Windows 10 has raised several concerns about privacy due to the fact that it has a lot of telemetry and online features. In response to these concerns, Microsoft released a document explaining exactly what data they collect. Most of it seems pretty legit stuff, but still, if you don't trust them, here's how to prevent Windows 10 from sending all your data to Microsoft.
Please note that not all of these changes can be reverted. If you mess up, you'll have to reinstall Windows.
Last update: July 25, 2017
Do not use the default settings
At the end of the setup process, create a local account, don't use Cortana and turn off everything in the privacy settings.
If you already installed Windows with the default settings, go to Start > Settings > Privacy to turn them off. You should also go to Account and disconnect your Microsoft account because this guide will prevent it from working properly.
Let it download all the updates
Once you get to the desktop, go to Settings > Updates and security, and let it download all the updates. Reboot and repeat until no more updates are available.
This is important because Windows Update may interfere with our activities.
Now open the Store app, and let it download updates too.
Again, this is important because it may interfere with our activities.
This may take some time, and it may even get stuck. If it happens, reboot and try again.
Now that the system is fully updated, make sure Windows is activated with your license (or KMSPico).
Remove everything you can
Open the start menu and remove all the applications. Some of them, such as Microsoft Edge, will not have an uninstall option; we'll remove them later.
What's important now is to remove all the OEM software and the shitty games like Candy Crush and Minecraft.
Here's what we need:
Install_Wim_Tweak: Download this archive and extract it to C:\Windows\System32. This is an amazing tool that can obliterate entire Windows components with simple commands
We need a command prompt, so click start, type cmd and run it as administrator
We will also need PowerShell, so click start, type PowerShell and run it as administrator
This will take 1-2 minutes. After that, reboot and reopen our command prompt and PowerShell.
Windows will keep reminding us that the system is unprotected. Click Start, type Control Panel and open it, go to System and Security > Security and Maintenance, and turn off messages about virus protection.
Unfortunately, the Windows Defender icon is still present in the start menu, although it does nothing. I have yet to find a way to remove it.
We will use our command prompt and PowerShell to remove everything we can.
The commands in green are for the command prompt; the ones in blue are for PowerShell.
Reboot the system. Hopefully everything is still in place.
With the Anniversary Update, Microsoft hid the option to disable Cortana. Warning: Do not attempt to remove the Cortana package using install_wim_tweak or the PowerShell, as it will break Windows Search and you will have to reinstall Windows!
Open our command prompt again and use this command:
Don't worry if some of these commands fail, it is normal if you never used OneDrive.
Reboot once again, and reopen the command prompt for the next step
Removing Telemetry and other unnecessary services
First, click start, type "Services" and open it. You will find a huge list of Windows Services, most of which are fine and safe, but others send data to Microsoft.
Find a service called Contact Data_xxxxx or CDPUserSvc_xxxxx, where xxxxx are 5 randomly generated characters (yes, Windows is using literal malware techniques to prevent automated removal of this trash).
Write down these 5 characters.
Press Win+R, type regedit, press enter, and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Here we need to delete the following keys:
xbgm (If you removed the Xbox stuff)
Some of those keys are "protected" by messed up permissions. To delete them, you must fix them, here's a video showing how to do it:
Right click the key and select Permissions, then click Advanced, change the Owner to your username, check "Replace owner on subcontainers and objects" and "Replace all child object permission entries with inheritable permission entries from this object", if inheritance is enabled, disable it and convert to explicit permissions, apply, remove all the permission entries and add one for your username with Full control, confirm everything and delete the key.
Last but not least, we also need to remove Microsoft Compatibility Telemetry. This process does more than spying on you, it's also a resource hog when it's running, especially if you don't have an SSD.
We must disable Windows Spotlight, and other "Suggestions".
Go to Start > Settings > Personalization:
Under Lock screen and set the background to Picture
Under Start set Occasionally show suggestions in Start to off (They're literally ads)
Go back to Settings and go to System > Notifications and actions
Set Get tips, tricks, and suggestions as you use Windows to off
Set Show me the Windows welcome... to off
Go back to Settings and go to Privacy
Under General, set Let Windows track app launches... to off
Under App diagnostics, set Let apps access diagnostic information to off
Protect your wifi network from your friends!
If you give your Wifi password to a friend who has Wifi Sensor turned on (it was turned on by default in the previous versions of Windows 10), it will share your password with his Skype, Outlook, ... contacts, which means your Wifi password will be sent to Microsoft.
You can disable this by adding _optout to the name of your network.
Optional: use a firewall!
For some applications (such as the settings app), the only way to prevent them from reporting data is to block them with a firewall. This is why you should use a firewall, such as TinyWall to block all traffic except what you explicitly allow.
Personally, I allow Windows Update, Network discovery and sharing, DHCP, DNS, my web browser and nothing more. This will limit the traffic of undesired applications to DNS queries, they won't be able to send or receive anything.
Setting up the firewall may take some time, but you'll be as safe as you could possibly be when using Windows. Tinywall's autolearn feature is very useful when you install a new application: it will learn its patterns and allow them through the firewall
A big limitation of Tinywall, if you decide to use it, is that you cannot allow/block individual UWP apps (for instance, allow Facebook but not Candy Crush). Blocking WWAHost.exe (recommended) will block all of them, while allowing it will allow all of them to go through. Microsoft Edge is the only exception and has its own exe files. The same thing happens if you use the UNIX subsystem, there is no way to block specific applications.
Congratulations! Your copy of Windows is now Debotnetted!
Things will change in the future, and I'll do what I can to keep this guide updated.
As of May 2017, this guide works on Windows 10 Pro.
Can Windows revert these changes?
There are a few things that can revert the changes we made here:
Major updates: when a major update is installed it's like reinstalling Windows. It keeps your programs and settings but the system is reinstalled, and all the botnet with it. Major updates usually come out every 8-12 months. I will keep the guide updated every time a new major update comes out.
Some minor updates: some updates will update Game DVR, as well as the Microsoft Compatibility Telemetry, thus reinstalling them if you removed them, so you will have to remove them again. These updates usually come out every 2 months and are the ones that take a long time to download and install. Nothing else will not be restored.
Using sfc /scannow: this command checks system files for integrity. If you run it, it will reinstall Game DVR and Microsoft Compatibility Telemetry
Using dism /Online /Cleanup-Image /RestoreHealth: if you run this command, it will revert almost all changes
Using System Restore: if you go back to before the changes were made, it will revert changes