The Windows 10 Anniversary Update has dropped, bringing a significant number of under-the-hood changes to the operating system. We’ve written many times about Windows 10 privacy issues over the past year, but haven’t gathered up our recommendations and strategies into a single story until now. Want to lock down your install and improve security? You’ve come to the right place.
Before we get started, there are two ways to talk about Windows 10 privacy, both of which are valid. The first one is to go hardcore: There are steps you can take to block Windows 10 from phoning home to Microsoft, or relaying any telemetry at all, even for home users. But those methods also require some fairly sophisticated additional tools, or at least a deeper understanding of Windows functions than many users may be comfortable with. For example, one challenge with locking down Windows 10 is that certain URLs are hardcoded into the operating system and can’t be blocked by any changes to your PC. These URLs can only be locked out via a separate firewall or by modifying your router to do so (if your router supports this function). Furthermore, there’s no practical way to prevent Microsoft from pushing an update that changes the addresses and obviates the bypass you had set up.
So let’s put that aside, and for now go the other way, in a simpler direction. Without going to more drastic measures, we’ll show you can lock down your own system far more than it is after a stock Windows 10 install and ensure your data stays local. The truth is, Microsoft offers a great deal of fine-grained options with Windows 10 — including the ability to adjust privacy settings in ways that were sorely lacking in previous versions of the OS.
A step above Windows 8When Windows 8 was under development, Microsoft repeatedly highlighted how it would require applications to disclose how they accessed and used user information. This turned out to be a meaningless feature, because while MS did indeed require applications to disclose the data they gathered, it gave the end user no actual choice or control over how that information was used.
Windows 10 isn’t quite as robust as some might like, but Microsoft does offer a number of fine-grained, application-level controls. We’ll touch on some of the specific areas of interest below, but most of these sections follow a common format. Each menu item offers you the option to control privacy settings for that device or capability and most can be fine-tuned at the application level. Windows 10’s Anniversary Update will let you decide to share your microphone with Skype, for example, but not with any other program.
The “General” privacy page contains a number of high-level options you’ll want to disable. Turning off the Advertising ID prevents Windows 10 from tracking you across multiple applications and showing you ads that cross app boundaries. For example, if you click on a number of ads in Application A, MS would like to remember that and show you similar ads in Application B.
Turning off Smart Screen actually isn’t recommended, but I’m taking these screenshots off my own rig and I keep it disabled here, because it’s got a nasty habit of blocking benchmarks and other products I use for work. If you don’t need to shut it off, you shouldn’t do so. The other options on this page allow MS to share and synchronize data between applications so you could open an application on one laptop, then continue using it on a different machine.
I’ve left the languages option checked because I don’t care if Microsoft knows I speak English. If you do, this can also be disabled.
Next up: Location. The first options on this slide allow you to control how location settings are set for each account on a machine. You can turn Location Services off globally, or allow the function to run but control it on an application-by-application basis. If you want Windows to be able to give you general information by, say, zip code as opposed to your street address, you can also enable or disable that function. Finally, you can choose to set a default location if you don’t want to give precise information but still want the computer to know what city you live in.
Scroll down from these options (not shown) and you can set your location data on an application-by-application level. Geofencing — knowing whether a system has crossed into or out of a specific location — can also be controlled in this fashion. Microsoft tells you if any applications on your system use geofencing (none of mine do, so I can’t really show the outcome).
Speech, Inking, and Typing is an extremely important section for locking down your own privacy. You’ll see various options on this page depending on whether Cortana is currently enabled on your system. While you can’t completely disable Cortana on Microsoft 10, that’s partly because of how Microsoft has combined its “Search” functionality with Cortana’s capabilities.
This needs to be unpacked a bit. Before Windows 10 Anniversary Update, Microsoft referred to desktop search as “Search,” and Cortana was its digital assistant. Microsoft has since unified search and Cortana and now refers to the entire edifice as Cortana. So in one sense, no, you can’t turn “Cortana” off, because Cortana now encompasses both desktop search and the personal digital assistant. But you can refrain from using Cortana’s digital assistance capabilities, and you can deactivate her ability to gather data about you.
If you want to turn Cortana off and the box in this window reads “Stop getting to know me” instead of the reverse, you can click that box to disable her, and then visit your Bing personalization page to wipe information Cortana has previously gathered about you, wipe your search history, or delete previous interests and news items you’ve told Bing to aggregate on your behalf.
Other Devices contains some additional information you’ll want to check. This is where Microsoft sets permissions related to how data is shared across devices. You can choose to allow apps that synchronize across devices to use that functionality here, enable automatic content sharing for trusted devices, and enable or disable the Media Transfer Protocol (MTP). The Windows 10 Phone Companion application can also be enabled or disabled from this screen.
The Feedback and Diagnostics panel gives you several important options regarding Windows feedback and the collection of telemetry. Telemetry gathering can’t be completely turned off in Windows 10, but you can dial it back to the most rudimentary level, Basic, that Microsoft allows.
Moving beyond Windows 10’s privacy settingsWe’ve covered the various options embedded in Windows 10’s own settings. Windows 10 Pro owners have the option to make some additional changes via Gpedit.msc, but Microsoft doesn’t ship the Group Policy Editor on Windows 10 Home. Gpedit.msc can be acquired online, but it’s not the easiest or simplest way to make certain changes to Windows 10’s privacy settings.
One alternative is to download a third-party utility that can make certain changes for you. There are a number to choose from, though some may not work with Windows Anniversary Update. One we can confirm does work is Spybot’s Anti-Beacon for Windows 10:
Anti-Beacon is specifically designed to block Microsoft’s telemetry gathering, which puts it in a different category from the application-level privacy we’ve been discussing. While it’s far from the only tool in use to lock down Windows 10, it’s one of the few produced by a known software house (Spybot is also responsible for Spybot Search and Destroy). We recommend giving it a look if you want to further control what Windows 10 does and doesn’t share about you in the future. Be advised that if you choose to block Bing URLs, you won’t be able to access the search engine at all (the option to block Bing is in the “Optional” tab.)
Questions? Comments? Other issues you’d like us to address? Sound off in the comments and let us know.