Windows 10 and Privacy
This Windows 10 privacy guide is a work in progress. We will add new information and make adjustments once they become available.
When it comes to Windows 10 and privacy, there are lots of things that you need to consider. Probably the best starting point before you even begin to upgrade an existing system or set up Windows 10 on a new one is to read through the Privacy Policy and Service Agreement.
Yes, that is lots of text even if you only read the summaries that Microsoft provides. Please note that the two documents are not exclusive to Windows 10 but apply to Microsoft.
Tip: Check out our comparison of Windows 10 privacy tools. These help you speed up making privacy related changes to the operating system.
You do find "Windows" listed in the privacy statement.
Windows 10 and Privacy
There you find the following key information:
- Microsoft creates a unique advertising ID for each user on a device running Windows 10. This can be turned off in the Privacy Settings.
- What you say or type may be processed by Microsoft, for instance by the operating system's Cortana service or by providing spelling correction.
- Windows supports a location service that allows apps and services, such as Find My Device, to request your location in the world. This can be turned off in the Privacy settings.
- Microsoft syncs some Windows settings automatically when you sign in to a Microsoft account. This is done to provide users with a personalized experience across devices. Data that gets synced includes installed apps and their settings, web browser history and favorites, passwords and wireless network names, and addresses of shared printers.
- Telemetry data is collected by Microsoft. This includes installed software, configuration data and network and connection data. While some of it can be turned off in the Settings, not all can.
Core Windows 10 Privacy Settings
You find Privacy settings that Microsoft makes available under Settings. The page is surprisingly large and while it provides you with lots of options, does not give you full control over what is collected and submitted.
Open the Privacy settings with a tap on the Windows-key and the selection of Settings when Start opens. If Settings is not listed there, type Settings and hit enter.
Switch to Privacy once the Settings window opens. There you find listed all privacy related settings. Suggests are in brackets)
General
- Let apps use my advertising ID for experiences across apps (turning this off will reset your ID). (Off)
- Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use. (Off, but note that this may reduce security on the system. If you are inexperienced, leave this on.)
- Send Microsoft info about how I write to help us improving typing and writing in the future. (Off)
- Let websites provide locally relevant content by accessing my language list. (Off)
Location
- Turn location on or off. Apps or services that you allow may access location-based data if on. (Off, unless you rely on apps that require it to be on, e.g. the weather app)
- Location History. If you have turned location services off, you may want to clear the location history on the device as well.
Camera and Microphone
- Let apps use my camera. (Off)
- Let apps use my microphone. (Off)
Switch these to off if you don't want apps to use the cam or microphone on your device. You may need it for select services, Cortana for instance or the Skype application.
Speech, inking & typing
- Windows and Cortana can get to you know your voice and writing to make better suggestions to you. We'll collect info like contacts, recent calendar events, speech, and handwriting patterns, and typing history. (Off, unless Cortana is used. This will turn off Cortana and dictation).
Account Info
- Let apps access my name, picture, and other account info. (Off, unless you require this for select applications. Then leave it on and set permissions per application instead).
Contacts and Calendar
- Choose applications that may access your contacts or calendar. There are three by default for the Contacts, and two for the Calendar (the first two): App connector, Mail and Calendar and Windows Shell Experience. (Off, unless required).
Messaging
- Let apps read or send messages. (Off if you are on the desktop and don't require apps to send text or MMS).
Radios
- Let apps control radios. This enables apps to use radios, such as Bluetooth. (Off, unless you use apps that require this).
Other devices
- Sync with devices. This setting syncs data with Microsoft and other devices you own. If you only use a single device, you may want to disable it. Note that syncing may come in handy when you set up the system anew. (Off)
- Let apps use trusted devices. (Off, unless required).
Feedback and Diagnostic
- Send your device data to Microsoft. If you are an Insider, you cannot switch from Full(Recommended). If you are not, you may switch the setting to Enhanced or Full. It does not seem possible to turn this off completely.
What is transferred if you switch the setting to Basic is listed in the FAQ (when you click on the learn more link):
Basic information is data that is vital to the operation of Windows. This data helps keep Windows and apps running properly by letting Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. If you select this option, we’ll be able to provide updates to Windows (through Windows Update, including malicious software protection by the Malicious Software Removal Tool), but some apps and features may not work correctly or at all.
Background apps
- Select which applications may run in the background (Turn off all that you don't require. If you use Mail for instance, you may want it to run in the background while you may not want the same for "Get Office", "Photos" or "Xbox".
Settings > Update & Security > Windows Update
- Click advanced options.
- Defer Upgrades (Enable, only available in Pro and Enterprise editions)
- Select "choose how updates are delivered".
- Download Windows updates and apps from other PCs in addition to Microsoft. (Off).
Advanced Windows 10 privacy settings
Changing the Telemetry value using the Group Policy Editor or Windows Registry
This setting is identical to the Feedback & diagnostics setting. There is one difference however which only applies to Enterprise customers. Enterprise customers may turn this off completely, while Home and Pro users may set it to basic only as the lowest level.
To make the change in the Group Policy, do the following:
- Tap on the Windows-key, type gpedit.msc and hit enter.
- Navigate to Computer Configuration > Administrative Templates > Windows Components > Data Collection (It may be listed as Data Collection and Preview Builds).
- Set Allow Telemetry to Off if you are using an Enterprise account, to Basic if you are not.
To make the change using the Windows Registry, do the following:
- Tap on the Windows-key, type regedit and hit enter.
- Confirm the UAC prompt if it comes up.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection.
- Set the value of AllowTelemetry to 0 if you are on Enterprise, to 1 if you are not.
Use a local account
Windows 10 supports two account types: Microsoft accounts and local accounts. Microsoft accounts are used by default and if you select that option, you sign in to the operating system using your account's credentials (usually email and the password).
You may use a local account instead for day to day activies. This can be arranged in the Settings under Accounts > Your account.
If you use a local account, you will notice that you cannot use certain features of the operating system. Windows Store and certain applications become unavailable for instance, and account data is not synced across devices.
Misc Group Policy Settings
The following settings are provided in the Group Policy Editor.
Computer Configuration > Administrative Templates > Windows Components > OneDrive
- Prevent the usage of OneDrive for file storage.
Computer Configuration > Administrative Templates > Windows Components > Online Assistance
- Turn off Active Help.
Computer Configuration > Administrative Templates > Windows Components > Search
- Allow Cortana.
- Allow indexing of encrypted files.
- Allow search and Cortana to use location.
- Do not allow web search.
- Don't search the web or display web results in Search.
- Don't search the web or display web results in Search over a metered connection.
- Set what information is shared in Search (Switch to Anonymous info)
Computer Configuration > Administrative Templates > Windows Components > Sync Your Settings
- Disable all syncing or the synchronization of specific settings, for instance Start, browser or passwords.
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
- Configure Error Reporting (do not collection additional files, do not collect additional machine data).
- Disable Windows Error Reporting.
- Disable logging.
- Do not send additional data.
Computer Configuration > Administrative Templates > Windows Components > Windows Update
- Configure Automatic Updates (Set to Notify for download and notify for install. May want to set the scheduled install day as well. This allows you to block updates from being installed)
- Defer Upgrade (Pro and Enterprise only, may defer upgrades til next upgrade period)
- Turn on Software Notifications ("Enhanced notification messages convey the value and promote the installation and use of optional software").
- Allow signed updates from an intranet Microsoft update location.
Additional resources of interest
- Microsoft Edge Forensics - Detailed analysis of the browser's data collection.
- Setting your preferences for Windows 10 services - Official Microsoft guide
Now You: We need your help to make this guide as complete as possible. Got other tips? Please share them in the comment section below.
What mental age of reader are you targeting with the first sentence? 10?
Why not write an article on how to *avoid* upgrading from W10 to W11. Analogous to those like me who avoided upgrading from 7 to 10 for as long as possible.
If your paymaster Microsoft permits it, of course.
5. Rufus
6. Ventoy
PS. I hate reading these “SEO optimized” articles.
I used Rufus to create an installer for a 6th gen intel i5 that had MBR. It upgraded using Setup. No issues except for Win 11 always prompting me to replace my local account. Still using Win 10 Pro on all my other PCs to avoid the bullying.
bit pointless to upgrade for the sake of upgrading as you never know when you’ll get locked out because ms might suddenly not provide updates to unsupported systems.
ps…. time travelling?
written. Jan 15, 2023
Updated • Jan 13, 2023
This happens when you schedule a post in WordPress and update it before setting the publication date.
Anyone willing to downgrade to this awful OS must like inflicting themselves with harm.
I have become convinced now that anybody who has no qualms with using Windows 11/10 must fit into one of the following brackets:
1) Too young to remember a time before W10 and W11 (doesn’t know better)
2) Wants to play the latest games on their PC above anything else (or deeply needs some software which already dropped W7 support)
3) Doesn’t know too much about how computers work, worried that they’d be absolutely lost and in trouble without the “”latest security””
4) Microsoft apologist that tries to justify that the latest “features” and “changes” are actually a good thing, that improve Windows
5) Uses their computer to do a bare minimum of like 3 different things, browse web, check emails, etc, so really doesn’t fuss
Obviously that doesn’t cover everyone, there’s also the category that:
6) Actually liked W7 more than 10, and held out as long as possible before switching, begrudgingly uses 10 now
Have I missed any group off this list?
You have missed in this group just about any professional user that uses business software like CAD programs or ERP Programs which are 99% of all professional users from this list.
Linux doesn’t help anyone who is not a linux kid and apple is just a fancy facebook machine.
Microsoft has removed KB5029351 update
only from windows update though
KB5029351 is still available from the ms update catalog site
1. This update is labaled as PREVIEW if it causes issues to unintelligent people, then they shouldn’t have allowed Preview updates ot install.
2. I have installed it in a 11 years old computer, and no problems at all.
3. Making a big drama over a bluescreen for an updated labeled as preview is ridiculous.
This is probably another BS internet drama where people ran programs and scripts that modified the registry until they broke Windows, just for removing stuff that they weren’t even using just for the sake of it.
Maybe people should stop playing geeks and actually either use Windows 10 or Windows 11, but don’t try to modify things just for the sake of it.
Sometimes removing or stopping things (like defender is a perfect example) only need intelligence, not scripts or 3rd party programs that might mess with windows.
Windows 11 was a pointless release, it was just created because some of the Windows team wanted to boost sales with some sort of new and improved Windows 10. Instead, Microsoft cannot support one version well let alone two.
Windows 11 is the worst ugly shame by Microsoft ever. They should release with every new W11 version a complete free version of Starallback inside just to make this sh** OS functionally again.
motherboard maker MSI has recently released a statement regarding the “unsupported processor” blue screen error for their boards using Intel 600/700 series chipsets & to avoid the KB5029351 Win11 update:
https://www.msi.com/news/detail/MSI-On–UNSUPPORTED-PROCESSOR–Error-Message-of-Windows-11-Update-KB5029351-Preview-142215
check out the following recent articles:
Neowin – Microsoft puts little blame on its Windows update after UNSUPPORTED PROCESSOR BSOD bug:
https://www.neowin.net/news/microsoft-puts-little-blame-on-its-windows-update-after-unsupported-processor-bsod-bug/
BleepingComputer – Microsoft blames ‘unsupported processor’ blue screens on OEM vendors:
https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-unsupported-processor-blue-screens-on-oem-vendors/
While there may be changes or updates to the Windows 10 Store for Business and Education in the future, it is premature to conclude that it will be discontinued based solely on rumors.
My advice, I left win 15 years ago. Now I’m a happy linux user (linuxmint) but there is Centos, Fedora, Ubuntu depending on your needs.
motherboard maker MSI has recently released new BIOS/firmware updates for their Intel 600 & 700 series motherboards to fix the “UNSUPPORTED_PROCESSOR” problem (Sept. 6):
https://www.msi.com/news/detail/Updated-BIOS-fixes-Error-Message–UNSUPPORTED-PROCESSOR–caused-BSOD-on-MSI-s-Intel-700-and-600-Series-Motherboards-142277
I try to disable the Diagnostics Tracking Service (Connected Devices Platform User Services) but it wont let me disable it, any help will be greatly appreciated.
Tank you for your help