23 DIY privacy and security settings for your Windows
Imagine someone stole your computer and now has access to all your sensitive information just because you weren’t careful enough to secure it on your computer. You wouldn’t like that, would you? In this article, we work on just how you can prevent such a breach of sensitive information that might be personal or of professional importance.
In this article, we look at 23 different ways, which were tried and tested by your truly, that helps you improve the privacy of your Windows 10 PC. The exciting thing about all these methods is that you can implement these yourself on your computer and require no additional software installation whatsoever.
Windows has always been a very important part of daily life for a lot of people around the world and has continued to remain the most popular operating system in the world. Windows is also the operating system with the greatest number of vulnerabilities making it quite easy to exploit user information and compromise their accounts.
Just last week, there was a new vulnerability released for Windows 10 known as PrintNightmare that allows remote code execution on Windows computers. To read more about this malware, visit our article Windows Users nightmare: a new vulnerability discovered that threatens your security.
Besides security, privacy is the next worst issue with the Windows operating systems and is exactly what we’d be trying to improve in this article. Improving privacy also allows your computer to be secure since a computer with better privacy is quite difficult to misuse or even access without authorisation.
Table of Contents
- Avoid express installation
- Turn off location tracking
- Turn off targeted ads
- Turn off a camera control
- Turn off microphone access
- Turn off contacts access for apps
- Disable Cortana
- Control access to account info
- Disable OneDrive sync
- Disable Windows 10 sync
- Manage browser settings
- Control apps running in the background
- Automatic file downloads
- Diagnostic & feedback data control
- Limit activity history
- Access control to ‘Other devices’
- Tasks access control
- Restrict access to emails
- Limit lock screen information
- Use local accounts
- Windows updates control
- Speech, Inking, and Typing
- Use ‘Limited user’ accounts
If you purchase a computer and install the Windows 10 OS yourself, you might usually just click on the ‘express install’ option for Windows and allowing the OS to be set up with default Windows settings.
While this is quite useful when you are trying to save time, it isn’t the best option in terms of improving your privacy. By default, Windows is allowed to use your personal information to improve services like targeted ads, location tracking, and activity tracking.
All you need to do to prevent this is to click the ‘customise settings’ link at the bottom of the setup screen. While using this custom install, you can disable ad tracking, location tracking, and all forms of personal activity tracking.
Image Source - Windowscentral.com
The custom install also allows you to read through the Terms & Conditions of using Windows 10, which has been made available in last year’s fall update. While users wouldn’t read the entire T&Cs, you can simply click the ‘Learn More’ links to jump to and read specific sections in the T&Cs relevant to you.
Your location should be the most private part of your personal information, no matter what online service you're using. Windows 10, by default, keeps track of your location through various apps you use such as Maps, Camera, Mail, Skype, etc.
Since this location is stored and used by Microsoft for their benefit, it is a breach of your privacy and isn't something you should stand for. This can be potentially very dangerous if a hacker somehow gains access to your Microsoft account and can even compromise your safety.
To turn off location tracking by Windows, simply go to the Settings page of your PC and go to the privacy section.
- Go to the location tab where you can see the title ‘Allow access to location on this device'.
- Under this, click on the button labelled 'Change' and
- toggle ‘Location access for this device’ to off.
Windows 10 uses your app activity to personalise and tailor ads that are applicable to your needs. While this might sound like a neat feature to have at first glance, anyone with a basic sense of privacy can figure out why this feature of Windows 10 exploits it as much as possible.
The Windows 10 operating system gathers a user’s private information about their activity relating to their apps and uses this information to personalise ads. This information could also be used for third-party ads to push their apps onto users who have used similar apps.
If you went down the path of express install for Windows 10, you probably don't have this disabled on your computer.
To disable ad tracking, first, open the settings page on your Windows 10 PC and then go to the privacy section.
Now click on the general tab, and you’ll see a few toggle switches to disable various features. The first one, “Let apps use advertising ID to make ads more interesting to you based on your app activity", is the culprit we are looking for. All you need to do is simply turn this off to disable the Windows 10 ad tracking feature.
Imagine a stranger watching you without your knowledge through your webcam. Every computer that has a connected webcam is potentially vulnerable to this issue which is quite worrying since almost all computers (laptops mostly) today come with an integrated webcam.
By default, Windows 10 will have access to your camera via its apps and will be able to keep recordings or images of you without your knowledge.
Disabling the camera on your computer is as easy as opening the settings page, going to the privacy section, and then the camera tab. Here, under the ‘Allow access to the camera on this device’ section, click on the change button and then toggle the camera access for this device to off.
This makes sure that Windows 10 isn’t able to access your camera through any of its apps and store video recordings of you. If you want to go a step further, you can buy a webcam cover on Amazon or just simply put a small piece of tape over your webcam; as long as it isn’t clear tape, you’re good to go.
Even Mark Zuckerberg, the founder of Facebook, put tape on his laptop camera to make sure no one can use his camera without his knowledge.
Speaking of camera access control brings me to the next most key recording method that, when paired with the camera, is very useful to exploit user privacy. If the microphone of your computer is compromised, anyone can listen in to your private conversations while your computer is being used.
Access to a microphone alone can be used to gather quite a lot of personal information, even if there isn't any camera access. Skype & Type is an eavesdropping tool that can log everything you type simply by listening to the sound from your keystrokes. This could include passwords, usernames, and confidential information.
To disable the microphone access on your computer, again, visit the privacy section from the settings page. From there, click on the Microphone tab, click on the change button under the ‘Allow access to the microphone on this device’ and toggle the microphone access on this device to Off.
Like the cases before, Windows 10 also stores logs of your contacts associated with your account. These contact details include email addresses, and phone numbers of your friends, family, workplace colleagues, etc., and makeup quite a huge portion of your private information.
This stored contact information, if accessed by unauthorised parties or even when used by Microsoft itself, could cause quite a bit of inconvenience. Windows 10 allows you to control access to the contacts stored by your computer so that you can specify what apps have access to these contacts and even completely disable access to contacts.
To disable access to contacts, open up the settings page of your computer, go to the privacy section, and navigate to the contacts tab. Here, under the heading ‘Allow access to contacts on this device’, click on the change button and then toggle the contact's access for this device to Off.
Scrolling further down this page even allows you to control contact access for each app if in case you don't want to entirely disable it altogether.
Cortana, Microsoft's answer to virtual assistants, while quite helpful (at times), is the bane of all user privacy on a Windows computer. Like many other virtual assistants, be it Siri or Alexa or Google Assistant, Cortana too keeps logs of your activity based on your searches and voice commands you give it.
To restrain Cortana, first, open the Cortana app on your computer and open settings. Here you can go to the ‘microphone’ and ‘voice activation’ sections and revoke microphone permissions. This can be skipped if you’ve already disabled your microphone after the previous sections.
Next, in the settings menu, go to the privacy section, and under the chat history heading, click on the clear button to clear all chat history that you have accumulated with Cortana. You can even visit your Microsoft privacy dashboard to view and clear your Cortana data stored on the cloud.
Finally, as a nuclear move, you can entirely revoke all permissions from Cortana and log out from your account altogether. This ensures that Cortana never runs on your computer or gathers any of your activity information.
Windows 10 has the habit of peeking in on any sort of personal or confidential information that flows through your computer. This is especially problematic while you try to log in to any of your online accounts or apps on your Windows 10 computer.
It is obvious what can happen to your online accounts if anyone besides you (even a tech conglomerate like Microsoft) has access to them. This information could be potentially logged and misused if in the wrong hands.
By now, I am hoping that you're familiar with how to open the privacy section on the settings page. In the privacy section click on account info tab, and under the allow access to account info on this device heading, click the change button and turn off the account info access for this device.
OneDrive is a useful tool if you work using cloud storage and need access to various files from remote locations as well as keep backups to these files. But Microsoft’s OneDrive takes this to the extreme where it backs up all user data on the OneDrive cloud, which may even include sensitive information that needs to stay on your computer.
You and I know what can happen to your data if in the wrong hands, and yes, Microsoft's hands aren't the right hands either. They, too, could sell your data to various clients for advertising and whatnot.
So, it is always best to have your OneDrive sync turned off.
To do this, click the cloud button for OneDrive in your Windows 10 system tray, and then click on help & settings. From here, open the settings for OneDrive, and under the settings tab, uncheck the box ‘Start OneDrive automatically when I start Windows’.
I also usually like to keep OneDrive signed out so that there is no trouble from it whatsoever. To do this, in the same settings dialogue box, under the account tab, click on the unlink this PC link and click on unlink account on the confirmation dialogue box.
This will sign you out of your OneDrive account and stop all file sync with your OneDrive. In case you need to keep your files in cloud storage to access them remotely, I'd suggest using a different service like Google Drive or even Dropbox, which is much better than OneDrive.
Windows 10, to increase user convenience, offers a myriad of features that sometimes are just bad. One such feature is the Windows 10 sync that synchronises all your settings and personalisation across all devices where you use your Microsoft account.
This also includes stored passwords, accounts, and even sensitive payment information. If in case you sign in to your Microsoft account on a device you don't own, this sync would end up allowing anyone who uses that computer to have access to your personal accounts and passwords.
To disable Windows sync, go to the settings page, navigate to the accounts section and click on the sync your settings tab. Here, you can toggle the sync settings to off or even turn off the individual sync settings for each setting.
To be honest, I don’t think having the Windows 10 sync is very useful unless you’re using multiple devices with the same account. But you should take special care as to not use the same Microsoft account on any device that you don’t own or can be accessed by anyone besides yourself.
But even so, there isn’t enough functionality offered by the feature to compensate for its drawbacks for it to be a viable enough choice in practice.
Your browser is what you'll be forever using to access the internet, log in to important online accounts and even share personal information using. So, if your browser is vulnerable, your entire system will be.
The default browser for Windows 10 is Microsoft Edge, but unfortunately, the only use of Edge is to download a better browser. So, let’s have a look at Google Chrome instead, which is more popular than Edge.
But to be frank, the steps followed for chrome are easily transferrable to any other browser as long as you know what you’re looking for.
First and foremost, you need to clear all your browsing history and cookies to improve security and keep your computer clean. For this, simply open your browser, go to the settings page and navigate to the privacy section.
Here click on the clear browsing data button, after which you'll be able to select what data to delete from your browser and for what time period you want this data removed.
Next, in the general section, choose the passwords option and turn off the option ‘offer to save passwords' that ensures that your browser doesn't save any of your online account passwords.
Finally, for a bit of added protection, while surfing the internet, I always install an adblocker plugin that can block all ads on the internet, which might sometimes be spam.
Sometimes, applications running in the background are useful for multitasking where you can leave a process running to finish in the background while you do something else. But sometimes, these apps could also cause some trouble to the user.
For example, background apps that consume too many resources will slow down the entire system and make user processes slower. But we intend to improve privacy in your computer, not performance.
Another issue that concerns our area of interest is spyware. Spyware usually comes in the form of background processes that keeps a log of everything going on in the system and then share it with the malicious user responsible for the spyware. Allowing all apps in your computer to run in the background only benefits such malware.
To disable background processes, simply visit our old friend, the privacy section on the settings page. Here, go to the background apps tab, and simply click to toggle the let apps run in the background to off.
However, I wouldn’t recommend you completely disable all background apps, but only disable selective apps that aren’t quite necessary to run in the background. For example, while you might need your Power manager to run in the background, I don’t think it is necessary to have your calculator do the same.
‘Automatic file downloads’ is a generally more recent feature introduced into Windows around last year's fall.
This feature works to allow apps to download and use online-only files and documents while running on your computer. This is especially useful if you work with cloud storage and need to access documents across multiple devices.
In the privacy section on the settings page, navigate to the automatic file downloads tab, and here you can unblock any app that was previously blocked from downloading and using online-only files and documents.
Microsoft would absolutely enjoy keeping track of all the websites you browse and apps you use if given permission to do so, which is always allowed by default (funny how that works). It claims this occurs to give you a better user experience while using Windows 10.
Besides this, Windows can also send all your data to Microsoft as feedback or for diagnostics in case of a crash and to improve the overall performance of the operating system. This is quite scary if you think about it, allowing a provider to keep track of all your activity and even sending this to the vendor itself by claiming to improve performance.
To disable this setting or at least restrict it up to a certain limit, visit the privacy section in the settings page and go to the diagnostics & feedback tab. Here, make sure that optional diagnostic data isn’t selected and only required diagnostic data is selected.
The former allows tracking of the websites and apps you use, and the latter only looks at the system and local settings in the computer itself.
You can also turn off the option tailored experiences which allows Microsoft to use your data to offer you specific tips and recommendations to enhance your experience. Furthermore, you can turn on the view diagnostic data option available in this section that lets you see the data collected by the operating system in the diagnostic data viewer.
Scrolling down the page, you also have the option to delete all your diagnostic data if you’d like Windows to not send it to Microsoft. Finally, I also recommend you set the feedback frequency to never so that Windows never shares your information with Microsoft as feedback.
Windows, as it usually does, would like to track each and everything you do on the OS to "enhance your user experience". However, such "enhancements" are usually excuses to gather and store your data under the pretence of improving your experience with the operating system.
Activity history simply promises to jump back to whatever document or website that you were using previously, even after a change of computers (provided you had account sync enabled on your Microsoft account). For this, Windows continuously keeps track of whatever you are doing and also keeps a log of your activity history.
However, as always, we want to minimise the amount of personal data that Windows or Microsoft has stored about you, and disabling activity is one of the ways to do so.
To do this, first, go to the privacy section on the Windows settings page and click on the activity history tab. Here, turn off the options, store my activity history on this device, and send my activity history to Microsoft.
Additionally, if you have any Microsoft accounts stored on the device, toggle off the options to show activities from these accounts for each such account.
Finally, you can also clear all activity history from your Microsoft account further down the same page. All you have to do is click on the option clear history for – corresponding Microsoft email address – that removes all stored activity history for a specified email account.
Windows apps can share and sync data with external wireless devices such as headphones, TVs, projectors, etc. This means that the external device is capable of gathering information from your computer without even physically connecting to it or without pairing with it.
Being something that can be exploited by malicious users, we don’t want this feature enabled in our computers.
To disable this feature, in the privacy section, go to the other devices tab and toggle the communicate with unpaired devices option to off. But if in case you don’t want to fully disable it, you can always choose apps that can communicate with unpaired devices yourself by clicking on the namesake link.
I prefer doing the latter, as disabling communication with unpaired devices completely takes away quite a bit of functionality from your Windows 10 OS.
Tasks allow you to set up important processes or programs to run automatically when triggered by a specified condition. Conditions could be a given time, completion of a previous process, or even connecting devices.
If left unchecked, any user on your computer will be able to access your task and use them for their apps and even change their triggering conditions. This could create quite some trouble for you and all your processes that depend on the triggering of the task.
To counter this, you can disable access to tasks altogether by going to the privacy section on your computer settings page. Then, go to the tasks tab and toggle the tasks access for this device to the off position.
If you don’t want to disable all tasks access and still want to allow a few apps to access tasks on your computer, you can choose which apps can access your tasks on the same page.
If you don’t want to hand over most of your data to Microsoft or malicious users, you probably want to make sure to include your email, personal or business, in that list as well. Your emails might contain a myriad of sensitive data ranging from bank details, personal IDs, information about your work, and even information about your family and friends.
Information is important as this, when compromised and exploited, could create quite a lot of trouble for your personal and professional life. I'm not saying Microsoft would exploit this, but I like to stay cautious.
To disable app access to emails, simply go to the email tab in the privacy section on your computer's settings page. Here, under the allow access to email on this device section, toggle the email access for this device to off.
Like most other settings on this list, you also have the option to choose which apps can access your email so as to not take away the entire functionality in your computer.
If you use email applications like Mozilla Thunderbird or Outlook, I would recommend you choose this latter option. If you choose the former, you will not be able to use such email client applications on your computer. However, you will be able to use online clients in your browser.
Even if you've got a password or a PIN set up in your computer to prevent unauthorised access to your account, a user using your computer can see a bit of your information on the lock screen or account selection screen.
This information could be the email address affiliated with your account, notifications that you've received, and sometimes even important reminders that you have set. To disable such lock screen information, there are a few steps to follow.
First, go to the accounts section on your settings page and then to the sign-in options tab. Here, under the privacy heading, set the “show my account details such as my email address on the sign-in screen “, switched off.
Next, go to the personalisation section on the settings page, and click on the lock screen tab. On this page, you can remove any apps that you’ve added to be displayed on your lock screen by clicking on the app and selecting the none option from the drop-down menu.
Finally, in the system section of the settings page, navigate to the notifications & actions tab, where you can edit how notifications are delivered on the lock screen. Mainly, just make sure that the two options – show notifications on the lock screen and show reminders and incoming VoIP calls on the lock screen are unchecked.
These 3 steps should ensure that all important information that would be otherwise displayed on the lock screen will be disabled. This way, unauthorised users will not be able to view any of your sensitive information or notification.
While installing Windows, you're usually required to create a Microsoft account to sign in and use the operating system. This account allows you to sync your computer settings and preferences with other devices by using the same Microsoft account.
This common account to sync all user data also means that if in the wrong hands, it will be potentially very dangerous. Access to this account by malicious users will lead to your data being exploited by them for personal benefits.
To prevent such a mishap, all you have to do is use a local account instead of a Microsoft account. A local account has almost all the benefits of using a Microsoft account except the sync feature.
To do this, simply open the settings page on your computer and go to the account section. Now, choose the ‘your info’ tab and click on sign-in with a local account instead and follow the following steps.
This will allow you to create a local user account and secure it using a fingerprint, password, PIN and even use smart locking features.
The only drawback to this is that you wouldn’t be able to use the same preferences and settings across multiple devices with the same Microsoft account. But this is only a small inconvenience, and it takes a maximum of 10 minutes to change settings and preferences on your new devices to match your liking.
Windows 10 has quite an interesting way of installing updates on your computer; it checks whether any of your peers on your network have installed the latest Windows update and, if so, downloads the update from that computer into yours to update your computer as well. This works in reverse as well.
While it might seem like a nifty feature at first, it couldn’t be further from it. The feature can be quite easily exploited to extract files from your computer as well as send malicious files to your computer. Also, the overhead it creates along with the network lag is too much due to this huge data transfer.
Besides the problems mentioned above, this feature also unnecessarily updates your computer even when you don’t want it to, which is a nightmare on its own.
So, let’s look at how to disable this.
First, go to the settings page on your computer and then navigate to the update & security section.
Next, click on the delivery optimisation tab and toggle the allow downloads from other PCs option to off to disable your computer downloading latest updates from peer computers on the same network.
You can define how your personal preferences and information is used by Windows. This information includes personal behavioural information such as speech, inking, and typing data or preferences.
Speech data could be your voice data such as commands and interactions that you might have had with Cortana; typing and inking data is just your typing history and handwriting (for touchscreen surface devices) that is used to build a local user dictionary which makes text-entry suggestions to improve your user experience.
If you’ve been reading this article so far, you know that this isn’t a feature that we are going to let stay enabled for long.
First, to disable the speech recognition, open the privacy section in the Windows settings page, and go to the speech tab. Now, simply turn off online speech recognition, and we're done with that.
Next, click on the inking & typing personalisation tab in the same section, and again, turn off the getting to know you feature. Furthermore, you can view your personal dictionary created by the OS and even clear it if required.
If your computer is used by other people besides you, like siblings, parents, or roommates, you wouldn’t have a lot of privacy on your account on the computer. This means that every user has access to your data, even if it is sensitive.
This isn't a perfect scenario for you, and a new computer might not be affordable for you at the moment. That doesn’t mean you have to share all your private information with other people.
Windows has a solution for this and allows you to create multiple user accounts on a single machine, each with its own settings and preferences. One user account could be used by your parents, one by your siblings, and so on.
Furthermore, you can also choose between standard user and administrator type accounts, and you should always set users besides yourself as standard users. These users will not be able to change the overall security and privacy settings that you've put in place.
To add users, go to the accounts section on your settings page. Here, in the family & other users tab, you have the option to either add a family member or add someone else to the PC. Both these options pretty much do the same function, the former being solely for family and allowing you more control over what they use the account for.
To add a user, simply click on the corresponding option and follow the steps as directed. You will, however, need to use a Microsoft account to add family members, but it isn't mandatory for other users.
To change the account type of a user, simply click on the user and click on the change account type, and in the new window, set the account type to a standard user.
I would also recommend you go one step further and use a standard user account for your day-to-day activities and work, and use the administrator account solely when you need to make any settings changes.
This simply reduces the chances of a non-authorised user gaining access to your admin account when you accidentally leave it logged in.
To learn more about password managers, read our article on the Cooltechzone website entitled Top 25 password managers in 2021.
In today’s world, privacy in all aspects of daily life is of paramount importance and priority to each and every individual. Your computer being a major point of importance in day-to-day life, improving its privacy should be of key priority as well.
The importance of privacy while using a computer is only going to become more and more important with more services converting to digital format every day.
In this article, we explored 23 different ways to improve your privacy on Windows 10 using some simple settings on the operating system. These can be implemented with quite ease and do not require the installation of any additional software or tools.
If you liked this article or have any different methods to share, please let us know by leaving a comment below.