Windows 10 Privacy Guide - Anniversary Update

For Windows 10 1903 (May 2019 update), use this guide instead.


Let's be honest: Windows 10 is AWESOME, but it has raised several privacy concerns because it has several online features that are flat out malware, such as Windows Defender and Telemetry, both of which send your data (sensitive and not) to Microsoft and can't be disabled. Windows Update also can't be disabled... which means Microsoft can:

  • Run software on your computer without your consent
  • Get data from your computer without your consent
  • Remove software and files from your computer without your consent
This fully qualifies Windows 10 as a botnet, which is a type of malware, and this Anniversary Update made it even worse.

Fortunately, all these "features" can be removed relatively easily by experienced users by following this guide.
Let's see how!

Do not use "Express settings"

At the end of the setup process, it will ask you to use Express settings or customize them. Choose customize and disable everything, then create a local account and don't activate Cortana.

Let it download all the updates

Once you get to the desktop, open the settings, go to updates, and let it download all the updates. Reboot and repeat until no more updates are available.
This is important because Windows Update may interfere with our activities.

Now open the Store app, and let it download updates too.
Again, this is important because it may interfere with our activities.
This may take some time, and it may even get stuck. If it happens, reboot and try again.

Now that the system is fully updated, make sure Windows is activated with your license (or your favorite crack, such as KMSPico).

Remove everything you can

Open the start menu and remove all the applications. Some of them, such as Microsoft Edge, will not have an uninstall option; we'll remove them later.
What's important now is to remove all the OEM software and the shitty games like Candy Crush and Farmville.

Power tools

Here's what we need:

  • Install_Wim_Tweak: Make a folder on your desktop, and extract this archive. This is an amazing tool that can obliterate entire Windows components with simple commands

Open that folder on your desktop and run a command prompt as administrator.

We will also need PowerShell, so click start, type PowerShell and run it as administrator

Removing Windows defender

In the command prompt, type:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1
install_wim_tweak /o /c Windows-Defender /r

This will take 1-2 minutes. After that, reboot and reopen our command prompt and PowerShell, because we're not done yet.

Windows will keep reminding us that the system is unprotected. Right click start, open the Control Panel, go to Security, then Security and Maintenance, and turn off messages about virus protection and SmartScreen.

Time to annihilate some features

We will use our command prompt and PowerShell to remove everything we can.
The commands in green are for the command prompt; the ones in blue are for PowerShell.

Windows Store
Get-AppxPackage *store* | Remove-AppxPackage
install_wim_tweak /o /c Microsoft-Windows-ContentDeliveryManager /r
reg add "HKLM\Software\Policies\Microsoft\WindowsStore" /v RemoveWindowsStore /t REG_DWORD /d 1
reg add "HKLM\Software\Policies\Microsoft\WindowsStore" /v DisableStoreApps /t REG_DWORD /d 1
Music, TV, ...
Get-AppxPackage *zune* | Remove-AppxPackage

Additionally, you should remove Windows Media Player: Right click start, select "Programs and Features", then on the left "Turn Windows features on or off", untick "Media Features" and confirm.

Alternatives: MPC-HC | VLC | MPV

Get-AppxPackage *xbox* | Remove-AppxPackage
Get-AppxPackage -AllUsers *xbox* | Remove-AppxPackage

You can ignore any error that pops up

install_wim_tweak /o /c Microsoft-Xbox-GameCallableUI /r
sc delete XblAuthManager
sc delete XblGameSave
sc delete XboxNetApiSvc
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v AllowGameDVR /t REG_DWORD /d 0 /f
Sticky notes
Get-AppxPackage *sticky* | Remove-AppxPackage

Alternatives: Notebot

Get-AppxPackage *maps* | Remove-AppxPackage
sc delete MapsBroker
sc delete lfsvc
Alarms and Clock
Get-AppxPackage *alarms* | Remove-AppxPackage
Get-AppxPackage *people* | Remove-AppxPackage
Mail, Calendar, ...
Get-AppxPackage *comm* | Remove-AppxPackage
Get-AppxPackage *mess* | Remove-AppxPackage

Alternatives: Thunderbird

Get-AppxPackage *onenote* | Remove-AppxPackage
Get-AppxPackage *photo* | Remove-AppxPackage

Alternatives: JPEGView, or the old Windows Photo Viewer

Camera (if you don't have a camera)
Get-AppxPackage *camera* | Remove-AppxPackage
Weather, News, ...
Get-AppxPackage *bing* | Remove-AppxPackage
Calculator (Not recommended)
Get-AppxPackage *calc* | Remove-AppxPackage

Alternatives: SpeedCrunch

Sound Recorder
Get-AppxPackage *soundrec* | Remove-AppxPackage

Alternatives: Audacity

Microsoft Edge (Not recommended)
install_wim_tweak /o /c Microsoft-Windows-Internet-Browser /r
install_wim_tweak /o /c Adobe-Flash /r

Additionally, you should remove IE11: Right click start, select "Programs and Features", then on the left "Turn Windows features on or off", untick Internet Explorer 11 and confirm.

Alternatives: Firefox | Chromium

Contact Support
install_wim_tweak /o /c Microsoft-Windows-ContactSupport /r
install_wim_tweak /o /c Microsoft-PPIProjection-Package /r

Reboot the system. Hopefully everything is still in place.

Disabling Cortana

With the Anniversary Update, Microsoft hid the option to disable Cortana.
Warning: Do not attempt to remove the Cortana package using install_wim_tweak or the PowerShell, as it will break Windows Search and you will have to reinstall Windows!
Open our command prompt again and use this command:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AllowCortana /t REG_DWORD /d 0

Reboot again and Cortana is gone. The icon is still there, but it will open the regular search instead.

More tweaking

Open the command prompt again and get ready to type

Turn off Windows Error Reporting

We will remove the service later, but in case an update reinstalls it, this will at least keep it turned off

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v Disabled /t REG_DWORD /d 1
No more forced updates

This will notify when updates are available, and you decide when to install them

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 2
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallDay /t REG_DWORD /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallTime /t REG_DWORD /d 3
No license checking

By default, Windows will check your license every time you turn on your PC, this will prevent it

reg add "HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v NoGenTicket /t REG_DWORD /d 1
Disable sync

It doesn't really affect you if you're not using a Microsoft Account, but it will at least disable the Sync settings from the Settings app

reg add "HKLM\Software\Policies\Microsoft\Windows\SettingSync" /v DisableSettingSync /t REG_DWORD /d 1
reg add "HKLM\Software\Policies\Microsoft\Windows\SettingSync" /v DisableSettingSyncUserOverride /t REG_DWORD /d 1
No Windows Tips
reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v DisableSoftLanding /t REG_DWORD /d 1
reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v DisableWindowsSpotlightFeatures /t REG_DWORD /d 1
reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v DisableWindowsConsumerFeatures /t REG_DWORD /d 1
reg add "HKLM\Software\Policies\Microsoft\Windows\DataCollection" /v DoNotShowFeedbackNotifications /t REG_DWORD /d 1

Reboot the system and reopen our command prompt for the next step.

Removing OneDrive

If you don't use OneDrive (and you shouldn't), you can remove it from your system with these commands, entered in the command prompt:

taskkill /F /IM onedrive.exe

If you're on 32 bit Windows:

"%SYSTEMROOT%\System32\OneDriveSetup.exe" /uninstall

If you're on 64 bit Windows:

"%SYSTEMROOT%\SysWOW64\OneDriveSetup.exe" /uninstall

Now reboot, and reopen the command prompt:

rd "%USERPROFILE%\OneDrive" /Q /S
rd "C:\OneDriveTemp" /Q /S
rd "%LOCALAPPDATA%\Microsoft\OneDrive" /Q /S
rd "%PROGRAMDATA%\Microsoft OneDrive" /Q /S
REG DELETE "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
REG DELETE "HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

Don't worry if some of these commands fail, it is normal if you haven't used OneDrive.

Reboot once again, and get reopen the command prompt for the next step

Removing Telemetry and other unnecessary services

First, click start, type "Services" and open it. You will find a huge list of Windows Services, most of which are fine and safe, but others send data to Microsoft.
Find a service called CDPUserSvc_xxxxx, where xxxxx are 5 randomly generated character (yes, Windows is using literal malware techniques to prevent automated removal of this trash). Write down these 5 characters.

And now it's time to punch in some commands to delete them:

sc delete DiagTrack
sc delete dmwappushservice
sc delete WerSvc
sc delete CDPUserSvc
sc delete CDPUserSvc_xxxxx
sc delete OneSyncSvc
sc delete OneSyncSvc_xxxxx
sc delete MessagingService
sc delete MessagingService_xxxxx

Reboot, press Win+R, type regedit, press enter, and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Here we need to delete the following keys:

  • PimIndexMaintenanceSvc
  • PimIndexMaintenanceSvc_xxxxx
  • DPS
  • UserDataSvc
  • UserDataSvc_xxxxx
  • UnistoreSvc
  • UnistoreSvc_xxxxx

You may also find traces of the previously removed services: if you do, delete them

Some of the keys that we have to delete are "protected" by messed up permissions. To delete them, you must fix them, here' a video showing how to do it:

Right click the key and select Permissions, then click Advanced, change the Owner to your username, check "Replace owner on subcontainers and objects" and "Replace all child object permission entries with inheritable permission entries from this object", if inheritance is enabled, disable it and convert to explicit permissions, apply, remove all the permission entries and add one for your username with Full control, confirm everything and delete the key.

You guessed it, reboot!

Last but not least, we also need to remove Microsoft Compatibility Telemetry. This process does more than spying on you, it's also a resource hog when it's running, especially if you don't have an SSD.
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe" /v Debugger /t REG_SZ /d "%windir%\System32\taskkill.exe" /f

Last touches

We must disable Windows Spotlight, and other "Suggestions".
Open the settings, go to Personalization, then Lock screen, and choose Picture instead of Windows Spotlight, turn off the "Fun facts" too.

In the Start menu settings, turn off "Occasionally show suggestions in start". They're literally ads.

Protect your wifi network from your friends!

If you give your Wifi password to a friend who has Wifi Sensor turned on (it was turned on by default in the previous versions of Windows 10), it will share your password with his Skype, Outlook, ... contacts, which means your Wifi password will be sent to Microsoft.
You can disable this by adding _optout to the name of your network.

Last line of defense: use a firewall!

For some applications (such as the settings app), the only way to prevent them from reporting data is to block them with a firewall. This is why you should use a small firewall software, such as TinyWall to block all traffic except the one you explicitly allow.
Personally, I allow Windows Update, Network discovery and sharing, DHCP, DNS, my web browser and nothing more. This will limit the traffic of undesired applications to DNS queries, they won't be able to send or receive anything.
Setting up the firewall may take some time, but you'll be as safe as you could possibly be when using Windows. Tinywall's autolearn feature is very useful when you install a new application: it will learn its patterns and allow them through the firewall
One thing to know however is that at the moment you cannot allow/block individual UWP apps using a firewall. Blocking WWAHost.exe (recommended) will block all of them, while allowing it will allow all of them to go through. Microsoft Edge is the only exception and has its own exe files.

Congratulations! Your copy of Windows is now Debotnetted!

Things will change in the future, and I'll do what I can to keep this guide updated.
As of January 2017, this guide works on Windows 10 Pro.

Can Windows revert these changes?

There are a few things that can revert the changes we made here:

  • Major updates: when a major update is installed it's like reinstalling Windows. It keeps your programs and settings but the system is reinstalled, and all the botnet with it. Major updates usually come out every 8-12 months. I will keep the guide updated every time a new major update comes out.
  • Some minor updates: some updates will update Game DVR, as well as the Microsoft Compatibility Telemetry, thus reinstalling them if you removed them, so you will have to remove them again. These updates usually come out every 2 months and are the ones that take a long time to download and install. Nothing else will not be restored.
  • Using sfc /scannow: this command checks system files for integrity. If you run it, it will reinstall Game DVR and Microsoft Compatibility Telemetry
  • Using dism /Online /Cleanup-Image /RestoreHealth: if you run this command, it will revert almost all changes
  • Using System Restore: if you go back to before the changes were made, it will revert them of course

Share this article