the app and restart Windows.
You are now done very easily and quickly.
Don't push to hard is our recommendation. Enabling too many settings, (non recommended) can diminish the computing experience. You could test settings, one at a time. On a test computer first before implement it permanently.
Some alternative tools with similar functionality, albeit not tested, nor comprehensively described are:
- W10Privacy: "Privacy made easy".
- WPD: "Privacy dashboard for Windows".
- Privatezilla: "To perform a quick privacy and security check".
- Privacy.sexy: "Enforce privacy & security on Windows and macOS".
- WindowsSpyBlocker: "To block spying and tracking on Windows systems".
Try them out if O&O ShutUp doesn't meet your expectations.
Manually setup Windows privacy friendly
If you want to know exactly on how, what and why you set something up in Windows. You can manually tune Windows into a privacy friendly operating system. It takes a little more time. But the positive upside: You will know exactly what you have configured.
There are several manuals available for this that explain how and what for each specific step. Microsoft has its official manual on words of privacy. Which they had to make available and transparent after a demand from the European union. If you don't trust their manual for some reason. The German BSI has its own (article in German) manual. If you want to optimally secure Windows as well. The same BSI also has a Windows Hardening Guideline.
To conclude. Any application that is not used. And is still running in the background, could be a potential privacy risk. You may want to consider uninstalling unnecessary apps. Enroll in our free debloating course. If you want to learn: How to debloat Windows. And as Windows does support Android smartphones with it's own Phone Link app. If you are an Android smartphone user and Windows user simultaneously. You should read our ultimate guide to tweak Android privacy friendly. Thus, all computers, laptops, tablets and smartphones within your environment could be all privacy friendly. The ultimate digital-final solution.
The guide to restore your online privacy!