Windows 10 Privacy Guide - Creators Update

Introduction

Windows 10 has raised several concerns about privacy due to the fact that it has a lot of telemetry and online features. In response to these concerns, Microsoft released a document explaining exactly what data they collect. Most of it seems pretty legit stuff, but still, if you don't trust them, here's how to prevent Windows 10 from sending all your data to Microsoft.

Please note that not all of these changes can be reverted. If you mess up, you'll have to reinstall Windows.



Last update: July 25, 2017

Do not use the default settings

At the end of the setup process, create a local account, don't use Cortana and turn off everything in the privacy settings. If you already installed Windows with the default settings, go to Start > Settings > Privacy to turn them off. You should also go to Account and disconnect your Microsoft account because this guide will prevent it from working properly.

Let it download all the updates

Once you get to the desktop, go to Settings > Updates and security, and let it download all the updates. Reboot and repeat until no more updates are available.

This is important because Windows Update may interfere with our activities.

Now open the Store app, and let it download updates too.

Again, this is important because it may interfere with our activities.

This may take some time, and it may even get stuck. If it happens, reboot and try again.

Now that the system is fully updated, make sure Windows is activated with your license (or KMSPico).

Remove everything you can

Open the start menu and remove all the applications. Some of them, such as Microsoft Edge, will not have an uninstall option; we'll remove them later.

What's important now is to remove all the OEM software and the shitty games like Candy Crush and Minecraft.

Power tools

Here's what we need: Install_Wim_Tweak : Download this archive and extract it to C:\Windows\System32. This is an amazing tool that can obliterate entire Windows components with simple commands

We need a command prompt, so click start, type cmd and run it as administrator

We will also need PowerShell, so click start, type PowerShell and run it as administrator

Removing Windows defender

In the command prompt, type: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f

reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f

reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /f

reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f

install_wim_tweak /o /c Windows-Defender /r

This will take 1-2 minutes. After that, reboot and reopen our command prompt and PowerShell. Windows will keep reminding us that the system is unprotected. Click Start, type Control Panel and open it, go to System and Security > Security and Maintenance, and turn off messages about virus protection. Unfortunately, the Windows Defender icon is still present in the start menu, although it does nothing. I have yet to find a way to remove it.

Removing features

We will use our command prompt and PowerShell to remove everything we can.

The commands in green are for the command prompt; the ones in blue are for PowerShell. Windows Store Get-AppxPackage -AllUsers *store* | Remove-AppxPackage

install_wim_tweak /o /c Microsoft-Windows-ContentDeliveryManager /r

reg add "HKLM\Software\Policies\Microsoft\WindowsStore" /v RemoveWindowsStore /t REG_DWORD /d 1 /f

reg add "HKLM\Software\Policies\Microsoft\WindowsStore" /v DisableStoreApps /t REG_DWORD /d 1 /f

Music, TV, ... Get-AppxPackage -AllUsers *zune* | Remove-AppxPackage

Additionally, you should remove Windows Media Player: go to Start > Settings > Apps > Manage optional features, and remove Windows Media Player Alternatives: MPC-HC | VLC | MPV Xbox and Game DVR Get-AppxPackage -AllUsers *xbox* | Remove-AppxPackage

You can ignore any error that pops up install_wim_tweak /o /c Microsoft-Xbox-GameCallableUI /r

sc delete XblAuthManager

sc delete XblGameSave

sc delete XboxNetApiSvc

sc delete XboxGipSvc

schtasks /Change /TN "Microsoft\XblGameSave\XblGameSaveTask" /disable

schtasks /Change /TN "Microsoft\XblGameSave\XblGameSaveTaskLogon" /disable

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v AllowGameDVR /t REG_DWORD /d 0 /f

Additionally, go to Start > Settings > Gaming and turn off everything. Sticky notes Get-AppxPackage -AllUsers *sticky* | Remove-AppxPackage

Additionally, go to Start > Settings > Gaming and turn off everything. Alternatives: Notebot Maps Get-AppxPackage -AllUsers *maps* | Remove-AppxPackage

sc delete MapsBroker

sc delete lfsvc

Alarms and Clock Get-AppxPackage -AllUsers *alarms* | Remove-AppxPackage

Get-AppxPackage -AllUsers *people* | Remove-AppxPackage

Mail, Calendar, ... Get-AppxPackage -AllUsers *comm* | Remove-AppxPackage

Get-AppxPackage -AllUsers *mess* | Remove-AppxPackage

Alternatives: Thunderbird OneNote Get-AppxPackage -AllUsers *onenote* | Remove-AppxPackage

Photos Get-AppxPackage -AllUsers *photo* | Remove-AppxPackage

Alternatives: JPEGView, or the old Windows Photo Viewer Camera (if you don't have a camera) Get-AppxPackage -AllUsers *camera* | Remove-AppxPackage

Ignore the errors that pop up Weather, News, ... Get-AppxPackage -AllUsers *bing* | Remove-AppxPackage

Calculator (Not recommended) Get-AppxPackage -AllUsers *calc* | Remove-AppxPackage

Alternatives: SpeedCrunch Sound Recorder Get-AppxPackage -AllUsers *soundrec* | Remove-AppxPackage

Alternatives: Audacity Paint 3D and VR features install_wim_tweak /o /c Microsoft-Windows-Holographic /r

Reboot and reopen our command prompt and PowerShell Get-AppxPackage -AllUsers *holo* | Remove-AppxPackage

Get-AppxPackage -AllUsers *3db* | Remove-AppxPackage

Get-AppxPackage -AllUsers *3dv* | Remove-AppxPackage

Get-AppxPackage -AllUsers *paint* | Remove-AppxPackage

pushd "C:\Program Files"

takeown /f WindowsApps /r /d y

icacls WindowsApps /reset /T

icacls WindowsApps /grant Everyone:(F) /t /c /q

cd WindowsApps

for /f %f in ('dir /b Microsoft.MSPaint*') do takeown /f %f /r /d y && rmdir /s /q %f

Important: if takeown complains about "y" not being a valid option, replace it with whatever is short for yes in your language. This is not a problem if you're not using Windows in English. Microsoft Edge (Not recommended) install_wim_tweak /o /c Microsoft-Windows-Internet-Browser /r

install_wim_tweak /o /c Adobe-Flash /r

Additionally, you should remove IE11: Go to Start > Settings > Apps > Manage optional features, and remove Internet Explorer 11 Alternatives: Firefox | Chromium Contact Support, Get Help install_wim_tweak /o /c Microsoft-Windows-ContactSupport /r

Additionally, Go to Start > Settings > Apps > Manage optional features, and remove Contact Support Microsoft Quick Assist Go to Start > Settings > Apps > Manage optional features, and remove Microsoft Quick Assist Connect install_wim_tweak /o /c Microsoft-PPIProjection-Package /r

Reboot! Reboot the system. Hopefully everything is still in place.

Disabling Cortana

With the Anniversary Update, Microsoft hid the option to disable Cortana.

Warning: Do not attempt to remove the Cortana package using install_wim_tweak or the PowerShell, as it will break Windows Search and you will have to reinstall Windows!

Open our command prompt again and use this command: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AllowCortana /t REG_DWORD /d 0 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}" /t REG_SZ /d "BlockCortana|Action=Block|Active=TRUE|Dir=Out|App=C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe|Name=Search and Cortana application|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|" /f

Reboot again and Cortana is gone. The icon is still there, but it will open the regular search instead.

More tweaking

Open the command prompt again and get ready to type Turn off Windows Error Reporting We will remove the service later, but in case an update reinstalls it, this will at least keep it turned off reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v Disabled /t REG_DWORD /d 1 /f

No more forced updates This will notify when updates are available, and you decide when to install them reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 2 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallDay /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallTime /t REG_DWORD /d 3 /f

No license checking By default, Windows will check your license every time you turn on your PC, this will prevent it reg add "HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v NoGenTicket /t REG_DWORD /d 1 /f

Disable sync It doesn't really affect you if you're not using a Microsoft Account, but it will at least disable the Sync settings from the Settings app reg add "HKLM\Software\Policies\Microsoft\Windows\SettingSync" /v DisableSettingSync /t REG_DWORD /d 2 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\SettingSync" /v DisableSettingSyncUserOverride /t REG_DWORD /d 1 /f

No Windows Tips reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v DisableSoftLanding /t REG_DWORD /d 1 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v DisableWindowsSpotlightFeatures /t REG_DWORD /d 1 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v DisableWindowsConsumerFeatures /t REG_DWORD /d 1 /f

reg add "HKLM\Software\Policies\Microsoft\Windows\DataCollection" /v DoNotShowFeedbackNotifications /t REG_DWORD /d 1 /f

reg add "HKLM\Software\Policies\Microsoft\WindowsInkWorkspace" /v AllowSuggestedAppsInWindowsInkWorkspace /t REG_DWORD /d 0 /f

Reboot! Reboot the system and reopen our command prompt for the next step.

Removing OneDrive

If you don't use OneDrive (and you shouldn't), you can remove it from your system with these commands, entered in the command prompt: taskkill /F /IM onedrive.exe

If you're on 32 bit Windows: "%SYSTEMROOT%\System32\OneDriveSetup.exe" /uninstall

If you're on 64 bit Windows: "%SYSTEMROOT%\SysWOW64\OneDriveSetup.exe" /uninstall

Now reboot, and reopen the command prompt: rd "%USERPROFILE%\OneDrive" /Q /S

rd "C:\OneDriveTemp" /Q /S

rd "%LOCALAPPDATA%\Microsoft\OneDrive" /Q /S

rd "%PROGRAMDATA%\Microsoft OneDrive" /Q /S

reg delete "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

reg delete "HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

Don't worry if some of these commands fail, it is normal if you never used OneDrive. Reboot once again, and reopen the command prompt for the next step

Removing Telemetry and other unnecessary services

First, click start, type "Services" and open it. You will find a huge list of Windows Services, most of which are fine and safe, but others send data to Microsoft.

Find a service called Contact Data_xxxxx or CDPUserSvc_xxxxx, where xxxxx are 5 randomly generated characters (yes, Windows is using literal malware techniques to prevent automated removal of this trash). Write down these 5 characters.



And now type these commands to delete them: sc delete DiagTrack

sc delete dmwappushservice

sc delete WerSvc

sc delete CDPUserSvc

sc delete CDPUserSvc_xxxxx

sc delete OneSyncSvc

sc delete OneSyncSvc_xxxxx

sc delete MessagingService

sc delete MessagingService_xxxxx

sc delete diagnosticshub.standardcollector.service

reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules\" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d 0 /f

reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /f

reg add "HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener" /v Start /t REG_DWORD /d 0 /f

Press Win+R, type regedit, press enter, and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Here we need to delete the following keys: PimIndexMaintenanceSvc

PimIndexMaintenanceSvc_xxxxx

DPS

UserDataSvc

UserDataSvc_xxxxx

UnistoreSvc

UnistoreSvc_xxxxx

xbgm (If you removed the Xbox stuff) Some of those keys are "protected" by messed up permissions. To delete them, you must fix them, here's a video showing how to do it: There should be a video here, but your browser doesn't support HTML5 videos. Some of those keys are "protected" by messed up permissions. To delete them, you must fix them, here's a video showing how to do it: Right click the key and select Permissions, then click Advanced, change the Owner to your username, check "Replace owner on subcontainers and objects" and "Replace all child object permission entries with inheritable permission entries from this object", if inheritance is enabled, disable it and convert to explicit permissions, apply, remove all the permission entries and add one for your username with Full control, confirm everything and delete the key.

Reboot!



reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe" /v Debugger /t REG_SZ /d "%windir%\System32\taskkill.exe" /f

Last but not least, we also need to remove Microsoft Compatibility Telemetry. This process does more than spying on you, it's also a resource hog when it's running, especially if you don't have an SSD.

Scheduled tasks

Windows 10 has a huge amount of scheduled tasks that may report some data. Type these commands in the command prompt to remove them: schtasks /Change /TN "Microsoft\Windows\AppID\SmartScreenSpecific" /disable

schtasks /Change /TN "Microsoft\Windows\Application Experience\AitAgent" /disable

schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /disable

schtasks /Change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /disable

schtasks /Change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /disable

schtasks /Change /TN "Microsoft\Windows\Autochk\Proxy" /disable

schtasks /Change /TN "Microsoft\Windows\CloudExperienceHost\CreateObjectTask" /disable

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\BthSQM" /disable

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /disable

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /disable

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader" /disable

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /disable

schtasks /Change /TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /disable

schtasks /Change /TN "Microsoft\Windows\DiskFootprint\Diagnostics" /disable

schtasks /Change /TN "Microsoft\Windows\FileHistory\File History (maintenance mode)" /disable

schtasks /Change /TN "Microsoft\Windows\Maintenance\WinSAT" /disable

schtasks /Change /TN "Microsoft\Windows\PI\Sqm-Tasks" /disable

schtasks /Change /TN "Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" /disable

schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyMonitor" /disable

schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyRefresh" /disable

schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyUpload" /disable

schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /disable

Some of these may not exist, it's fine.

Last touches

We must disable Windows Spotlight, and other "Suggestions".

Go to Start > Settings > Personalization: Under Lock screen and set the background to Picture

Under Start set Occasionally show suggestions in Start to off (They're literally ads) Go back to Settings and go to System > Notifications and actions Set Get tips, tricks, and suggestions as you use Windows to off

Set Show me the Windows welcome... to off Go back to Settings and go to Privacy Under General, set Let Windows track app launches... to off

Under App diagnostics, set Let apps access diagnostic information to off Go back to Settings and go to System > Notifications and actionsGo back to Settings and go to Privacy

Protect your wifi network from your friends!

If you give your Wifi password to a friend who has Wifi Sensor turned on (it was turned on by default in the previous versions of Windows 10), it will share your password with his Skype, Outlook, ... contacts, which means your Wifi password will be sent to Microsoft.

You can disable this by adding _optout to the name of your network.

Optional: use a firewall!

For some applications (such as the settings app), the only way to prevent them from reporting data is to block them with a firewall. This is why you should use a firewall, such as TinyWall to block all traffic except what you explicitly allow.

Personally, I allow Windows Update, Network discovery and sharing, DHCP, DNS, my web browser and nothing more. This will limit the traffic of undesired applications to DNS queries, they won't be able to send or receive anything.

Setting up the firewall may take some time, but you'll be as safe as you could possibly be when using Windows. Tinywall's autolearn feature is very useful when you install a new application: it will learn its patterns and allow them through the firewall

A big limitation of Tinywall, if you decide to use it, is that you cannot allow/block individual UWP apps (for instance, allow Facebook but not Candy Crush). Blocking WWAHost.exe (recommended) will block all of them, while allowing it will allow all of them to go through. Microsoft Edge is the only exception and has its own exe files. The same thing happens if you use the UNIX subsystem, there is no way to block specific applications.

Congratulations! Your copy of Windows is now Debotnetted!

Things will change in the future, and I'll do what I can to keep this guide updated.

As of May 2017, this guide works on Windows 10 Pro.

Can Windows revert these changes?