- Turn off the advertising ID
- Configure Windows smartscreen
- Improve typing?
- Locally relevant content?
- Location on / off?
- Location history?
- Camera?
- Microphone?
- Allow input personalization
- User management of sharing user name account picture and domain information with apps (not desktop apps)
- Access contacts?
- Access calendar?
- Apps that can access calendar?
- Read or send messages?
- Apps that can read or send messages?
- Disable Radios?
- Apps that can control radios?
- Sync info with wireless devices?
- Other wireless devices that share info?
- Feedback frequency?
- Allow Telemetry
- Apps running in the background?
- Prevent the usage of OneDrive for file storage
- Turn off Active Help
- Allow Cortana
- Allow indexing of encrypted files
- Allow search and Cortana to use location
- Do not allow web search
- Don't search the web or display web results in Search
- Don't search the web or display web results in Search over a metered connection
- Set what information is shared in Search
- Sync Your Settings (various policies)
- Disable Windows Error Reporting (various policies)
- Join Microsoft MAPS
- Sent file samples when further analysis is required
- Do not send a Windows error report when a generic driver is installed on a device
- Turn off Windows Customer Experience Improvement Program
- Turn off Windows Error Reporting
- Turn off Application Telemetry
- Turn off Inventory Collector
- Prevent participation in the Customer Experience Improvement Program
- Prevent Windows Media DRM Internet Access
- Prevent Music File Media Information Retrieval
- Prevent Music CD and DVD Media Information Retrieval
- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
An updated list of Windows 10 privacy settings is now in our wiki.
Many bloggers and journalists raised privacy concerns about Windows 10. Terry Myerson, Microsoft's Executive Vice President of the Windows and Devices Group, now reacted in a blog post to the critique. According to Myerson, Microsoft uses the data for “a personalized Windows experience” and to improve Windows 10.
Previous Windows versions also sent a lot of data to Microsoft and third parties. However, in Windows 10, new features such as Cortana and the search feature of the Start menu require that even more data is collected and sent across the Internet for further analysis.
You have to decide for yourself if you really need these Windows features and if it is worth the risk that one day your personal data might be used against your interests. Windows 10 offers myriad settings that help you protect your privacy. I recommend that you invest the time to find out if the default Windows 10 settings serve you best.
Windows 10 privacy settings
I believe that, in a corporate environment, these decisions should not be left to the end user. You can use Group Policy to disable many features that send information to Microsoft or third parties.
Below, I collected all Group Policy settings that I found in blogs and forums that are related to privacy in Windows 10. To make it easier for you to decide whether a policy is relevant for the privacy policy of your organization, I copied the part of the description that helps you understand what data is sent and to whom.
I wasn’t able to find all Group Policy settings that Windows 10 offers in its privacy settings. I added a question mark to the corresponding title and marked it in red. If you know these Group Policy settings, please share the information in a comment. I will then update the article. If you want to contribute to this ongoing project, you have various ways to search Group Policy settings.
In cases where I only found the corresponding Registry setting, I added this information instead of the Group Policy settings. This allows you to build your ADMX templates or deploy the setting with Group Policy Preferences. You can use tools such as the Sysinternals Process Monitor to find the Registry settings that belong to a particular Windows 10 setting.
Thus far, this list is in no particular order. The first part covers all the configurations from the Windows 10 privacy settings. Aside from the policy description, I also added the corresponding explanation in the Windows settings. In the second part, I added all the other privacy-related configurations I found on the web.
If you are aware of additional privacy-related settings, you can post a comment below. Please contribute to this project.
Windows 10 privacy settings
Turn off the advertising ID
Computer Configuration > Administrative Templates > System > User Profiles
This policy setting turns off the advertising ID, preventing apps from using the ID for experiences across apps.
Windows setting (Settings > Privacy > General):
Let apps use my advertising ID for experiences across apps
Configure Windows smartscreen
Computer Configuration > Administrative Templates > Windows Components > File Explorer
This policy setting allows you to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
Windows settings (Settings > Privacy > General):
Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use
Improve typing?
Windows settings (Settings > Privacy > General):
Send Microsoft info about how I write to help us improving typing and writing in the future
Registry key (according to this post):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Input\TIPC
Value name: Enabled
Value data: 0 or 1
Locally relevant content?
Windows settings (Settings > Privacy > General):
Let websites provide locally relevant content by accessing my language list.
Registry key (according to this post):
HKEY_CURRENT_USER\Control Panel\International\User Profile
Value name: HttpAcceptLanguageOptOut
Value data: 1 (disable the option)
Location on / off?
Windows settings (Settings > Privacy > General):
When location services for this account are on, apps and services you allow can request location and location history.
Location history?
Windows settings (Settings > Privacy > Location):
When location is on, the location obtained to meet the needs of your apps and services will be stored for a limited time on the device. Apps that have access to these stored location will appear below.
Camera?
Windows settings (Settings > Privacy > Camera):
Let apps use my camera
Microphone?
Windows settings (Settings > Privacy > Microphone):
Let apps use my microphone
Allow input personalization
Computer Configuration > Administrative Templates > Control Panel > Regional and Language Options
Automatic learning enables the collection of speech and handwriting patterns, typing history, contacts, and recent calendar information. It is required for the use of Cortana. Some of this collected information may be stored on the user's OneDrive, in the case of inking and typing; some of the information will be uploaded to Microsoft to personalize speech.
Windows settings (Settings > Privacy > Speech, inking, & typing):
Getting to know you
Windows and Cortana can get to know your voice and writing to make better suggestions for you. We’ll collect info like contacts, recent calendar events, speech and handwriting patterns, and typing history.
User management of sharing user name account picture and domain information with apps (not desktop apps)
Computer Configuration > Administrative Templates > System > User Profiles
This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information.
Windows settings (Settings > Privacy > Account Info):
Let apps access my name, picture, and other account info
Access contacts?
Windows settings (Settings > Privacy > Contacts):
Choose apps that can access contacts
Some apps need access to contacts to work as intended. Turning off an app here might limit what it can do.
Access calendar?
Windows settings (Settings > Privacy > Calendar):
Let apps access my calendar
Apps that can access calendar?
Windows settings (Settings > Privacy > Calendar):
Choose apps that can access calendar
Some apps need access to your calendar to work as intended. Turning off an app here might limit what it can do.
Read or send messages?
Windows settings (Settings > Privacy > Messaging):
Let apps read or send messages (text or MMS):
Apps that can read or send messages?
Windows settings (Settings > Privacy > Messaging):
Choose apps that can read or send messages
Some apps need to read or send messages to work as intended. Turning off an app here might limit what it can do.
Disable Radios?
Windows settings (Settings > Privacy > Radios):
Some apps use radio – like Bluetooth – in your device to send and receive data. Sometimes, apps need to turn these radios on or off to work their magic.
Let apps control radios
Apps that can control radios?
Windows settings (Settings > Privacy > Radios):
Choose apps that can control radios
Apps that you need your permission to control your radios will appear here. Go to the Store to get apps.
Sync info with wireless devices?
Windows settings (Settings > Privacy > Other devices):
Sync with devices
Let your apps automatically share and sync info with wireless devices that don’t explicitly pair with your PC, tablet, or phone.
Other wireless devices that share info?
Windows settings (Settings > Privacy > Other devices):
Other devices that allow you to control app access will appear here.
Feedback frequency?
Windows settings (Settings > Privacy > Feedback & diagnostics):
Windows should ask for my feedback
Registry key (according to this comment):
HKEY_CURRENT_USER\Software\Microsoft\Siuf\Rules\PeriodInNanoSeconds
HKEY_CURRENT_USER\Software\Microsoft\Siuf\Rules\NumberOfSIUFInPeriod
Allow Telemetry
Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview builds
This policy setting determines the amount of diagnostic and usage data reported to Microsoft. A value of 0 indicates that no telemetry data from OS components is sent to Microsoft.
Windows settings (Settings > Privacy > Feedback & diagnostics):
Diagnostic and usage data - Send your device data to Microsoft
This option control the amount of Windows diagnostic and usage data sent to Microsoft from your device.
Apps running in the background?
Let apps run in the background
Choose which apps can receive info, send notifications, and stay up-to-date even when you’re not using them. Turning off background apps can help conserve power.
Other privacy settings
Prevent the usage of OneDrive for file storage
Computer Configuration > Administrative Templates > Windows Components > OneDrive
This policy setting lets you prevent apps and features from working with files on OneDrive.
Turn off Active Help
Computer Configuration > Administrative Templates > Windows Components > Online Assistance
This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.
Allow Cortana
Computer Configuration > Administrative Templates > Windows Components > Search
When Cortana is off, users will still be able to use search to find things on the device and on the Internet.
Allow indexing of encrypted files
Computer Configuration > Administrative Templates > Windows Components > Search
If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply).
Allow search and Cortana to use location
Computer Configuration > Administrative Templates > Windows Components > Search
If this is enabled, search and Cortana can access location information.
Do not allow web search
Computer Configuration > Administrative Templates > Windows Components > Search
Enabling this policy removes the option of searching the Web from Windows Desktop Search.
Don't search the web or display web results in Search
Computer Configuration > Administrative Templates > Windows Components > Search
If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web, and if the web results are displayed in Search.
Don't search the web or display web results in Search over a metered connection
Computer Configuration > Administrative Templates > Windows Components > Search
If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web over metered connections, and if the web results are displayed in Search.
Set what information is shared in Search
Computer Configuration > Administrative Templates > Windows Components > Search
This policy setting allows you to control what information is shared with Bing in Search.
Sync Your Settings (various policies)
Computer Configuration > Administrative Templates > Windows Components
Prevent syncing to and from this PC. This turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.
Disable Windows Error Reporting (various policies)
Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting
This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
Join Microsoft MAPS
Computer Configuration > Administrative Templates > Windows Components > Windows Defender > MAPS
Microsoft MAPS is the online community that helps you choose how to respond to potential threats. You can choose to send basic or additional information about detected software. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent.
Sent file samples when further analysis is required
Computer Configuration > Administrative Templates > Windows Components > Windows Defender > MAPS
This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set.
Do not send a Windows error report when a generic driver is installed on a device
Computer Configuration > Administrative Templates > System > Device Installation
Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure.
Turn off Windows Customer Experience Improvement Program
Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings
The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns.
Turn off Windows Error Reporting
Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings
Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product.
Turn off Application Telemetry
Computer Configuration > Administrative Templates > Windows Components > Application Compatibility
Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.
Turn off Inventory Collector
Computer Configuration > Administrative Templates > Windows Components > Application Compatibility
The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.
Prevent participation in the Customer Experience Improvement Program
Computer Configuration > Administrative Templates > Windows Components > Internet Explorer
This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).
Prevent Windows Media DRM Internet Access
Computer Configuration > Administrative Templates > Windows Components > Windows Media Digital Rights Management
When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.
Prevent Music File Media Information Retrieval
User Configuration > Administrative Templates > Windows Components > Windows Media Player
This policy setting allows you to prevent media information for music files from being retrieved from the Internet.
Prevent Music CD and DVD Media Information Retrieval
User Configuration > Administrative Templates > Windows Components > Windows Media Player
This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.
An updated list of Windows 10 privacy settings is now in our wiki.
Hi Michael,
just came per accident to your homepage. Thank you and very good.
Without any intention one may also pay attention to the registry entries:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener]
….
"Start"=dword:00000004 (this value ("4"), as a rule of thumb, is always set to "1" again after an update)
**********************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\CloudExperienceHostOobe]
*********************************
the to my opinion relevant folders regarding collecting unasked information, etc. may be found in
C:\ProgramData\Microsoft\Diagnosis\ETLLogs
C:\Windows\System32\LogFiles\WMI
(the therein contained folder "RtBackup" you cannot access (even) with the original admin account. you have to take over rights.)
This only for information.
kindest regards from Germany
Jan
Jan, thanks a lot for the info!
Hi there,
just found some other registry(settings), which may be helpful. And you may kindly have a look at
https://static.ernw.de/whitepaper/ERNW_Newsletter_52_Win10_Priv_v1.0_signed.pdf
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Workpackage4_Telemetry.pdf?__blob=publicationFile&v=4
+NOTE+
one fundamental/universal trick of WIN10 is, that the auto-repair-function (which is/maybe found in the foulder C:\Windows\diagnostics\system) re-enables nearly all settings which one has done to prevent telemetry. They're not stupid 🙂
Secondly, the appropriate settings/folders are in most cases not editable or you don't have access even with the build-in admin account. So in these cases you have to right click on the folder/file and gain access through the appropriate settings (per definition it's Trusted Installer & System). And also in this case, you may recognize that the original rights management is re-enabled after a specific time.
You may have a look at the powershell scripts ect. in the above mentioned folder, so you may see what I mean. (with Notepad++, e.g.)
Your trick may be a hirarchical one. You cannot delete telemetry or set the appropriate settings successfully FOREVER! but you can go one level higher and delete/disable the build-in repair funtions, which set the values to default again.
A few things more I did
(i) I deleted (!) under "Control Panel" "scheduled tasks" (Windows Task Scheduler) the -to my opinion at least two essential tasks, which were (i) Diagtrack (ii) something like "Capture…" which seems to me makes screenshots (of whatever?) / NOTE if you only disable them (the scheduled tasks), they will be re-enabled again after a specific time. At least, the system critical ones ;-), ok, everything's clear
You also may have a look at
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagTrack
the DWORD "start" must be set to "4" (anytime!) (see e.g. https://docs.microsoft.com/de-de/windows/application-management/per-user-services-in-windows , i.e. "Ändern Sie die Werte Daten von 00000003 in 00000004 , und klicken Sie auf OK. Hinweis Das Festlegen der Wertdaten auf 4ist = deaktiviert." in english: ….set the value from 00000003 to 00000004 and click o.k. Note: setting the value to 4 = deactived.
last but not least….two folders/settings I came accross and if I read the name, I could guess for what they are meant for (if you work e.g. in a company with (very) sensitive information you may understand that principle, and always the rule "need to know principle" (Clearance). So you theoretically are allowed/can gain knowledge about something, but what is that for an added value for the other side. None! The only thing (disadvantage) is, that you get knowledge about something sensible and then you -in the worst case- question things. Finally you're not controllable and governable anymore. An apocalyptical vision for every government/politician, ALSO FOR democratic ones like Germany/USA/…. Sorry, ok back…
(i) the folder: C:\Windows\SystemApps\InputApp_cw5n1h2txyewy
"WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe"
and
(ii) Microsoft.Windows.CapturePicker_cw5n1h2txyewy (this is the task, which I mentioned above)
Both found in the foulder "C:\Windows\SystemApps".
Finally it is left on your own what one beliefes or not. There's NO right or wrong. My humble person does not trust anybody in this whatsoever created non-linear universe, except myself and animals. I am stupid as hell, but one thing I know, as the very last I trust a government/security agencies/politicians.
To sum up: don't be confused and you shouldn't. Look at it in a rational but equaly relaxed and non-compulsive sense, otherwise you will get crazy. All settings are for nothing when there's a a new version and you have a Win.old folder on your C:\ drive.
https://en.wikipedia.org/wiki/Sisyphus
Have fun 🙂
best wished
Jan, Gemany