301 lines
9.9 KiB
Markdown
301 lines
9.9 KiB
Markdown
# Windows 11 Privacy Settings
|
|
|
|
Go to Settings.
|
|
|
|
|
|
|
|
## System
|
|
|
|
#### Notifications
|
|
- Additional settings >
|
|
- Show the Windows welcome experience after updates and when signed in to show what's new and suggested: Off
|
|
- Suggest ways to get the most out of Windows and finish setting up this device: Off
|
|
- Get tips and suggestions when using Windows: Off
|
|
|
|
#### Nearby sharing
|
|
- Off (Enable this only when needed. Remember to turn it off when no longer required.)
|
|
|
|
#### Remote Desktop
|
|
**This feature is not available in Home editions**
|
|
- Off (Enable this only when needed. Remember to turn it off when no longer required.)
|
|
- Require device to use Network Level Authentication to connect: On
|
|
|
|
|
|
|
|
## Bluetooth & devices
|
|
|
|
#### Mobile devices
|
|
- Phone Link : Off (use something else like [KDE Connect](https://kdeconnect.kde.org/), [LocalSend](https://localsend.org/), etc.)
|
|
|
|
#### AutoPlay
|
|
- Use AutoPlay for all media and devices: Off
|
|
|
|
## Network & internet
|
|
|
|
#### Ethernet
|
|
- DNS server assignment > Edit >
|
|
- Edit DNS settings: Manual
|
|
- IPv4: On
|
|
- Preferred DNS: enter IPv4 address of a provider from [this list](https://www.privacyguides.org/en/dns/#recommended-providers)
|
|
|
|
Example: For Quad9, enter 9.9.9.9
|
|
- DNS over HTTPS: On (automatic template)
|
|
- Fallback to plaintext: Off
|
|
- Alternate DNS: enter alternate IPv4 address of the same provider as above or a different provider
|
|
|
|
Example: For Quad9, enter 149.112.112.112
|
|
- DNS over HTTPS: On (automatic template)
|
|
- Fallback to plaintext: Off
|
|
- IPv6: On
|
|
- Preferred DNS: enter IPv6 address of a provider from [this list](https://www.privacyguides.org/en/dns/#recommended-providers)
|
|
|
|
Example: For Quad9, enter 2620:fe::fe
|
|
- DNS over HTTPS: On (automatic template)
|
|
- Fallback to plaintext: Off
|
|
- Alternate DNS: enter alternate IPv6 address of the same provider as above or a different provider
|
|
|
|
Example: For Quad9, enter 2620:fe::9
|
|
- DNS over HTTPS: On (automatic template)
|
|
- Fallback to plaintext: Off
|
|
|
|
Click `Save`
|
|
|
|
#### Wi-Fi
|
|
- Random hardware addresses: On
|
|
- Hardware properties > DNS server assignment > Edit
|
|
- Edit DNS settings: Manual
|
|
- IPv4: On
|
|
- Preferred DNS: enter IPv4 address of a provider from [this list](https://www.privacyguides.org/en/dns/#recommended-providers)
|
|
|
|
Example: For Quad9, enter 9.9.9.9
|
|
- DNS over HTTPS: On (automatic template)
|
|
- Fallback to plaintext: Off
|
|
- Alternate DNS: enter alternate IPv4 address of the same provider as above or a different provider
|
|
|
|
Example: For Quad9, enter 149.112.112.112
|
|
- DNS over HTTPS: On (automatic template)
|
|
- Fallback to plaintext: Off
|
|
- IPv6: On
|
|
- Preferred DNS: enter IPv6 address of a provider from [this list](https://www.privacyguides.org/en/dns/#recommended-providers)
|
|
|
|
Example: For Quad9, enter 2620:fe::fe
|
|
- DNS over HTTPS: On (automatic template)
|
|
- Fallback to plaintext: Off
|
|
- Alternate DNS: enter alternate IPv6 address of the same provider as above or a different provider
|
|
|
|
Example: For Quad9, enter 2620:fe::9
|
|
- DNS over HTTPS: On (automatic template)
|
|
- Fallback to plaintext: Off
|
|
|
|
Click `Save`
|
|
|
|
|
|
|
|
## Personalization
|
|
|
|
#### Lock screen
|
|
- Personalize your lock screen
|
|
- select `Picture` or `Slideshow`
|
|
- Get fun facts, tips, tricks and more on your lock screen: Off
|
|
|
|
#### Start
|
|
- Show recommendations for tips, shortcuts, new apps and more: Off
|
|
|
|
#### Device usage
|
|
- Turn everything off
|
|
|
|
|
|
|
|
## Apps
|
|
|
|
#### Installed apps
|
|
Uninstall anything you don't use like XBox, candy crush, some other preinstalled apps/games etc.
|
|
Be sure not to uninstall anything important. If you have doubts about any app, search the net.
|
|
|
|
|
|
|
|
## Accounts
|
|
|
|
#### Your info
|
|
**This section is applicable only if you've signed in with a Microsoft account**
|
|
|
|
Delete your account picture and set it to default as mentioned below:
|
|
- Choose a file > Browse files
|
|
- Go to `C:\Users\JohnDoe\AppData\Roaming\Microsoft\Windows\AccountPictures` and delete your picture. (Replace `JohnDoe` with your username)
|
|
- Go to `C:\ProgramData\Microsoft\User Account Pictures` and select `guest.png`.
|
|
|
|
> :information_source: **NOTE**: `AppData` is a hidden folder by default. To enable: in file explorer on top click `View` > Show > select `Hidden items`.
|
|
|
|
#### Sign-in options
|
|
- Show account details such as my email address on the sign-in screen: Off
|
|
|
|
|
|
|
|
|
|
## Time & language
|
|
|
|
#### Typing
|
|
- Show text suggestions when typing on the physical keyboard: Off
|
|
- Typing insights: Off
|
|
|
|
|
|
|
|
## Privacy & security
|
|
|
|
#### Windows Security
|
|
- Virus & threat protection > Virus & threat protection settings > Manage settings > All protections on (Except automatic sample submission)
|
|
- Firewall & network protection > Firewall should be on for domain, public and private networks.
|
|
|
|
#### Find my device
|
|
- Find my device: Off
|
|
|
|
#### General
|
|
- All off
|
|
|
|
#### Recall & Snapshots
|
|
**This feature is available only on some devices**
|
|
- Save Snapshots: Off
|
|
- Delete Snapshots >
|
|
- Delete all snapshots: Delete all
|
|
|
|
#### Speech
|
|
- Online speech recognition: Off
|
|
|
|
#### Inking & typing personalization
|
|
- Custom inking and typing dictionary: Off
|
|
|
|
#### Diagnostics & feedback
|
|
- Diagnostic data > Send optional diagnostic data: Off
|
|
- Improve inking & typing: Off
|
|
- Tailored experiences: Off
|
|
- Delete diagnostic data: Delete
|
|
- Feedback frequency: Never
|
|
|
|
#### Activity history
|
|
- Send my activity history to Microsoft: Off
|
|
|
|
#### Search permissions
|
|
- Cloud content search
|
|
- Microsoft account: Off
|
|
- Work or School account: Off
|
|
- More settings
|
|
- Show search highlights: Off
|
|
|
|
#### App permissions
|
|
- Review each permission and disable accordingly (choose which apps can have access to location, camera, microphone, notifications etc. If any app doesn't need something, turn it off.)
|
|
- App diagnostics > App diagnostic access: Off
|
|
|
|
|
|
|
|
## Windows Update
|
|
|
|
#### Advanced options
|
|
- Delivery Optimization > Allow downloads from other PCs: Off
|
|
|
|
|
|
---
|
|
---
|
|
|
|
|
|
## Disable ads in file explorer
|
|
Open file explorer. Click 3 dots menu on top > Options >
|
|
- Click `View` on top of the new popup >
|
|
- Uncheck `Show sync provider notifications`
|
|
- Click `Apply`
|
|
- Also click "Apply to Folders" on top (if available)
|
|
|
|
|
|
|
|
## Disable telemetry service
|
|
Press `Win key + r` > type `services.msc` > press enter
|
|
|
|
- Double-click on `Connected User Experiences and Telemetry` >
|
|
- Service Status: Stopped (Click on `Stop`, if service is running)
|
|
- Startup Type: Disabled
|
|
- Click `OK`
|
|
|
|
|
|
|
|
## Block & uninstall Quick Assist
|
|
Press `Win key + r` > type `powershell` > press `ctrl + shift + enter` > Yes
|
|
|
|
- Type (or copy paste) the following in the powershell window & press enter:
|
|
```
|
|
notepad C:\Windows\System32\drivers\etc\hosts
|
|
```
|
|
- In this hosts file add the following line at the bottom & save it:
|
|
```
|
|
0.0.0.0 remoteassistance.support.services.microsoft.com
|
|
```
|
|
- To uninstall, type (or copy paste) the following in the powershell window & press enter:
|
|
```
|
|
Get-AppxPackage -Name MicrosoftCorporationII.QuickAssist | Remove-AppxPackage -AllUsers
|
|
```
|
|
|
|
|
|
|
|
## Block all Microsoft telemetry
|
|
Press `Win key + r` > type `powershell` > press `ctrl + shift + enter` > Yes
|
|
|
|
- Type (or copy paste) the following in the powershell window & press enter:
|
|
```
|
|
notepad C:\Windows\System32\drivers\etc\hosts
|
|
```
|
|
- Add everything from [this list](https://raw.githubusercontent.com/hagezi/dns-blocklists/main/hosts/native.winoffice.txt) at the bottom of the hosts file & save it.
|
|
|
|
The list is updated regularly, so remember to check back often & replace old entries in the hosts file with the most recent ones.
|
|
Windows updates will function normally even with these additions.
|
|
|
|
|
|
|
|
## Disable trending searches & web search in search bar
|
|
Press `Win key + r` > type `regedit` > press enter > Yes
|
|
|
|
- Navigate to `Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search`
|
|
- In the left navigation window, right click on `Search` > New > DWORD (32-bit) Value > name it `BingSearchEnabled`
|
|
- Double click it and make sure `Value data` is set to `0`
|
|
- Open Task Manager > Processes > select `Windows Explorer` > Right click > Restart
|
|
|
|
|
|
|
|
## Disable Copilot
|
|
Press `Win key + r` > type `regedit` > press enter > Yes
|
|
|
|
- Navigate to `Computer\HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows`
|
|
- In the left navigation window, right click on `Windows` > New > Key > name it `WindowsCopilot`
|
|
- Right click on `WindowsCopilot` > New > DWORD (32-bit) Value > name it `TurnOffWindowsCopilot`
|
|
- Double click it and set `Value data` to `1` > OK
|
|
- Open Task Manager > Processes > select `Windows Explorer` > Right click > Restart
|
|
|
|
|
|
---
|
|
---
|
|
|
|
|
|
## Fresh install
|
|
|
|
#### Block preinstalled third-party bloatware
|
|
- In the installation media setup wizard, select `Time and currency format` as `English (World)`.
|
|
- Once the device restarts, an error (`Something went wrong`) will be displayed. Click on `Skip` & continue with the rest of the setup.
|
|
- After the whole setup completes & the device boots into Windows 11, go to Settings > Time & language > Language & region > Country or region: select your country/region
|
|
|
|
#### Bypass Microsoft account requirement
|
|
After the installation media setup wizard completes & the device begins to restart, disconnect your internet connection (even if you're unable to disconnect for any reason, keep following the process).
|
|
<br>After the device restarts, it'll reach the country or region selection screen.
|
|
- Press `Shift + F10`. On some devices you may require to press `Fn + Shift + F10`.
|
|
- In the command prompt, type the following & press enter:
|
|
```
|
|
oobe\bypassnro
|
|
```
|
|
Your device will restart.
|
|
- If for some reason you were unable to disconnect from the internet earlier, press `Shift + F10` or `Fn + Shift + F10` again. In the command prompt, type the following & press enter:
|
|
```
|
|
ipconfig /release
|
|
```
|
|
- Select `I don't have internet` & continue with the local account creation.
|
|
- If you used `ipconfig /release` command previously, once the whole setup process is complete:
|
|
- Press `Win key + r` > type `cmd` & press enter.
|
|
- In the command prompt, type the following & press enter:
|
|
```
|
|
ipconfig /renew
|
|
``` |