Windows 11 privacy tools


Win11help

New member
Local time
12:39 PM
Posts
8
OS
Windows 11
Hello, I went through a thread that talks about different tools to disable telemetry of Windows 11.

I'm not sure which one I should use?






Also, this youtube video:

Or perhaps a combination of those?

If you have a strong opinion on how we don't have privacy online, thanks in advance for staying on topic :)
 

My Computer

System One

  • OS
    Windows 11
Use them all, I’ll find some others for you also.

Look they all pretty much do the same thing so it doesn’t really matter, not really. And regardless of if you want to hear it or not, they are ALL (in my opinion) a false sense of security. They prey on the unknowing and the paranoid. Sure they’ll have some effect but ultimately… nah, not really.
I’d like to add, you can’t post a thread in here and expect people to tell you what you want to hear just to make you feel warm and fuzzy, some of us members have a conscience.
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 Build: 22631.3880
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    4 x LG 23MP75 1 x 24" LG M38H 1 x 32" LF6300 TV Monitor 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    2 x WD something Something 8TB HDD's / 2 x WD something Something 4TB HDD's / 1 x EVO 1TB SSD / 2 x QVO 1TB SSD's / 1 x EVO 250 GB SSD / 2 x QVO 1TB (External Hub) / 1 x EVO 1TB (Portable Backup Case)
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    100/40Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 22621.2215
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Graphics processor is an Intel Iris Xe
    Sound Card
    optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Other Info
    …still on a horse.
There are different kinds of Telemetry. First you need to understand the different categories of Telemetry and then you can decide which ones you consider unacceptable.
  • Device specifications and health
  • App usage and performance
  • Error reports and crash dumps
  • Feedback and ratings
  • Browser history and search queries
  • Location and activity history
  • Advertising ID and interests
[Source: geekforgeeks.org]

For a start, I always allow error diagnostics and reporting as that gives OS users like me a voice. But there are options and levels of data collection if it is inconvenient for your organisation.


Second, I never allow detect location in my browser or on websites, unless I am on my mobile.

Website activity history allows websites to improve their website, so I allow that as fair usage. Advertising is weird. I don't like people flogging stuff that I don't want, but there again some websites say they need advertising to fund their activity, so I allow it if I use that website.

Website push notifications I usually disable, except for this site, as I am rarely on most sites long enough to benefit from such notifications.

Feedback and ratings I usually ignore for myself however I've also recommended it for people who have discovered OS bugs or some other OS behavioural problem. So that stays.

App usage I always review on an app by app basis. On Android I can select for app to use specific data "only once." On windows, I always check to see which app has access to my camera. And so on. So far, I find developers are being fair. I can leave negative feedback on the App Store, if I discover something I do not like.

If you want to make decisions that are different to me, the these good articles cover most issues of concern:




Telemetry essentially means the OS have inevitably become more dependent on the Internet. that is what makes it possible. The Internet serves me in my way, and I think that Internet Telemetry serves the other organisations in their way. But yes, review each one individually and decide whether their requests are fair or acceptable for your organisation.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 5600
    Motherboard
    MSI B550-A Pro
    Memory
    16 GB
    Graphics Card(s)
    Sapphire Radeon RX 6500XT (8 GB version)
    Monitor(s) Displays
    BenQ Mobuiz EX2710Q QHD, Iiyama ProLite X23377HDS
    Hard Drives
    MSI Spatium M461 4TB
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Acer A114
    CPU
    Intel Celeron N4020

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 Build: 22631.3880
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    4 x LG 23MP75 1 x 24" LG M38H 1 x 32" LF6300 TV Monitor 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    2 x WD something Something 8TB HDD's / 2 x WD something Something 4TB HDD's / 1 x EVO 1TB SSD / 2 x QVO 1TB SSD's / 1 x EVO 250 GB SSD / 2 x QVO 1TB (External Hub) / 1 x EVO 1TB (Portable Backup Case)
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    100/40Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 22621.2215
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Graphics processor is an Intel Iris Xe
    Sound Card
    optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Other Info
    …still on a horse.
I don't use VPNs . Although they provide privacy by bypassing detection in my country they also put me in a situation where my activities are judged by a foreign country. I could unwittingly break their laws and get extradited, and I am not bothered to research their laws. So tough luck to VPNs :weary:.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 5600
    Motherboard
    MSI B550-A Pro
    Memory
    16 GB
    Graphics Card(s)
    Sapphire Radeon RX 6500XT (8 GB version)
    Monitor(s) Displays
    BenQ Mobuiz EX2710Q QHD, Iiyama ProLite X23377HDS
    Hard Drives
    MSI Spatium M461 4TB
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Acer A114
    CPU
    Intel Celeron N4020
they also put me in a situation where my activities are judged by a foreign country
Can’t win any way we try.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 Build: 22631.3880
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    4 x LG 23MP75 1 x 24" LG M38H 1 x 32" LF6300 TV Monitor 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    2 x WD something Something 8TB HDD's / 2 x WD something Something 4TB HDD's / 1 x EVO 1TB SSD / 2 x QVO 1TB SSD's / 1 x EVO 250 GB SSD / 2 x QVO 1TB (External Hub) / 1 x EVO 1TB (Portable Backup Case)
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    100/40Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 22621.2215
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Graphics processor is an Intel Iris Xe
    Sound Card
    optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Other Info
    …still on a horse.
Also, this youtube video:
You can just use DNS and manage it from there with stats what is blocked/allowed without a slowdown.
You can have separate profiles for Windows and browsers and block anything to your heart's content.
 

Attachments

  • capture_05112024_154332.jpg
    capture_05112024_154332.jpg
    101.5 KB · Views: 7
  • capture_05112024_154350.jpg
    capture_05112024_154350.jpg
    100.9 KB · Views: 4

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 & No fTPM (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1E & IFX TPM (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC @48FPS (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB & 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm (07/19)
    Keyboard
    HP Wired Desktop 320K + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    400/40 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Notifier: Xiaomi Mi Band 7 NFC (05/24)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
Ultimate Windows Tweaker 5.1
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming F16 (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
I don't use VPNs . Although they provide privacy by bypassing detection in my country they also put me in a situation where my activities are judged by a foreign country. I could unwittingly break their laws and get extradited, and I am not bothered to research their laws. So tough luck to VPNs :weary:.
Nonsense.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
I don't block Windows telemetry (except what can be disabled in the interface) and I don't use programs unless it's clear what they do.
You can try the Windows Firewall add-on, for example SimpleWall
1.jpg
 

My Computer

System One

  • OS
    Microsoft Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI MS-7D98
    CPU
    Intel Core i5-13490F
    Motherboard
    MSI B760 GAMING PLUS WIFI
    Memory
    2 x 16 Patriot Memory (PDP Systems) PSD516G560081
    Graphics Card(s)
    GIGABYTE GeForce RTX 4070 WINDFORCE OC 12G (GV-N4070WF3OC-12GD)
    Sound Card
    Bluetooth Аудио
    Monitor(s) Displays
    INNOCN 15K1F
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD_BLACK SN770 250GB
    KINGSTON SNV2S1000G (ELFK0S.6)
    PSU
    Thermaltake Toughpower GF3 1000W
    Case
    CG560 - DeepCool
    Cooling
    ID-COOLING SE-224-XTS / 2 x 140Mm Fan - rear and top; 3 x 120Mm - front
    Keyboard
    Corsair K70 RGB TKL
    Mouse
    Corsair KATAR PRO XT
    Internet Speed
    100 Mbps
    Browser
    Firefox
    Antivirus
    Microsoft Defender Antivirus
    Other Info
    https://www.userbenchmark.com/UserRun/66553205
Thank you all for the answers!


Telemetry essentially means the OS have inevitably become more dependent on the Internet. that is what makes it possible. The Internet serves me in my way, and I think that Internet Telemetry serves the other organisations in their way. But yes, review each one individually and decide whether their requests are fair or acceptable for your organisation.

I basically want to disable all telemetry. I've already tweaked all my Windows settings, but there are some settings I can't change except with a program or code through powershell.

Ultimate Windows Tweaker 5.1

Is this one any better then the other ones I suggested?

Simplewall seems complex, but I've seen it couple of times.

I'm still not sure which program to use. Does anyone know the ones I listed and could explain what each do and if they're safe (they don't themselves collect anything)?

Thanks! :)
 

My Computer

System One

  • OS
    Windows 11

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming F16 (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
simplewall's primary value proposition is that it operates through the WFP/BFE (windows filtering protocol/base filtering engine).

this is a lower/deeper level system compared with the windows firewall.

the upside is that, by all evidence, it is "trustworthy
" and does not have built-in hard coded white listing of MS backbone ips an system dll services and exes like the firewall (not everyone grasps this: hosts file blocking and "null routing,"and service/exe blocking, and possibly port/protocol blocking through the built in MMC.exe UI Advanced Firewall DO NOT provide consistent, persistent, reliable blocking..... either due to MS sneeky stealthed update of (dynamic) MS servers, which comes with the weekly certificate & revocations lists and cannot be broken apart AFAIK, and therefore becomes obsolete so rapidly that blocklists must be micromanaged, or due to fully invisible-to-user whitelisting that would only show up by logging at the NAT/gateway)

its also much faster/lower overhead relative to the advanced firewall

the downside is that the WFP is, generously, governed by convoluted and seemingly contradictory and paradoxical rules making it difficult to understand.


the result is that many users will open huge holes in their security model, as they struggle to make applications work while trying to block OS and 3rd party spyware.

*assume*, at the outset, that everything more complicated than a browser will break and require fiddling iteratively to get functionality back

i use Openvpn (the separate client; not configured within windows) with DNSCrypt-proxy, Sabnzbd for usenet, SMB protocol file sharing amongst my LAN, ClamAV for antivirus, various Python utilities, Brave, and Tor Browser.

still, cumulatively, it likely took 10+ hours of baldness inducing stress and direct hair pulling before everything worked properly while still blocking everything else

the easiest, and *usually* effective, way to make the above work properly in "default block all":

divide everything into "LAN Only", "LAN+WAN OK", "2 Sneaky 4 Me", and "Pure spyware"

LAN + WAN: checkbox "enable" the EXE and services associated with all
, which will require rebooting to force the software to see new or schedule launched services, as well as manual "adding" of EXEs

LAN OK: local IP - your local IP (eg 192.168.1.100, 10.0.0.100, or 10.0.0.0/24 for dynamic); Remote can be enabled by port (135-139 + 445/5445/8445 + 1900 + 2869 +3702+ 5353 + 5355-5357 + 5000-5010 + 67-68 + 546-547 + 3389 covers most exclusively LAN side functionality), or you can add the full local IP range by subnet (10.0.0.0/24) as well as multicast and link local ips (224.0.0/4, 169.254.100.0/24, etc)

note: 10.0.0.0/24 and 192.168.1.0/24 include the default gateways 10.0.0.1 and 192.168.1.1, meaning its possible for apps or services configured properly to see outside or traverse the gateway (usually via services that are advertised by the router alongside other info set by the ISP or provisioned by user control: obvious examples include network time or special VOIP or media streaming)

2 SNEAKY: scrupulously enable by single port or IP

PURE SPYWARE: create a rule called "block" with blank local and remote rules, any protocol, any direction, and any IP version

in theory this would be redundant, but "block" rules have higher WFP priority than allow rules, making it useful to prevent accidentally too-permissive rules from giving access to unwanted apps.

its useful to add various System32 exes to ensure they are blocked from the earliest phase of boot (most applicable for ethernet connected computers; some Wifi as well, as some modern wifi hardware preserve active sessions across Windows' now standard "soft reboot")

for example blocking the System Guard Runtime Broker, which "Monitors and attests to the integrity of the Windows platform" is strongly encouraged, as it is pure telemetry spyware (albeit pure technical telemetry, not usage telemetry)


remember:

even with careful deliberate provisioning, some functionality may still be broken.

the simple reality is that you probably CANNOT have a high-privacy internet connection (eg with DNSSEC or dynamic port TCP with TOR) along with multimedia LAN streaming, network printing, VPN, torrents/usenet, and Windows updates all fully operational seamlessly enough to setup for your grandmother to use tech support free.

edit:

the trustworthiness of this system mAay become obsolete with a future update of Windows 11, and most assuredly by the next full version of Windows, promised/predicted to be fully "OS as a Service
 

My Computer

System One

  • OS
    Windows 11
Back
Top Bottom