Windows has been a pioneer in the operating systems and software industries for decades. It’s no surprise the Microsoft has helped shape our modern data-driven world. And their latest and greatest operating system, Windows 10, is supposedly the last operating system in the Windows line of software.
There’s just one problem. It is incredibly insecure by default.
Most users find it aggravating that the software has default settings that allow the OS to gather, collect, store, and send data back to Microsoft for analysis and other ridiculous reasons. This feels like a dishonest infringement of privacy and security on Microsoft’s part, because the average user doesn’t know what these settings mean, how they work, or what data they collect.
To make matters worse, Microsoft has an open door policy with the NSA. As a US based firm, they are sometimes coerced into complying with governmental agencies, whether they want to or not. Many of you will remember that they have forfeited unfathomably large amounts of information to the NSA with the PRISM scandal, and event brought into the public view by Edward Snowden.
This leads many people to be rightfully worried and concerned with Windows 10’s default settings.
The good news is that they aren’t too hard to shut off. You just need to know where to look.
Express Setup Problems
The easiest way to nip these security problems in the bud is to forgo the Express Setup options.
As mentioned previously, the Express Setup installation process is extremely flawed and littered with tons of undesirable settings that can negatively impact your security. In fact, one of the settings allows your Windows 10 computer to transfer massive amounts of information back to Microsoft.
But how do we know what information Microsoft is collecting? Well, the honest truth is that we don’t know every iota of information that Microsoft collects since their operating system is closed-source software. Nevertheless, we do know that they collect data such as contact info, calendar information, text and touch input, geographic data, and many other types of information.
Though it is unclear why they would want most of this information, they have made claims in the past that it will help them refine and improve their software. Personally, I’m not buying it and I don’t want them collecting my personal information.
But believe it or not, Windows 10 isn’t the first version of Windows that has engaged in similar practices. Though past versions have had default settings that collected some amount of information, Windows 10 is by far the worst offender, and has more settings that need to be disabled than you would ever imagine. One feature in particular, Siri, aids data collection and sharing on a massive scale, so it is best to disable her.
The problem is that in order to make Windows 10 more secure, users lose a little bit of functionality and lose the bells and whistles.
But it is a necessary sacrifice in the name of privacy and security.
Increasing Privacy Settings by Changing Default Installation Configurations
As they say, an ounce of preventions is worth a pound of cure, and the best way to nip these security issues in the bud is to disable them before you ever complete the installation process. Unfortunately, if you have already installed your copy of Windows 10, we’ll need to perform the steps manually.
For those of you entering the upgrade process, make sure that you avoid clicking on the button labeled “Use Express Settings,” and instead click on the “Customize Settings” button in the lower-left hand corner of the installation screen. They made the button extremely small, and I can’t imagine that was by accident.
On the following screen, users will note four individual settings that are binary on/off configurations. Users who want enhanced security and privacy should turn all of these settings to “off.” It’s quite appalling to realize that they have default options such as “Send typing and inking data to Microsoft…” and other similar settings. It’s in your best interest to turn all of these off.
On the following settings page, you can use your own discretion when disabling certain features. Some people may want to sacrifice a bit of privacy or security for a feature they simply can’t do without. Although, I would recommend that people disable settings such as automatically connecting to open Wi-Fi, Wi-Fi Sense, and predictive web browsing to maximize security.
Yet another way to limit the amount of information Microsoft harvests from your computer is to forgo logging in with a Microsoft account. The alternative is to create a purely local user account. To do this, simply click “Create a new account” when setup asks for your Microsoft login credentials. Next, click on “Sign in without a Microsoft account.” Doing so will break the connection between your login credentials, user ID, and Microsoft corporation to bolster your privacy.
But it does have its disadvantages, such as preventing files and settings from syncing across multiple Microsoft devices. In my opinion, this is a cheap price to pay for added security, and there are plenty of free cloud storage options that will provide users alternatives for file syncing.
Changing Settings on the First Boot
Though disabling these settings will help increase privacy tremendously, there are a few settings users will want to check on their first boot of Windows 10.
- Simply open up the settings app and navigate to the privacy section.
- Some of these settings should have been disabled through the customized setup process, but a few may still remain.
Again, I would recommend disabling everything under the General tab, but some users may wish to keep some settings enabled such as the SmartScreen Filter.
Cortana is Microsoft’s version of Siri, and Cortana gets her name from a videogame character in the Halo series. But she isn’t as trustworthy in real life as her videogame counterpart. The Cortana feature should be disabled if you want to err on the side of caution and enhance your privacy and security.
- To begin, click on the start button and type text to pull up the search window.
- An icon should be visible that will allow you to make configuration changes to the Cortana settings.
- Again, I would recommend turning her off completely, but users may want to selectively disable portions of the settings at their own discretion.
It may feel like you are stripping the features away from your Windows 10 device, but it is necessary. I could make the argument that a lot of these features do little to improve the user experience, and it is better to disable them since many of them have background processes, invisible to users, that will collect personal information and dump it in a massive corporate database.
Editing Group Policies for Enhanced Security
We’re not done yet – the next thing on our list is to change how the “Feedback Options” feature works. Unfortunately, there is no option to completely turn it off. Instead, we can only set it to its most basic setting. We can’t be sure if the basic mode makes the data sent back to Microsoft completely anonymous since it isn’t open source software. The only option to completely disable this feature is contained on the Enterprise and Server editions of Windows software.
To make these changes, start by opening the group policy editor. You can search for the application called gpedit.msc.
We are going to edit a setting to “0 – Off.”
To find the setting, browse through the following navigation trees: Computer Configuration> Administrative Templates,>Windows Components> Data Collection.
Again, we can’t be sure what data the “Data Collection” setting harvests from your computer, but why take the risk?
Securing Windows 10 Updates
Updates are a tedious yet necessary part of any piece of software. Nevertheless, Windows 10 defaults to using P2P mechanisms (much like Bit Torrent) to propagate and download Windows updates from other computers in a P2P cloud. Some people would have qualms about downloading an update from a stranger as opposed to a legitimized Microsoft update server. People have been able to inject malicious code into updates in the past, so it is better to disable this feature.
Simply open up the settings application and navigate through Update & Security, Windows Update, Advanced Options, and the configure how you want updates to be downloaded. You can either completely turn off this feature or limit it to downloading updates from other computers on your local LAN, which could be acceptable in a home environment since you own all of the computers there anyway.
The ugly truth is that users don’t have complete control over what information is shared with Microsoft. To make matters worse, many of these settings are enabled by default unless a user explicitly disables them. The good news is that by disabling a few settings, you can drastically increase your privacy and security.
I think just about every user should disable all of these settings, since it is appalling home much information Microsoft can see about your activities. But disabling these settings will help protect your privacy and anonymity.