X
Tech

​How to secure Windows 10: The paranoid's guide

Worried sick over Windows 10's privacy settings? There's a lot you can do to lock them down, but you will lose some functionality along the way.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Just because you're paranoid doesn't mean that they're not out to get you.

With some work you can lock Windows 10 privacy settings down but at the cost of some functionality. PinboxThat said, I think some people's fears about Microsoft looking over your shoulder are over-the-top. And, I speak as someone who looks at Microsoft with a great deal of suspicion.

What you need to realize is that Microsoft has made Windows 10 both a desktop and a cloud operating system. Adding cloud functionality means that when you run Windows 10 you'll be sharing far more information with Microsoft and its partner customers than ever before.

For example, while Windows 10 doesn't have a keylogger it does collect your keystrokes and voice to improve spell-checking and voice recognition. Before having a fit about this, keep in mind that every cloud-based software-as-a-service (SaaS) program does this to one degree or another. Google Docs, Apple's Siri, Office 365, whatever -- they all collect not just your final words but every keystroke and spoken syllable that went into making those words.

It's another case with Wi-Fi Sense. You don't need to be afraid that Wi-FI Sense will let any of your Skype, Outlook, or Hotmail contacts use your Wi-Fi network without your permission. Yes, Wi-Fi Sense is on by default, but take a closer look. It doesn't permit anyone to use any of your Wi-FI networks without your specific permission.

Locking down Windows 10

Still don't trust these new "features?" I can't blame you. This is not the Windows you've known and used for years. This is a Windows that exists both on your PC and in Microsoft's cloud. Here's how to lock down Windows 10 and make it more of a PC-centric operating system.

First, head to Settings/Privacy. There you will find no fewer than 13--count 'em, 13--different privacy settings screens. The major settings are under the 'General' screen. The other screens are concerned with which apps can and can't access your calendar, camera, messages, microphone and so on.

On the General screen, you'll see your Advertising ID. This is your unique ID number. Think of it as being like a web cookie and you won't be far wrong. It's used to identify you to Windows apps advertisers. So, for instance, if you're a big Dallas Cowboy fan, you can count on seeing ads for Cowboys gear. Microsoft claims it doesn't link this ID with your name, email address, or other personal information.

Of course, they don't need to. Any company that does modern web advertising is going to have you pinned down with our without this ID. Welcome to the 21st century. Personally, I've already turned it off.

If you're still concerned about keylogging, head to Privacy/Speech, inking & typing. Think long and hard about whether to use Microsoft's "Getting to know me" improvements. Steve Hoffenberg, VDC Research's Director of IoT & Embedded Technology worries, for instance, that these Windows 10's "features" violate Health Insurance Portability and Accountability Act (HIPAA) privacy requirements. If his fears are valid, this means medical offices and health insurance companies should turn off this Windows 10 setting.

I doubt he's right, but I'm no lawyer. Even so, were I working with transactions that fall under Sarbanes- Oxley (SOX), Gramm-Leach-Bliley (GLB), or HIPAA, I'd turn off this feature, and its related setting, "Windows 10 Input Personalization." Better safe than sorry.

Be aware, however, that if you turn off the "Getting to know me," this will also disable both dictation and Windows 10's voice-activated assistant Cortana,

Next, you'll want to use "Manage my Microsoft advertising and other personalization info" to decide on whether you want advertisers to show you ads based on your browsing history and interests. Better still, skip that page and head directly to Microsoft personalized ad preferences and opt out of everything. Advertisers already know far too much about me as it is.

You'll also want to look at each individual setting page to make sure that Microsoft and Windows have just as much access as you feel comfortable with. So, of course you want Windows' Calendar app to access your calendar data (obv) -- but share it with advertisers via App connector? I don't think so!

Be sure to go through each setting even if you don't think they'll matter. By default, each and every privacy setting is set to give Microsoft and friends the maximum possible access. This is not a good thing.

Moving on: Head to the Location settings and turn them off. While your PC probably doesn't have a GPS like your smartphone, you'd be amazed at how accurately your location can be pinned down using Wi-Fi access points and IP address. I've never been comfortable with letting anyone track me and I turn location off on every device I own except when I need GPS directions.

If you turn off location services, though, you won't be able to fully use Cortana. That's annoying because Cortana is one of Windows 10's best features. It's helpful to just ask your computer a question and get useful, personalized answers. But like its older relatives, Siri and Google Now, for Cortana to show to its best advantage it needs access to an enormous amount of personal data. For instance, Cortana must have locations services on. Cortana also watches pretty much everything you write, say and do on your PC. For example, it keeps track of your flights by detecting "tracking info, such as flights, in messages on my device."

That's both incredibly handy and incredibly creepy. If you find it more disturbing than useful, head to Cortana's settings, under Cortana and Search, and turn off everything there that doesn't pass the smell test. Cortana will be less useful, but you'll get more privacy.

Another approach to locking down Windows 10 is the open-source "Disable Windows 10 Tracking." This brand-new program claims that it disables telemetry collection, certain Windows services, and other tracking. At this point, this is a bare-bones program and only Windows experts should use it.

Still not private enough for you? Then don't use Windows 10, Chrome OS, iOS, Android, or any other system that's tied closely into the cloud. Instead, use Linux as your desktop operating system. By default, Linux is the only mainstream operating system that still relies primarily on true desktop apps.

Not ready for such a radical move? Well, actually, it's not that radical. If you can use Windows, trust me, you can use Linux distributions such as Ubuntu 15.04 or Mint 17.2.

Windows 10 Privacy: Step by step

Otherwise, get busy locking down Windows 10. Good luck.

Related Stories

Editorial standards