The definitive guide to privacy settings in Windows 10 Creators Update

Here's everything you need to know about Windows 10’s many and varied privacy settings -- and how to claw some of your privacy back.

1 khanom original
Khanom/Woody Leonhard

Privacy Matters

Privacy means different things to different people; there’s no one-size-fits approach. Some people want to lock their machines down so they leak exactly nothing. Others figure they don’t have anything to hide, and happily share various and sundry bits of information with their Internet Service Providers, operating system manufacturers and the NSA.

Personally, I don’t mind sharing information if I know what’s being kept and how it’s being used. I’ll also gladly confess that I like being able to say “Alexa, play Rich Harper” or “Alexa, call the kitchen” and have the machine do my bidding. I also frequently say “OK Google, navigate to Habitat for Humanity” or “OK Google, where’s a good restaurant” and expect it to snap to attention. I also appreciate having Gmail scan my incoming messages and sticking airline departures and arrivals in my Calendar.

This is in spite of the fact that both Amazon/Alexa and Google listen to everything I say and store a goodly portion of my personal information.

In this slideshow, I’m not going to show you how to silence every conduit through which Windows phones home. Complete muting’s a very specialized goal that involves all sorts of deep surgery — and is probably doomed to failure anyway.

Instead, we're looking at how to pick the low-hanging fruit, use Windows settings to minimize what you send to Mother Microsoft, then move to snooping settings that’re more obscure, all the while explaining what little we know about the totality of data that’s going out.

2 local account
Windows

Create and use an Offline (“Local”) account

Before you start working out the many kinks in your copy of Windows 10, you should consider whether you want to use a Microsoft account. I strongly recommend that you use an “Offline” account — formerly known as a “Local” account — every time you run Windows.

A Microsoft account is an email address that’s been registered with Microsoft. If you have a Hotmail, Outlook.com, or live.com email address, you already have a Microsoft account. You can turn any email address into a Microsoft account. Microsoft wants you to log on to Windows with a Microsoft account so it can offer you all sorts of conveniences – automatic logon to OneDrive and Mail, Calendar, People (contacts) and Edge, and much more. But the convenience comes at a price. When you use a Microsoft account, Microsoft keeps track of ev-er-y-thing you do – just like Google.

If you use an Offline account, you have to sign in to Mail and OneDrive and the like manually — assuming you want to use any of those apps. No harm done; Microsoft sees all in those arenas anyway. The only loss, really, is the synchronizing of Windows settings and Edge settings: Use a Microsoft account and the cloud Gods make sure changes on one computer carry over to another. 

If you’re using a Microsoft account and want to switch to an Offline account, follow these simple steps:

Step 1. Click Start, then click on your picture. Windows brings up a pane marked Your info. If you’re using a Microsoft account, you see a link that says Manage my Microsoft account. (If you see a line that says Local account — note the old terminology — you’re already Local, and ready to roll.)

Step 2. On the right, click the link to Sign in with a local account instead. You see an admonishment (screenshot) that you need to save your work. Check all of your open apps and make sure the data’s saved.

Step 3. Type in your Microsoft account’s password and click Next. There’s a new pane that has you fill in a user name, password, and hint. If you want to be able to sign in without a password, just leave the Password fields blank.

Step 4. Click Next. The switcher says you’re almost done. Make sure all of your data is saved, and that you remember your new password.

Step 5. Click Sign out and finish. Windows reboots and invites you to sign in. Go ahead and use your new Local, er, Offline account. If Windows needs a Microsoft account — for example, if you want to get into your Mail using the Windows Mail app, or to access OneDrive — you’ll be prompted for a Microsoft account address and password. Easy. Your files stay where you put them (although you will have to log on to OneDrive again, if you use it), and you don’t have to re-install any apps.

Use that new Offline account all the time, especially as you step through the rest of this slideshow and make adjustments to your privacy settings.

3 choose privacy settings for your device

Maximize privacy during setup

When you install, or upgrade to, Windows 10 Creators Update — version 1703 — you’re given the chance to make sweeping privacy changes (see screenshot). Fortunately, those choices aren’t set in stone. Even if you fear you flubbed one of the settings, you can go back and change it. But you have to know where and how.

That said, if you haven’t yet filled out the Win10 1703 privacy questionnaire (pictured), go ahead and do so if it's offered. In general, it would do you no harm to turn everything Off, then go back and selectively enable those things you want to share with Microsoft’s massive personalized database.

Next, let’s dive into the overall privacy settings.

4 general privacy options
Windows

Turn off General Privacy options

Click Start > Settings (the gear icon) > Privacy. You should see General highlighted on the left. Here are what those options mean, and my recommendations for privacy-conscious Windows users:

Advertising ID: Most Windows users don’t know it, but Windows itself generates a tracking ID, independently of all the other tracking IDs — your Microsoft Account (see the first slide), IE and Edge’s tracking capabilities, Bing tracking, and so on. The Advertising ID, introduced in Windows 8.1, is widely misunderstood. Microsoft’s official documentation says:

… a unique ID used to provide more relevant advertising by understanding which apps are used by the user and how they are used. It is also used to improve quality of service by determining the frequency and effectiveness of ads, and to detect fraud and security issues. This ID is per-user, per-device; all apps for a single user on a device have the same advertising ID.

In other words, it’s a number generated by Windows that can be passed from app to app. Apps can access the Advertising ID directly, allowing them to keep a record of when and how you’ve used them, roughly analogous to a web browser cookie. The apps that grab your Advertising ID (including Microsoft’s own apps) can feed your ID to their ad networks, so the ad networks can keep tabs on you across apps.

In spite of what you may have read, your Advertising ID isn’t synced to other computers, and it operates independently of your Microsoft Account, if you’re using one.

Recommendation: Turn it off. You need another tracking ID like you need another root canal.

Language list: Your language list (the list of languages you have enabled on your machine) is your business. Turn it off.

App launches: Used to build the “Most used” list on the Start menu. Also influences the order in which Cortana lists the matches on things you type or say. Off, off, off.

5 location
Windows

Turn off location tracking

If you’re using a Windows phone, you have my sympathies. You and the two dozen other people on the planet also using Windows phone can skip this section.

On very rare occasions, location tracking is useful for Windows laptops. If you find that you need location tracking for some specific app (such as Maps or Weather), you can dig down here and enable location tracking just for those specific apps: click Start > Settings > Privacy > Location then on the right slide Location service to On. Scroll farther down — way down — and you see On/Off settings for individual apps.

If an app requests your location and you grant it permission to see where you are, you can turn off the permission by using Start > Settings > Privacy > Location. To turn off all location tracking, change Location for this device to Off. To turn off location tracking just for that app, scroll way down on the list and slide the app’s setting Offi.

The vast majority of Windows users, though, should set Location Off. If you do, you should consider setting a Default location — a location that’s returned whenever a snooping app wants to know where you are. On the right, click Set default, then go through the Maps app to specify where you are. Or where you want apps to think you are.

Be aware of the fact that if you turn the location service On, Windows maintains a history of your location for 24 hours, and will give that list to any app that’s approved to see your location. You can’t change that behavior (blocking specific apps that want to look at your location history), but you can clear out the location history cache. Scroll farther down on the right and click the button marked Clear.

6 camera
Windows

Turn off Universal app access to the camera and microphone

Little-known fact: The Camera and Microphone settings here only apply to UWP (“Universal” or “Store” or “Metro”) apps. They have no effect at all on normal, old-fashioned Windows programs. Nor do these settings have any effect on Cortana or Windows Hello, the face-scanning logon program. As discussed later, they’re controlled elsewhere.

The smartest way to turn off your camera? Do what Facebook CEO Mark Zuckerberg does, and put a piece of tape over it. As for the mic… it isn’t so easy. Be careful what you say. The walls have ears.

There’s a lot of potential confusion. For example, if you use the desktop version of Skype (which, as of now, is much better than the “UWP or “Store” version), these settings don’t do anything — you have to go into Skype and turn the camera or mic on or off. But if you use the Store version of Skype, these settings do come into effect.

Just to add to the confusion, it’s possible to download desktop apps from the Store.

Microsoft has a general privacy statement that may or may not clear up the confusion for you.

7 notifications
Windows

Turn off Universal app access to a grab bag of Windows features

Like the Camera and Microsoft switches, the Privacy Settings screen lets you control which Universal apps can access specific Windows features. The specific options, listed on the left of the screen, are as follows:

Notifications: Allow apps to look at and change what’s in your Notifications pane (er, “Action Center”) on the right side of the Windows desktop.

Speech, inking & typing: This setting is so complicated, it’s dissected in the next slide.

Account Info: Allow apps access to your name, picture, “and other account info.” My eyes bristle at phrases like “other account info.” I can’t find a definitive, official list of what “other” info is being offered by Windows to the apps that request it.

Contacts: In the background, Windows shares your Contacts list (from the People app) with other apps. Mail, Calendar, People and Phone all need access to Contacts — they have access to Contacts regardless of the setting — but by default Windows also enables access to Maps, Messaging, Photos, Skype, Twitter, Voice Recorder and Xbox.

Calendar: In a similar vein, Windows says that the Mail and Calendar apps always have access to your Calendar, and there’s no option to turn those Off. Windows also has Off switches for the People (Contacts) app and, oddly and inexplicably, Windows itself.

Call history: The Phone app always has access, but there are additional options that, by default, include Messaging and People.

Email: The Mail and Calendar apps always have access to view and send email, but by default People does as well.

Tasks: Mail and Calendar also always get access. Other apps that you install may get on the list.

Messaging: You can block apps from reading/sending text or MMS messages. The UWP Messaging app is allowed, by default, as are People and Skype.

Radios: Same idea, but for Bluetooth and Bluetooth Low Energy. There’s a slider, turned On by default, marked “Share Window.” See this Answers forum post for more information.

Other devices: More of the same, this time for beacons and Xbox, some TVs and projectors.

It’s important to realize that these restrictions only apply to Universal (“UWP” or “Metro”) apps. If you use the desktop version of Skype, for example, none of these settings pertain.

Recommendation: Unless you need to allow a specific app access to a particular kind of data, turn them all Off.

8 speech inking typing
Windows

Turn off the cloud-based part of voice and typing recognition

Here’s another setting that probably doesn’t do what you think. (Hint: If you want to turn off Cortana, there’s a later slide that covers the method.)

Unless you specifically turn it off here, Windows stores and analyzes your voice commands, typing, and handwriting to improve the chances Windows and Cortana will be able to recognize what you say or type. Microsoft stores that data on your PC and, if you’ve logged on with a Microsoft Account, in its cloud.

If you click to Turn off speech services and typing suggestions, Windows wipes all your history off the PC, but doesn’t touch the stuff stored in the cloud. Windows Narrator (an old-fashioned screen reader) and Speech Recognition (an old-fashioned dictation program), dating back to the times of Vista, will continue to work, using data stored on your PC, but most other voice-based features won’t work.

If you want to get rid of your snooped speech, you have to click the link to Manage cloud info — more to come on those options.

If you leave the speech services and typing suggestions on, and your Diagnostic & usage data setting (see next slide) is set to Full, Windows will send your typing and inking data to their cloud, where it’s combined with other customers’ results “to improve the inking and typing platform for all users.” Microsoft thinks of that personal inking and typing information as part of its “Diagnostic data.”

We’re assured that this approach isn’t keylogging — the operating system uses only a very small amount of information. Microsoft’s privacy statement says: “We use this data in the aggregate to improve the inking and typing platform for all users.”

Recommendation: Many of the places you normally type — notably including Word — have their own dictionaries that work independently of the Windows aggregate. Try turning this off and if you can’t stand the hit to voice recognition, sigh and flip it back on.

9 feedback diagnostics
Windows

Only send Basic data and telemetry

When it comes to sending diagnostic and usage data to Microsoft, you have two choices: Basic or Full. We discovered in April 2017 that “Basic” includes 1,966 separately identified data fields that are sent to Microsoft every day. How much data is sent with “Full” turned on? Microsoft has never said.

Given the clear difference and Hobson’s choice, you might expect that most Win10 users would dial the snooping back to Basic. And you’d be wrong. On Aug. 8, 2017, Marisa Rogers posted on the Windows blog that “71 percent of customers are selecting Full diagnostics data to help us fix things and improve Microsoft products.”

I can’t help but wonder what portion of that 71% realized that their choice was between 1,966 data points daily (just for this particular kind of snooping) and an unknown, undefined alternative. I wonder how many just chose the default (“Full,” of course) and just went on their merry way.

The second entry on this pane should raise a red flag to anyone who's  privacy-conscious:

Let Microsoft provide more tailored experiences with relevant tips and recommendations by using your diagnostic data

You might be surprised to know that your Windows “diagnostic data” includes sufficient personally-identifiable information to customize “tips and recommendations.”

Recommendations: Basic and Off, of course. Hard to imagine any situation that would encourage you to do otherwise.

10 app diagnostics
Windows

Background apps/App diagnostics

The Background apps entry on the left side of the Privacy applet simply lets you turn background processing on or off, as a whole, or for specific Universal apps. Desktop apps don’t appear in the list, and won’t be affected by the setting. So far, I haven’t seen any compelling reason to keep a Universal app from running in the background.

App diagnostics, though, is a different story altogether (screenshot). This setting doesn’t affect desktop apps — the ones you’re most likely using to monitor other running programs, if you’re using any at all. Instead, it keeps one Universal app from looking at details about other running Universal apps — their internal names, package names, the username for the user running the app, and lots of details like memory usage. Developers use that info all the time, but your garden variety apps shouldn’t need any of it.

Recommendation: Leave Background apps On, but turn App Diagnostics Off.

11 search engine
Windows

Change your browser and your search engine

Edge has many shortcomings, real and imagined, but its biggest problem is its pedigree: Many people just don’t want another piece of Microsoft software.

Fortunately, you have an enormous range of web browsers to choose from. As I explained in Top 30 free apps for Windows 10, I generally run with Chrome (by far the most popular Windows browser), but I also keep Firefox open all day, every day. If you’re concerned about privacy, though, Chrome isn’t your best choice.

Firefox running on Android and iOS collects browser history and send anonymized data to two companies called Adjust and Leanplum. As of this writing, there is some consternation about possible data collection in future versions of Firefox — but for now it’s the least-snooping choice among the largest browsers.

You can install Firefox by going to the download site and following the instructions. It will not interfere with Edge, Internet Explorer, Chrome, or Safari.

Firefox, by default, uses the Yahoo search engine — and Yahoo pays dearly for the privilege. Yahoo search relies on Bing and Google for its results, in a complex arrangement that’s changed in recent years. Of course, you’re free to choose your favorite search engine. I recommend that you go with Google if the snooping doesn’t bother you or, better, with DuckDuckGo or Startpage — neither of which keeps track of what you type, or where you go.

To change the default search engine in Firefox, click the three-line hamburger menu in the upper right corner, choose Options. On the left, choose Search. Uncheck any of the search engines that you don’t like, then click Add more search engines. You see the selection in the screenshot, where it’s easy to add both DuckDuckGo and Startpage. Click on either or both to add them to the search engine list. Move to the previous tab, and choose your default search engine in the drop-down box at the top.

To change the search engine in Chrome, click on the three-dot menu in the upper right and choose Settings. Scroll down and click on the link called Manage search engines. Choose your favorite engine, click on the three-button menu to the right of the entry and choose Make default.

There are many more privacy tricks when working online: Running a Virtual Private Network, using Incognito or Private Mode in your browser, looping through Tor, and a whole world of variations. Happy hunting.

12 cortana
Windows

Consider canning Cortana

I get it. I understand the appeal of a voice-activated assistant. I use Google and Alexa all the time, and my wife swears by Siri. But for the life of me, I don’t want Cortana rummaging through my searches and email, contacts, and messages, storing the results in Bing. I’ll use Google for that, thank you very much.

You may want to dial Cortana back a bit — limit what “she” (pardon my anthropomorphism) searches. You can do that by clicking on the Cortana icon (at the left end of the search box), choosing Notebook on the left, then Permissions. You get the options shown in the screenshot. You can turn off future snooping by setting the appropriate slider to Off. But to get rid of the accumulated personal data that’s stored on your machine, you need to click the Cortana icon, choose Notebook on the left, then About me, click on your email address, then click Sign out. That’ll leave your info in Bing’s giant hoover, but at least it’ll take the data off your machine.

To get rid of the rest of Cortana’s intrusive behavior, click on the Cortana icon on the left of the Search box, then click the “gear” Settings icon on the left. You see the Cortana Settings pane. Go through the list and take a look at what Cortana’s doing. One of my favorites: “Let Cortana pipe up from time to time with thoughts, greetings, and notifications in the Search box.” Be still my beating heart.

Slide all of those settings Off, then, up at the top, click the link to Change what Cortana knows about me in the cloud. That brings up another pane. Step through it to clear your Maps saved places, clear your Search history, cut off the notebook connected services page then finally, at the bottom, choose Clear. You need to jump through all of those hoops because, for example, “Clear” doesn’t clear your Search history.

You can take the Cortana search box off your Taskbar – just right-click on the Taskbar and choose Cortana > Hidden, but that’ll leave Cortana controlling your Windows searches. Even with Cortana hidden, if you click on the Start icon and type something, Cortana will appear — and send a record of all of your searches to Bing, for safe storage.

If you want to well and truly get rid of Cortana, you need to dive into the Registry. To do so, hold down the Windows key and type r. Type regedit and press Enter. Click through whatever warning may appear. On the left, navigate to HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows > Windows Search.

If there’s no “Windows Search” key, you have to create it: click once on Windows, then right-click and choose New > Key. Type Windows Search (note the space) and press Enter.

Navigate to Windows Search then, on the right, right-click and choose New > DWORD (32-bit) Value. Type AllowCortana (no space) and push Enter. That will leave you with a new value called AllowCortana with a “value data” setting of zero. Restart Windows and Cortana will be banished. If you perform a Search using the Start icon, you’ll get a local search, not a web search, and the search terms won’t be sent to Bing.

13 app browser control
Windows

Consider disabling SmartScreen

This is a tough choice.

Microsoft’s SmartScreen technology looks at every file you download, and every program you run, and compares it against a database of “probably bad” files and programs. If there’s a match, you’re warned before opening the file. SmartScreen is also used in Edge to look at every page you visit, before it’s opened.

The downside, of course, is that you leave behind a trail of everything you look at, download or run.

In my experience, SmartScreen helps sometimes, throws false positives sometimes, and misses stuff from time to time, too. On balance, I figure SmartScreen is a net plus — but you may well feel differently.

To turn off SmartScreen, down in the system tray (click the up-wedge to the left of the time), double-click on the “shield” icon. You see the App & browser control pane shown in the screenshot. From that pane, you can turn off SmartScreen for apps and files; for Edge; and for Universal apps (erroneously marked “Windows Store apps”).

14 lock screen
Windows

Clean up your lock screen and login screen

There’s a subtle difference between your lock screen and your login screen. To a first approximation, the lock screen is what shows before you’re offered a chance to log in, and the login screen has a place for you to choose your username and type your password. (Yes, there are nuances.)

There are at least three privacy problems lurking:

  • By default, the lock screen shows a thumbnail of your latest email.
  • The lock screen may be rigged so Cortana or Windows Hello are listening to everything you say, or watching everything you do, even when your machine is logged out.
  • By default, the login screen shows valid email addresses for every Microsoft account authorized to use the machine.

To keep your emails from appearing on the lock screen, click Start > Settings > Personalization. On the left choose Lock screen. You see the pane shown in the screenshot. Click on the “Mail” icon and choose None.

Cortana on the lock screen may already be turned off if you followed my earlier step covering Cortana. To make sure that “she” doesn’t listen to your conversations while logged off, click the icon on the left side of the Cortana search box, choose Settings, and slide Use Cortana even when my device is locked to Off.

To turn off Windows Hello scanning while you’re logged off, click Start > Settings > Accounts. On the left choose Sign-in options. Scroll down a bit and, on the right, slide Automatically unlock the screen if we recognize your face to Off.

Hide your email address on the log-in screen, click Start > Settings > Accounts. On the left choose Sign-in options. Scroll way down on the right and under Privacy / Show account details (e.g. email address) on sign-in screen, move the slider Off.

15 online privacy settings
Windows

Clear your data out of Microsoft’s coffers

You might think that by switching to an Offline (Local) account, stepping through the dozens of Privacy Settings dialogs, changing your browser, and turning off Cortana, you’d have gone through most of the steps necessary to curtail Microsoft’s Windows 10 snooping.

And you’d be wrong, of course.

Microsoft likely has an enormous trove of information about you. It’s generally (but not exclusively) tied to your Microsoft account, if you have one. And if you’ve been using your Microsoft account for any time at all, you should expect to spend an hour or more sorting out and zapping the data on file.

To thoroughly remove your data from Microsoft’s big database — at least, the parts you can remove — you need to go through all the sub-pages in two locations. They are:

If you use Office, you should drop by the Office Trust Center.

If you use Skype, you need to sign in and adjust your Privacy settings. The desktop version of Skype lets you change some privacy settings, described here. The Universal version of Skype doesn’t have any accessible privacy settings. The Skype description about data retention is a bit coy, but apparently Skype always keeps 30 days of conversation history — you only have control over how much is kept on your machine.

Xbox has its own set of privacy settings.

Who said privacy was easy?

Please join our ongoing Win10 Privacy discussion on the AskWoody Lounge.