Download.com has chosen not to provide a direct-download link for this product and offers this page for informational purposes only.
When you first get a new Windows computer (or set up an old one), you might be focused on downloading your favorite apps and transferring your files. This is also a good time to configure your machine to protect your privacy.
We all need to protect our private data. Whether you’re carrying sensitive work files, sensitive pictures, or just your passwords, there’s certain information you don’t want other people to have. When you’re first setting up a computer, you’re establishing the habits you’re going to use the entire time you have that machine. Rather than wait to care about your privacy later, it’s better to get started on the right foot.
Advertisement
From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet
Raise your hand if you've shared a username and password with someone over IM? Ever share a…
Read more ReadFirst, a disclaimer: with Windows 10 coming out at the end of the month, we decided it’s best to write this guide as it pertains to Windows 10. Many of these settings, where applicable, still exist in Windows 8, but they may be in a different location or have slightly different names. In fact, even in the newest versions, settings are often duplicated in multiple places within the OS, but we’ll cover it the best we can.
It’s also worth mentioning that Windows still allows you to install any app you want. Once they’re installed, those apps can do pretty much anything. Locking down your privacy in Windows won’t do much if you install other apps that can still read your data.
Advertisement
Start with a Clean Install, Even If You Bought Your Computer New
Before you do anything, you should make sure you’re starting from a clean slate. If you bought your computer from a store, it probably came with a lot of junk software that the manufacturer thought you might want (or that they were paid to include). Getting rid of this junk is a good idea from a performance standpoint. However, occasionally even otherwise decent manufacturers can include security and privacy-breaking junkware.
Advertisement
We already have a guide on how to remove crapware from your computer here, so we won’t rehash the entire thing. However, you have two main options when you get a new computer:
- Wipe the machine and reinstall Windows from scratch: This is one of the surest ways to make sure that no extra junk apps are running on your system. If you built your own machine, you’re probably okay already. If you’re running a store-bought machine, be sure to keep track of the license key before installing, even if you’re installing Windows 10.
- Remove the bloatware manually:Our guide here gives you the details on how to easily remove bloatware from your machine. It’s a bit more of a tedious process, and it’s possible to accidentally leave something behind, but it allows you to clean your machine without wiping anything you already have installed.
Advertisement
A clean install is a good step to take regardless of whether you’re concerned about privacy. However, if you want to make sure that there’s nothing on your machine that makes you or your data vulnerable, it’s even more important. The only way to be sure that nothing is running on your machine besides what you install is to clear everything out when you first set up your machine.
How to Do a Clean Install of Windows Without Losing Your Files, Settings, and Tweaks
There's nothing like a fresh install of Windows to clear your mind, but it comes at a cost:…
Read more ReadDisconnect From Your Microsoft Account
Advertisement
Once you’re sure your machine is clean (or, ideally, while you’re performing a clean install), you should decide how closely you want your machine linked to your Microsoft account. Since Windows 8, you’ve been able to log in to Windows using your Microsoft account. Of course, this comes with some trade-offs. On the plus side, your Microsoft account has built-in two-factor authentication. However, you may not want Microsoft to know every time you log in to your computer. Microsoft’s also no stranger to controversy with user accounts. If you’re not comfortable with having a direct line to your personal Microsoft account tied directly to your computer, you can use a local account instead.
Microsoft Gets Two-Factor Authentication, You Should Enable It Now
Two-factor authentication is one of the best things you can do to secure your online accounts.…
Read more ReadThere are two ways to use a local account on your Windows machine. The first is to choose “local account” while setting up your computer for the first time. If you chose this option when you first installed Windows, then you’re good. On the other hand, if you ever signed in to your Microsoft account on Windows, here’s how to disconnect it:
- Open the Start Menu and search for “Account”, then choose “Manage your account.” (Alternatively, open the Settings app and choose “Account.”)
- Click “Sign in with a local account instead.”
- Create a new username and password.
- Log out and re-log in using your new credentials.
Once you’re logged in to your local account, open up the same section of the Settings app. If your Microsoft account is still listed under “Other accounts you use”, you can remove it here. Of course, you will lose some features (most notably Cortana) if you don’t have a Microsoft account connected, however it’s one of the safest ways to ensure none of your data gets synced or shared without your knowledge.
Advertisement
Audit the Privacy Section of the Settings App
With Windows 8, Microsoft introduced a new style of “modern” apps. To go along with it, Microsoft has added a new permissions system. This is mostly geared towards phones and tablets, but as Microsoft steers developers more towards the Microsoft store, more apps may be likely to use these permissions to access things like your camera, microphone, or location. To manage these permissions, open your Start menu, type “privacy” and choose “Privacy settings.”
Advertisement
Here, you can find a number of settings you should tweak to your liking, including but not limited to:
- Location: Here, you can set a location that all of your apps use, or disable location tracking entirely. You can also see a list of apps that have the ability to use your location and enable or disable them on a per-app basis. This only seems to apply to the new Modern-style Windows apps, so this may not prevent all apps from using your location if you give an app permission.
- Camera and Microphone: Here, you can block access to your camera or microphone on a per-app basis, or disable access entirely. Like the location settings, these sections only apply to Modern apps. It also won’t disable the devices at the system level.
- Contacts, Calendar, and Messages: If you use any Microsoft services for managing your contacts, events, or messages, you can control which apps have access to your data here, as well.
- Speech and typing: Under “Speech, inking, and typing”, you can disable the “Get to know me” feature. This setting seems weirdly placed and it’s unclear just how much data Microsoft tracks with this one setting, but it does state that it’s used to offer better suggestions, improve dictation, and help Cortana get to know you. So if you’re not comfortable with digital assistants learning your habits, it may be best to turn this off.
Advertisement
Depending on how much you want your operating system to know about you, it may be worth going through the entire Privacy section. Also, keep in mind that any permissions you disable here only apply to the apps that are displayed. Microsoft’s permission system is still relatively new, so unless you downloaded an app from the Windows Store, this probably won’t prevent them from using your hardware.
What Windows 10's 'Privacy Nightmare' Settings Actually Do
Windows 10 has some handy new features, but if you believe the rest of the internet, it also comes…
Read more ReadProtect Your Apps and Your Data
Since Microsoft’s built-in systems can’t protect your data or the apps you download, you’ll need to do it yourself. Protecting your privacy online is an discipline in itself, but there are a few basic things you should do to keep yourself safe before you start using your computer for regular work:
- Install antivirus and antimalware tools: Antivirus/malware tools can keep you safe from unwanted installations or malicious software, so you should start by making sure you’re protected from the basics. You can read our guide here on the difference between these tools and which ones you need.
- Download privacy-protecting browser extensions: You likely spend more time in your browser than any other single app. To protect yourself, install browser extensions like AdBlock Plus, Disconnect, and other privacy-protecting extensions to keep your data safe.
- Use a VPN: Virtual private networks (or VPNs) have a variety of uses, but one of the most helpful is protecting your privacy. Setting up a VPN will ensure that your browser traffic is encrypted and stays away from prying eyes.
Advertisement
We couldn’t possibly go over every privacy protection trick here, as they can fill up multiple guides all on their own. Fortunately, we have plenty of those. If you want to stay safe, you can read more about privacy-focused web browsers, the various kinds of malware, and why you shouldn’t trust Incognito mode for true privacy.
Don't Trust Private Browsing Modes for True Privacy
Every major browser has an 'Incognito Mode,' 'Private Browsing,'…
Read more ReadLock Down Physical Access to Your Computer
Advertisement
Once you’ve got everything on your computer protected, you’re done, right? Actually, there’s still one more thing to take care of. When it comes to protecting their data, most people don’t tend to consider physical access. Mega corporations and governments aren’t the only ones you want to keep out of your data. You may also want to keep snooping visitors, untrustworthy co-workers, or certain family members out of some of your files. For that, there are a few precautions you should take:
- Enable (and use) a lock screen: Your phone isn’t the only device that you should enable a lock screen on. You can set up your computer to automatically lock after a set period of time, or alternatively, you can manually lock your screen by pressing Win+L.
- Keep your machine in a safe place: Your computer is only as safe as the room you keep it in. If you have an office at work, be sure to keep the door locked when you leave. If you’re taking your laptop to a coffee shop, don’t leave it unattended, or at least get a physical lock and use it.
- Secure your Wi-Fi: While technically not a physical connection, your home Wi-Fi is an easy way for neighbors or passersby to gain access to your data. This can lead not only to security breaches, but even minor invasions like taking over your Chromecast. Keeping your Wi-Fi secured can keep your devices protected from nearby intruders.
Advertisement
As long as you have the other areas in this guide covered, physical access should be the only way that someone can get access to your sensitive data. Of course, how important that physical security is to you may be subjective. A top secret government agent will have a greater need to lock their laptop up while at home than a single person in a one-bedroom apartment will. Still, it’s important to consider your physical machine when auditing your privacy.
Why Social Engineering Should Be Your Biggest Security Concern
We all know the basics—strong passwords, two-factor authentication, and so on. However, the most…
Read more ReadAdvertisement
Windows 10 is built to share data, but by default it does a seriously lousy job at privacy. If you think about it, on any of our personal Windows computers there's heaps of personal data, including our account logins, our images, and financial data that we would prefer to keep private, and away from prying eyes.
No wonder there are ongoing issues on what data Windows 10 actually collects, and with Microsoft's latest commitment to pare this down to “the basic level that is necessary to keep your Windows 10 devices secure and up to date” according to Terry Myerson, EVP of the Windows and Devices Group.
However, at the initial setup of that shiny new PC, as we eagerly tick the boxes to accept the license agreements and get on to the fun stuff, most of us don't realize the multiple elements of privacy that we're totally giving away. Of course, Windows makes it sound all routine, such as 'Don’t you want Cortana to do her best work?' However, fret not, as Windows is a quite flexible and configurable OS, and can be set up to protect your privacy in lots of ways.
Privacy dashboard
For those who are curious as to what data Microsoft is collecting, head on over to the dashboard. Here, you can see the type of data collected, such as locations, search results, and browsing. If this does look an awful lot like Microsoft’s version of ‘Big Brother,’ keep reading to see how you can limit its reach.
Reload the OS
If the computer is being used, a good first step is to reload the OS. All users over time install software, and this leads to additional security vulnerabilities, whether from standalone programs, or browser plugins. Even with a brand new PC, it's good practice to start with a fresh OS, as the example of Superfish adware that came preinstalled on Lenovo PC’s shows, where hijacked browsers were used to place third-party ads based on Google searches, or the less ominous but still disturbing Dell laptop eDellRoot software vulnerability.
Therefore, whether your computer is brand spanking new, or you've been using it for a while, a good security practice is to take off the data you need, totally wipe the machine, and start with a clean reinstall. Note this should not be confused with a Windows restore, nor a rollback that goes back to an earlier version, but does not provide a totally fresh start.
Thankfully, Windows 10 makes it easier than on previous versions of Windows to do a reinstall from within the OS, so be sure to check out TechRadar’s reinstallation guide for simple directions for the process.
Cortana
Next, turn your attention to Microsoft’s digital assistant, Cortana. While a personal assistant has certain use-case scenarios, such as when you're driving, it's less essential for users on their Windows computer with a keyboard and mouse at their fingertips. And a recent exploit demonstrated that Cortana can be used to open certain websites from the lock screen to hack the computer.
Therefore, from a privacy standpoint, it's better for Cortana to know less. Head on over to Windows settings, and the Cortana section. On the first Cortana screen, under 'Talk to Cortana' we disabled the 'Hey Cortana' feature, the keyboard shortcut, and allowing Cortana to work with the device locked, which should protect from the exploit described above.
Next, still in the Cortana section, we headed over to ‘Permissions & History’. Back when we had a Windows Phone (yes, it pains us to admit that today, these permissions made more sense than now. Here you can clear what data Cortana has collected, and adjust the search results. You can also lock down access to what's in the Cloud account, the device’s history, and if you scroll all the way at the bottom of the screen (not shown in the screenshot above), you can prevent Cortana from collecting data from your personal search history.
General privacy settings
While still in the settings, we left the Cortana section and moved to Privacy. Under the ‘General’ subheading, there are several toggles. Perhaps the creepiest of these is the one at the top, that allows apps to use ‘advertising ID’ to track you, and then send you ads based on your recent activity, rather than generic ads for that site. Ever wondered why after you look at a new car site, how then you get bombarded with ads for cars – well, now you know. We set all the options here to off.
Camera and microphone
Going down the list of sub-headings we get into some of the more granular permissions levels, so tread lightly here. For the ultimate in privacy – and for the extremely paranoid – both the integrated webcam and the microphone can be totally disabled at a system level. However it makes sense for certain apps to have access to these, for example Skype, so most users will want to disable or enable the camera on an app-by-app basis. For example, in the image above, we could disable access to the camera for the Microsoft Store and OneNote, as it makes little sense for those apps to be able to use the camera. The same policy applies to the microphone, which is the next sub-section in the list.
Sign-in options
Under the Account category there's a subcategory for ‘Sign-in options’, and towards the bottom here are two settings. The first one controls whether account details such as an email address are displayed when the device is off. The second determines if the sign-in info can be used to automatically finish setting up a device after an update or restart. For maximum privacy, these both should be set to off.
Shared experiences
Finally, in the System category, head to the ‘Shared experiences’ sub-section. As most users use a variety of devices, this is a way for Windows on a PC to link to apps on connected phones and tablets, to open and message apps between the devices. While this was an update for the Windows Creators Update, few apps have implemented it. For the time being, from a privacy standpoint, it's better to toggle this off, as it represents a way for Microsoft to build a more comprehensive profile between different devices, with little tangible benefit to users so far.
Under the Account category, there is a subcategory for ‘Sign-in options.’ Towards the bottom are two settings. The first one toggles if account details such as an email address are displayed when the device is off. The second determines if the sign-in info can be used to automatically finish setting up a device after an update or restart. For maximum privacy, these both should be toggled to off.
Securing your digital lifestyle doesn’t have to be a tedious or expensive process. You can achieve that in the next 60 seconds by downloading a trial of CyberGhost VPN here, risk-free.