# Windows 11 Privacy Settings Go to Settings. ## System #### Notifications - Additional settings > - Show the Windows welcome experience after updates and when signed in to show what's new and suggested: Off - Suggest ways to get the most out of Windows and finish setting up this device: Off - Get tips and suggestions when using Windows: Off #### Nearby sharing - Off (Enable this only when needed. Remember to turn it off when no longer required.) #### Remote Desktop **This feature is not available in Home editions** - Off (Enable this only when needed. Remember to turn it off when no longer required.) - Require device to use Network Level Authentication to connect: On ## Bluetooth & devices #### Mobile devices - Phone Link : Off (use something else like [KDE Connect](https://kdeconnect.kde.org/), [LocalSend](https://localsend.org/), etc.) #### AutoPlay - Use AutoPlay for all media and devices: Off ## Network & internet #### Ethernet - DNS server assignment > Edit > - Edit DNS settings: Manual - IPv4: On - Preferred DNS: enter IPv4 address of a provider from [this list](https://www.privacyguides.org/en/dns/#recommended-providers) Example: For Quad9, enter 9.9.9.9 - DNS over HTTPS: On (automatic template) - Fallback to plaintext: Off - Alternate DNS: enter alternate IPv4 address of the same provider as above or a different provider Example: For Quad9, enter 149.112.112.112 - DNS over HTTPS: On (automatic template) - Fallback to plaintext: Off - IPv6: On - Preferred DNS: enter IPv6 address of a provider from [this list](https://www.privacyguides.org/en/dns/#recommended-providers) Example: For Quad9, enter 2620:fe::fe - DNS over HTTPS: On (automatic template) - Fallback to plaintext: Off - Alternate DNS: enter alternate IPv6 address of the same provider as above or a different provider Example: For Quad9, enter 2620:fe::9 - DNS over HTTPS: On (automatic template) - Fallback to plaintext: Off Click `Save` #### Wi-Fi - Random hardware addresses: On - Hardware properties > DNS server assignment > Edit - Edit DNS settings: Manual - IPv4: On - Preferred DNS: enter IPv4 address of a provider from [this list](https://www.privacyguides.org/en/dns/#recommended-providers) Example: For Quad9, enter 9.9.9.9 - DNS over HTTPS: On (automatic template) - Fallback to plaintext: Off - Alternate DNS: enter alternate IPv4 address of the same provider as above or a different provider Example: For Quad9, enter 149.112.112.112 - DNS over HTTPS: On (automatic template) - Fallback to plaintext: Off - IPv6: On - Preferred DNS: enter IPv6 address of a provider from [this list](https://www.privacyguides.org/en/dns/#recommended-providers) Example: For Quad9, enter 2620:fe::fe - DNS over HTTPS: On (automatic template) - Fallback to plaintext: Off - Alternate DNS: enter alternate IPv6 address of the same provider as above or a different provider Example: For Quad9, enter 2620:fe::9 - DNS over HTTPS: On (automatic template) - Fallback to plaintext: Off Click `Save` ## Personalization #### Lock screen - Personalize your lock screen - select `Picture` or `Slideshow` - Get fun facts, tips, tricks and more on your lock screen: Off #### Start - Show recommendations for tips, shortcuts, new apps and more: Off #### Device usage - Turn everything off ## Apps #### Installed apps Uninstall anything you don't use like XBox, candy crush, some other preinstalled apps/games etc. Be sure not to uninstall anything important. If you have doubts about any app, search the net. ## Accounts #### Your info **This section is applicable only if you've signed in with a Microsoft account** Delete your account picture and set it to default as mentioned below: - Choose a file > Browse files - Go to `C:\Users\JohnDoe\AppData\Roaming\Microsoft\Windows\AccountPictures` and delete your picture. (Replace `JohnDoe` with your username) - Go to `C:\ProgramData\Microsoft\User Account Pictures` and select `guest.png`. > :information_source: **NOTE**: `AppData` is a hidden folder by default. To enable: in file explorer on top click `View` > Show > select `Hidden items`. #### Sign-in options - Show account details such as my email address on the sign-in screen: Off ## Time & language #### Typing - Show text suggestions when typing on the physical keyboard: Off - Typing insights: Off ## Privacy & security #### Windows Security - Virus & threat protection > Virus & threat protection settings > Manage settings > All protections on (Except automatic sample submission) - Firewall & network protection > Firewall should be on for domain, public and private networks. #### Find my device - Find my device: Off #### General - All off #### Recall & Snapshots **This feature is available only on some devices** - Save Snapshots: Off - Delete Snapshots > - Delete all snapshots: Delete all #### Speech - Online speech recognition: Off #### Inking & typing personalization - Custom inking and typing dictionary: Off #### Diagnostics & feedback - Diagnostic data > Send optional diagnostic data: Off - Improve inking & typing: Off - Tailored experiences: Off - Delete diagnostic data: Delete - Feedback frequency: Never #### Activity history - Send my activity history to Microsoft: Off #### Search permissions - Cloud content search - Microsoft account: Off - Work or School account: Off - More settings - Show search highlights: Off #### App permissions - Review each permission and disable accordingly (choose which apps can have access to location, camera, microphone, notifications etc. If any app doesn't need something, turn it off.) - App diagnostics > App diagnostic access: Off ## Windows Update #### Advanced options - Delivery Optimization > Allow downloads from other PCs: Off --- --- ## Disable ads in file explorer Open file explorer. Click 3 dots menu on top > Options > - Click `View` on top of the new popup > - Uncheck `Show sync provider notifications` - Click `Apply` - Also click "Apply to Folders" on top (if available) ## Disable telemetry service Press `Win key + r` > type `services.msc` > press enter - Double-click on `Connected User Experiences and Telemetry` > - Service Status: Stopped (Click on `Stop`, if service is running) - Startup Type: Disabled - Click `OK` ## Block & uninstall Quick Assist Press `Win key + r` > type `powershell` > press `ctrl + shift + enter` > Yes - Type (or copy paste) the following in the powershell window & press enter: ``` notepad C:\Windows\System32\drivers\etc\hosts ``` - In this hosts file add the following line at the bottom & save it: ``` 0.0.0.0 remoteassistance.support.services.microsoft.com ``` - To uninstall, type (or copy paste) the following in the powershell window & press enter: ``` Get-AppxPackage -Name MicrosoftCorporationII.QuickAssist | Remove-AppxPackage -AllUsers ``` ## Block all Microsoft telemetry Press `Win key + r` > type `powershell` > press `ctrl + shift + enter` > Yes - Type (or copy paste) the following in the powershell window & press enter: ``` notepad C:\Windows\System32\drivers\etc\hosts ``` - Add everything from [this list](https://raw.githubusercontent.com/hagezi/dns-blocklists/main/hosts/native.winoffice.txt) at the bottom of the hosts file & save it. The list is updated regularly, so remember to check back often & replace old entries in the hosts file with the most recent ones. Windows updates will function normally even with these additions. ## Disable trending searches & web search in search bar Press `Win key + r` > type `regedit` > press enter > Yes - Navigate to `Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search` - In the left navigation window, right click on `Search` > New > DWORD (32-bit) Value > name it `BingSearchEnabled` - Double click it and make sure `Value data` is set to `0` - Open Task Manager > Processes > select `Windows Explorer` > Right click > Restart ## Disable Copilot Press `Win key + r` > type `regedit` > press enter > Yes - Navigate to `Computer\HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows` - In the left navigation window, right click on `Windows` > New > Key > name it `WindowsCopilot` - Right click on `WindowsCopilot` > New > DWORD (32-bit) Value > name it `TurnOffWindowsCopilot` - Double click it and set `Value data` to `1` > OK - Open Task Manager > Processes > select `Windows Explorer` > Right click > Restart --- --- ## Fresh install #### Block preinstalled third-party bloatware - In the installation media setup wizard, select `Time and currency format` as `English (World)`. - Once the device restarts, an error (`Something went wrong`) will be displayed. Click on `Skip` & continue with the rest of the setup. - After the whole setup completes & the device boots into Windows 11, go to Settings > Time & language > Language & region > Country or region: select your country/region #### Bypass Microsoft account requirement After the installation media setup wizard completes & the device begins to restart, disconnect your internet connection (even if you're unable to disconnect for any reason, keep following the process).
After the device restarts, it'll reach the country or region selection screen. - Press `Shift + F10`. On some devices you may require to press `Fn + Shift + F10`. - In the command prompt, type the following & press enter: ``` oobe\bypassnro ``` Your device will restart. - If for some reason you were unable to disconnect from the internet earlier, press `Shift + F10` or `Fn + Shift + F10` again. In the command prompt, type the following & press enter: ``` ipconfig /release ``` - Select `I don't have internet` & continue with the local account creation. - If you used `ipconfig /release` command previously, once the whole setup process is complete: - Press `Win key + r` > type `cmd` & press enter. - In the command prompt, type the following & press enter: ``` ipconfig /renew ```