
Fix Windows 10 Privacy - jlg23
https://modzero.github.io/fix-windows-privacy/
======
kgtm
I'm sorry but this is crap.

Any amount of service toggling and hosts file stuffing will not suffice. It
just screams ignorance. As a software developer you should understand that
plugging holes in a black box is a futile effort. All these tools are doing is
giving a false sense of privacy, that the next update will undo by flipping a
switch or installing a new service.

If you think the OS is violating your privacy, stop using it or remove it from
the Internet. Or both. It's the only way.

Edited to add: If you actually like Windows (I do), just switch to the
Enterprise Edition and dial Telemetry down to "Security". Here is an
explanation of what little is then shared, and how to even further minimize
your footprint: [https://technet.microsoft.com/en-
us/itpro/windows/manage/con...](https://technet.microsoft.com/en-
us/itpro/windows/manage/configure-windows-telemetry-in-your-
organization#security-level)

Edit to address the availability of the Enterprise Edition: If you are not
able to get it via your $JOB, a valid key from MSDN surplus shouldn't be more
than $50 if you look around. Of course you'd then be bending the EULA in your
favor, but hey, since Microsoft is spying on everyone against their will I
think it is fair game, right?

~~~
belorn
The reason why people will continue using a OS that they dislike and distrust,
is the same reason why people don't switch to an Free and open source OS. Too
much software is _exclusively_ on windows, and that forces the user onto that
sticky platform regardless of user preference.

Its the same reason why people who dislike and tries to block advertisement
don't simply stop consuming contents that contain advertisement. They don't
want to turn into hermits that live on a mountain away from the web, TV, mail,
email, radio, billboards, milk cartons, the sky, and practically everywhere
where a company can stick a advertisement on something. It is an imperfect
solution to an imperfect world.

~~~
WayneBro
> The reason why people will continue using a OS that they dislike and
> distrust...Too much software is exclusively on windows...

Is there any room in your opinion for people who love Windows and think it's
better than any other OS that is currently available? Because that's why I
stick with it, despite having some very minor issues...

Also, the reason that I don't switch to a Free and open source OS for my
desktop is because they all suck. They're slower and clunkier than Windows and
they don't have the features that I want.

All of my Windows issues were solved by simply toggling features via Settings
and Group Policy though. I think there is one setting that you need the
Enterprise version to toggle and that is Telemetry. However, you can disable
that service manually too -
[http://www.thewindowsclub.com/windows-10-telemetry/](http://www.thewindowsclub.com/windows-10-telemetry/)
Of course disabling Telemetry causes you to lose Cortana, the Windows Store
and any use of your Microsoft Account - but I don't use any of that crap
anyway and anyone who does want to use that stuff wouldn't care about the
basic Telemetry data that gets collected, which is detailed here -
[https://privacy.microsoft.com/en-US/windows-10-feedback-
diag...](https://privacy.microsoft.com/en-US/windows-10-feedback-diagnostics-
and-privacy)

~~~
shakna
Slower...?

I really don't understand how something that can run on less than a Pi can
feel slower on consumer hardware than something that requires beefier specs.

For example, I _never_ have to wait for my file manager to open. Not half a
second.

Secondly, though Microsoft details the telemetry, its encrypted before the
user can see it. You have to trust a company, that have a habit of bending
over backwards for the US's clandestine organisations. It can't be verified.

~~~
WayneBro
I'm judging by the speed of the apps that run on top of the OS not the OS
itself. Desktop apps specifically.

For example, all of the browsers run slower and are klunkier on Linux.

I'm with you on the telemetry. I just disabled it via the registry though.
That option works on all editions of Windows unless I'm mistaken... which I
very well may be since I did not go to very far lengths to verify that my
machine is not sending back anything. However, I am not worried about US
clandestine operations because there's nothing I can do about them anyway.
They are into everything around you, not just Windows.

In my opinion the greatest threat is not spying on you. The thing you should
be worried about the most is psychological warfare. They are not supposed to
be running psychological operations on US soil, but it's so obvious that
nobody follows that rule. TV, movies, news...all of them are used to program
people. Honestly, there's nothing you can do about that either unless you are
seriously rich and very well-informed.

~~~
shakna
Sorry you've found everything slower!

Spying leads to manipulation, true. But my fear is based on _not_ living in
the US. And disabling regkeys doesn't stop 5gb of telemetry going to MS a day.
Which I find just a tad excessive.

~~~
WayneBro
Well I have a very nice router that shows me all of the traffic on my network
and I certainly do not see 5 GB of data going to Microsoft on any day.

------
prplhaz4
All of this "help" for "fixing" Windows 10 privacy issues seems to be based on
the "don't worry, I know best" method rather than actual facts explaining the
effect each of the items being disabled.

I like using Cortana and Windows Store apps. I like being able to provide bug
reports when something hangs.

I don't like the idea of any data going to the mothership that doesn't have an
obvious effect on my day to day computing. I'm especially leery of anything
that requires (arbitrarily defined) personal information.

I also don't have time to research every one of these registry keys or
policies...soooo...thanks for doing some of the work!

~~~
cm2187
I am actually quite happy that someone else than me is trying new drugs before
they are widely used as a treatment. I have mixed feelings about Microsoft
using consumers as beta testers.

~~~
pryelluw
Most other companies are doing it. Software now is seen as road construction.
Always under way and never done.

~~~
cm2187
Yeah but Microsoft should have catch the start menu hang plaguing windows 10
recently before it goes into production.

And I am not sure that "everyone else does it" is a good reason. Everyone else
does nagging. Apple nags again and again for its icloud, apple pay, apple
music, etc. I get some nagging for using instagram all over my facebook feed.
Microsofts nags me for using edge, onedrive, etc.

But "the others do it too" doesn't make a good product.

~~~
pryelluw
They should absolutely fix it. But they just fall back to the "everyone is
doing it, so why not us" attitude. I've seen companies include phone-home
features after win10 rolled out theirs.

------
namanspace
This is not something new. There are a lot of tools avaiable on GtiHub which
are far better than this tool. Infact, the first tool I used was Nummer's DWS
[1] (stil the best one out there).

[1] [https://github.com/Nummer/Destroy-
Windows-10-Spying/](https://github.com/Nummer/Destroy-Windows-10-Spying/)

[2]
[https://github.com/WindowsLies/BlockWindows](https://github.com/WindowsLies/BlockWindows)

[3] [https://github.com/W4RH4WK/Debloat-
Windows-10](https://github.com/W4RH4WK/Debloat-Windows-10)

[4]
[https://github.com/dfkt/win10-unfuck](https://github.com/dfkt/win10-unfuck)

~~~
alister
If I were to run just one of those tools, I'd pick the original article.
That's because his plain English description is far better than the others. He
starts off with "What & Why?" and explains what problem he's solving; the
others jump in with words like "remove all spyware modules".

Even for very technical people, unless we're willing to analyze the source
code, a good clear description (and reviews) is how we're going to decide
which product to try.

~~~
w4rh4wk5
Author of [3] here, you are right, I do skip the what & why, on purpose. I
think there a far better places to learn about the whole spyware / telemetry
and privacy topic, even better than the original article. [3] is made for
admins which already know what they want (and why) to help them kickstart
their own setup scripts. They are advised to read the scripts themselves
instead of an inaccurate explanation.

I do not intend to sell you the project. (Sell in the sense of talking you
into using it. Either it's what you are looking for or you need something
different. And I will not waste your valuable time if you need something
different.)

[3]: [https://github.com/W4RH4WK/Debloat-
Windows-10](https://github.com/W4RH4WK/Debloat-Windows-10)

------
RainCloud
"What is normality with Apple since long and apparently has been accepted by
OSX users..."

As far as I know, OS X asks for permission for diagnostic data collection on
first boot and can be turned off anytime. Unlike Windows, on OS X the data
collected is not stored encrypted and can be inspected. They are not
equivalent.

~~~
givinguflac
Seriously. People just irrationally hate on Apple no matter how far they'll go
to trumpet user privacy from the rooftops. There is tons of objective evidence
of Windows spying, yet no sources for this claim about macs. SMH.

------
ralmidani
It's surprising and sad how much drama people are willing to put up with
rather than switch to GNU/Linux. (edit: some) People are willing to get
unlicensed copies, exposing themselves to legal consequences and malware,
rather than use a free (as in freedom and price) operating system.

~~~
maouida
I tried many times to use Ubuntu as my main machine but I always go back to
Windows. Why? more than 4 times when I run a system Upgrade it fails and I end
up with a broken system.

The other thing that holds me back is the UI. Hundreds of Themes available but
I always see them as "cartoonish" themes that are not well though of.

~~~
JustSomeNobody
Windows brakes on updates also[0]. It's all about knowing the system well
enough to fix it when it does.

[0] Heck, Windows breaks on reboots! Sometimes when I reboot, it either
forgets my bluetooth or my wireless. And by forgets, I mean it doesn't think
the hardware even exists. Multiple machines, multiple vendors, so it's not
just one odd computer.

~~~
ctrl-j
Well, anecdotal evidence is anecdotal.

Rough count, I've worked with 30+ different windows machines over the last few
decades. I have never seen the problem you are describing. I'm not saying
you're not having it, I'm just saying it's not necessarily a common event.
Maybe you live/work somewhere with a lot of EM interference?

~~~
JustSomeNobody
No, not just my machines either. Work machines across the country out in the
field have issues with Windows forgetting hardware[0] (network, wifi,
bluetooth).

I think people just get used to Windows' issues and don't recall how many
times they have to deal with them.

[0] At least once per week out of several hundred machines.

~~~
ctrl-j
> I think people just get used to Windows' issues and don't recall how many
> times they have to deal with them.

I can recall a lot of issues that I've had with windows. I can tell you with
certainty that I've never had a device go missing from the device manager.

I've had printers have trouble being discovered after they are unplugged. I've
had driver updates cause hardware to stop working. I've even had windows
updates completely mess up my windows installation.

But I've never had the issue you are describing.

> [0] At least once per week out of several hundred machines.

You're saying you have a greater than 1% occurrence rate per year? Google
doesn't show the issue in the first three pages for me with the query "Windows
forgets network hardware." Have you opened a Microsoft support ticket? I mean,
if you're losing device drivers every week, that's man hours your burning! I
would want to get that fixed ASAP!

------
lingben
not to be glib but the best way to fix windows 10 privacy issues is to stop
using windows 10 and switch to linux, there are many user friendly, mature
distros out right now and they are only getting better: ubuntu, linux mint,
arch, manjaro, openSUSE, centOS, etc. as well as up and comer new distros like
elementary

~~~
warcode
Please write the tutorial to run all windows games (at the same performance
level) on linux and we're talking.

~~~
jhasse
Dual-boot ;)

~~~
invokestatic
That doesn't solve the privacy problem, then.

~~~
crdoconnor
If all you're doing on the OS is playing games there's not much privacy to
violate.

------
makecheck
It doesn’t really matter if off-switches exist, the problem is that the
features are there to begin with.

In any piece of code, a switch is a point of added complexity. For ANY such
toggle:

\- The switch might not be saved correctly.

\- There can be a regression where the switch stops working in the future.

\- The switch, despite being “saved” correctly and displayed by a reassuring
checkbox in a GUI panel, might not actually be CONSULTED in all the places it
needs to be consulted (resulting in default-on, default-off or “whatever the
developer of that component felt like” in various components across the
system).

\- There can be a regression in any one of the components consulting the
switch in the future, leading to an inconsistent combination of things that
may or may not check for this setting over time.

When they give over 100 options, I assume 50 of them don’t work and that they
have no real incentive to make sure the other 50 keep working.

About the only thing you can trust is a single on/off switch for the _whole
thing_ , while simultaneously checking a bunch of low-level things (regularly
blocking unwanted hosts, logging network activity, etc.).

------
jlg23
TL;DR: Fix Windows 10 Privacy can be used via a GUI or the commandline. Right
now it implements about 130 rules, which keep Windows 10 in check, regarding
data protection.

And: OneDrive Cloud users or users of others of the above mentioned features
should refrain from using this tool at this time, because the functionality of
these services will be limited or disabled after running it.

~~~
brudgers
Reading through the article, it seems like I remember Windows 10 exposing all
of these settings to the end user.

~~~
yAnonymous
"Do you not want to disable spy feature X? Yes means no and no means yes.
YES/NO"

The wording on these options is deliberately misleading and there are way too
many of them in different places. Microsoft know full well that everyone would
just click "NO" when asked whether to activate all these telemetry tools in
simple language.

~~~
brudgers
I recall the experience as straight forward. I'm curious about examples of
misleading setting descriptions.

~~~
yAnonymous
It starts with the 'customize' button being almost illegibly small, hidden and
not even looking like a button, compared to the 'use express settings' one.

------
eklavya
I couldn't imagine having to fight paid software to not invade privacy like
that some time ago. Things have gotten out of hand, it's a sad time. How did
it come to this?

~~~
oridecon
It's been like this for ages, it's like that stain in the ceiling you never
noticed before.

Oh, and if you start digging you'll get even more angry. Things you trust
without thinking twice (not really but you get the idea) is also compromised
or doesn't have a practical alternative: hardware, TPM, certificates, your
smartphone hardware and software, ∞

(I'm no expert, I just like to complain about it)

~~~
eklavya
Yeah, I think those "fanatics" were right all along. Ignorance is bliss.

------
jaclaz
Side note: The Author has invented a BSD 2-Clause license, making it a 2+1
non-BSD license, by adding: NON-MILITARY-USAGE CLAUSE Redistribution and use
in source and binary form for military use and military research is not
permitted. Infringement of these clauses may result in publishing the source
code of the utilizing applications and libraries to the public. As this
software is developed, tested and reviewed by _international_ volunteers, this
clause shall not be refused due to the matter of _national_ security concerns.

~~~
compuguy
This is disappointing, because some of us do work as contractors, or a
civilian employees for military agencies. This is the same issue with Mosh
(which uses a patented library with a restriction on military use).

------
walterbell
Microsoft officially ended OEM sales of Windows 7 with new Skylake hardware on
Oct 31, but there are still some WIndows 7 OEM devices left in retail
channels. Some effort is still needed to remove telemetry updates from Windows
7, but you get the benefit of compatibility with existing apps and very few
global ongoing changes to your work environment. If you buy a new Skylake
device now with Windows 7, you will receive security updates through 2019.

~~~
jlgaddis
Recently (just within the last couple of days), I've been thinking about
setting up a Windows 7 Enterprise VM for occasional use. Am I correct in
understanding that this telemetry crap is going on in Windows 7 also!? I don't
really keep up-to-date on it (I use only OS X and Linux on the desktop) but I
was under the impression that only Windows 8 and Windows 10 were affected by
this telemetry ("spying", IMO) issue?

~~~
walterbell
Telemetry was aadded to Windows 7 around Aug 2015,
[https://news.ycombinator.com/item?id=10110155](https://news.ycombinator.com/item?id=10110155).
With a bit of effort, most of the update KBs can be identified and manually
removed. It's still a pain though, because there are many sites with
conflicting claims about which updates can be removed safely. I also found at
least one update that reinstalls itself after removal.

Since then, Microsoft has moved to monthly updates which combine security
fixes + functional changes. If you want only security fixes, you need to
disable automatic updates and download a separate security-only monthly
rollup.

It's a shame, but we're approaching the point where we will need to whitelist
all outbound traffic using a firewall that is external to the operating
system. Anything that isn't whitelisted should be blocked, logged and audited.
Someone should start a VPN service that blocks Microsoft, Google and Apple
telemetry. If we had regulators, telemetry could be forced to use stable
domain names to enable network filtering, and telemetry traffic would be
unbundled from application traffic.

~~~
jlgaddis
Thank you.

I thought maybe I wouldn't have to worry about the telemetry (read: "spying")
too much if I stuck with Windows 7 Enterprise (although it wouldn't be on a
domain), but apparently that's not entirely true.

I have media that has SP1 slipstreamed and saw that there was a
"comprehensive"(?) update that Microsoft put out, reducing the need to
downloads hundreds of updates. I'd have to double-check the date on it but I
think it was recent enough to include some of the updates you mentioned.

I suppose I had gotten my hopes up that I could just install a volume licensed
copy of Windows 7 Enterprise and "be okay". I should have known better. :/

------
cm2187
It doesn't need to be an installer, it would be great to have a standalone
executable version too.

~~~
UnoriginalGuy
Frankly it could just be a folder with a bunch of *.reg files in it and a
ReadMe explaining what each one does...

~~~
cm2187
or a .cmd file with some comments

------
LeoPanthera
How does this compare to ShutUp10, which I've been using for months?
[https://www.oo-software.com/en/shutup10](https://www.oo-
software.com/en/shutup10)

------
ape4
How much bandwidth does does all the "Telemetry" take?

~~~
rasz_pl
That depends. Usually very little (single KB/s or less), but W10 is able to
produce (write to disk) over 1GB/day of logs/traces/dumps that sits there and
waits to be requested by the mothership.

------
UnoriginalGuy
Yet another "helper" that diminishes computer user's computing experience for
the sake of supposed privacy, then just sets completely arbitrary policies
that have nothing to do with transmitting information back to Microsoft.

This program will mess up most Windows 10 installations. In ways that may take
you months or even years to ultimately notice.

Let's look at some of these rules:

\- "[Disable] Let websites provide locally relevant content by accessing my
language list." Meaning websites cannot provide a translated version that
you'll want (e.g. if you visit a Chinese website, they may not provide an
English translation since you aren't sending the language list).

\- "[Disable] Let apps access/control my
camera/location/contacts/microphone/etc." Breaks all apps that use the custom
permissions (e.g. Skype). With it enabled they would still prompt you for per-
app permission (camera, location, contacts, etc), with it disabled they're
treated like you don't have a camera/microphone/etc at all... But only for
modern apps, Win32 can still access the camera/contacts/etc. Effectively
you're just breaking all modern apps on Win10.

\- Turn back on outdated insecure Bitlocker encryption, turn on incompatible
Bitlocker modes, and turn on Bitlocker modes that only exist in higher
versions (e.g. enterprise edition). Uhh, k? Why are they dicking around with
Bitlocker policies?

\- Encrypt the page file (Even on Bitlocker enabled systems?).

\- Disable auto-complete, password manager, and other useful browser
functionality in Edge & IE. Also clear browser history upon exit (i.e. break
browser history).

\- Actually disable OneDrive via GPO (i.e. don't just limit it, kill it).

\- Break automatic web proxy configuration (may kick certain people offline
depending on network setup).

\- Disables SshBroker (SSH Sever) because, reasons..?

Just go look in the source code. This is amature hour. Someone's just gone
through GPO, set a bunch of stuff without understanding what it did, noted
down the corresponding registry changes and built this wrapper around it. But
they never understood the GPO policies to begin with! Disabling the IPv6
helper may also kick people offline (even if it is very niche, what does that
have to do with "privacy," what do 80% of these changes have to do with
"privacy?").

I wish this nonsense didn't get upvoted on HN.

