Windows 11 Privacy Settings Guide

In the digital age, privacy has become a paramount concern for users around the globe. With the release of Windows 11, Microsoft has introduced a range of new features and improvements designed to enhance user experience. However, these advancements also come with new privacy implications that users need to understand and navigate.

This settings guide is designed to be your comprehensive guide to managing and protecting your privacy on Windows 11. Whether you're a casual user or a tech enthusiast, understanding how to configure and optimize your privacy settings is crucial. This guide will walk you through the best privacy settings in Windows 11 while not sacrificing usability.

Fresh Install

1. Download the appropriate ISO from Microsoft: https://www.microsoft.com/software-download/windows11
2. At the initial boot screen choose English World. This will disable ad’s and other location specific bloatware.
3. If OOBERION error happens → Skip
4. Chose Setup for work or school
5. Click Sign-in options
6. Click Domain Join Instead
7. Name the computer something random (chose a planet, an animal, etc. NOT something that is tied to your identity
8. Skip setting up a password (Add one after installation, skipping it now allows you to bypass security questions)
9. In the Choose privacy settings for your device: select No for everything
10. Run through rest of setup until Windows starts up
11. If you need certain location specific Windows Apps go to Settings  and search Region. Open then change region to English (US)  

Debloat

1. Right click taskbar → Taskbar Settings
2. Toggle Widgets & Chat to Off

WinUtils

This open source utility is a compilation of Windows tasks that is meant to streamline installs, debloat, and fix Windows updates. It must be run in Admin mode since it performs system-wide tweaks. Open PowerShell or Windows Terminal as administrator:

1. Open PowerShell
   1. Right click start on the start menu
   2. Choose PowerShell As Admin (May also be labeled as Terminal As Admin)
2. Command: irm christitus.com/win | iex
   1. Sometimes Windows Defender/Security will block this script, if that is the case then run this command: [Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12;iex(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ChrisTitusTech/winutil/main/winutil.ps1')
   2. If problems persist then try changing your DNS provider to 1.1.1.1
3. Click Install tab at the top
4. Select Brave then Install Selection
   1. Open Brave browser and click Set As Default Browser
5. Click Tweaks tab at the top and select the following then press Run Tweaks:
   1. Create Restore Point
   2. Run OO Shutup
   3. Disable Telemetry
   4. Disable Wifi-Sense
   5. Delete Temporary Files
   6. Run Disk Cleanup
   7. Disable Activity-History
   8. Disable Location Tracking
   9. Disable Homegroup
   10. Disable Storage Sense
   11. Disable Hibernation
   12. Disable GameDVR
   13. Set Services to Manual
   14. Disable Power Throttling
   15. Enable NumLock on StartUp
   16. Disable Taskbar Widgets
   17. Disable Bing Search 
6. Reboot

Privacy Settings for Windows 11

Some of these settings will already be made from using WinUtils in the last section, and some need to be manually configured. 

Notifications

Windows Key → Settings → System → Notifications

• Scroll Down to Additional Settings
  • Turn off: Show the Windows welcome experience after updates and when signed in to show what's new and suggested
  • Turn off: Suggested ways to get the most out of Windows and finish setting up this device
  • Turn off: Get tips and suggestions when using Windows

Remote Desktop

Windows Key → Settings → System → Remote Desktop

• Turn off
• Turn On: Require device to use Network Level Authentication

*** This is not available in Windows Home Edition.

Nearby Sharing

Windows Key → Settings → System → Nearby Sharing

• Turn off, enable when needed.

Bluetooth & Devices

Windows Key → Settings → Bluetooth & Devices

• Mobile Devices → Phone Link: Off 
• AutoPlay → Use AutoPlay for all media and devices: Off

Network & Internet

Windows Key → Settings → Network & Internet → Ethernet → DNS Server Assignment → Edit

• Edit DNS Settings: Manual
• IPv4: On
  • Preferred DNS: 9.9.9.9
  • DNS over HTTPS: On (automatic)
  • Fallback to plaintext: Off
  • Alternate DNS: 1.1.1.1
  • DNS Over HTTPS: On (automatic)
  • Fallback to plaintext: Off
• IPV6: Off

Windows Key → Settings → Network & Internet → Wi-Fi

• Random Hardware Addresses: On
• Hardware Properties → DNS Server Assignment → Edit
  • Edit DNS Settings: Manual
  • IPV4: On
    • Preferred DNS: 9.9.9.9
    • DNS over HTTPS: On (automatic)
    • Fallback to plaintext: Off
    • Alternate DNS: 1.1.1.1
    • DNS Over HTTPS: On (automatic)
    • Fallback to plaintext: Off
  • IPV6: Off

Personalization

Windows Key → Settings → Personalization

• Lock Screen → Personalize your lock screen
  • Select Picture or Slideshow - Pick something that does not reveal personal information
  • Get fun facts, tips, tricks, and more on your lock screen: OFF
• Start
  • Show recommendations for tips, shortcuts, new apps and more: Off
• Device Usage
  • Turn off everything

Sign-in Options

In order of recommendation to sign in: Security key, fingerprint recognition, Password (or passphrase), PIN, Picture Password, or Facial recognition.

Windows key → Settings → Accounts → Sign-in Options

• Show account details such as my email address on the sign-in screen: Off
• Automatically save my restartable apps: Off

Time & Language

Windows Key → Settings → Time & Language → Typing

• Show text suggestions when typing on the physical keyboard: Off
• Multilingual text suggestions: Off
• Autocorrect misspelled words: Off
• Highlight misspelled words: Off
• Typing insights: Off

Privacy & Security

Windows Key → Settings → Privacy & Security

• Find My device: Off
• General: Turn all off
• Speech → Online Speech recognition: Off
• Inking & typing personalization → Custom inking and typing dictionary: Off
• Diagnostics & feedback
  • Diagnostic data → Send optional diagnostic data: Off
  • Improve inking & typing: Off
  • Delete Diagnostic data: Delete
  • Feedback frequency: Never
• Activity History → Send my activity History to Microsoft: Off
• Search Permissions → Cloud Content Search
  • Microsoft account: Off
  • Work or School account:  Off
• Search Permissions → More Settings → Show search highlights:  Off
• App Permissions → App Diagnostics → App diagnostic access: Off

Windows Update

Windows key → Settings → Windows Update → Advanced Options → Delivery Optimization → Allow Downloads from other PCs: Off

Disable Ads in File Explorer

1. Open File Explorer and click the 3 dots on the top menu bar.
2. Select Options
3. On the popup window click the View Tab
4. Uncheck Show sync provider notifications
5. Click Apply
6. If available, click Apply To Folders

Disable Telemetry Service

1. Windows key + r →  type in services.msc and press Enter
2. Double click Connected User Experiences and Telemetry
3. Startup Type: Disabled
4. Press the Stop button for Service Status
5. Click Ok

Disable Trending Searches & Web Search

1. Windows Key + r → type in regedit and press Enter
2. Click Yes if a popup occurs.
3. Navigate to: Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search
4. Right click on empty space: New → DWORD (32-bit) Value
5. Name it: BingSearchEnabled
6. Double Click on the entry you just created, set the Value Data to 0.
7. Open Task Manager → Processes
8. Select and right Click on Windows Explorer and select Restart

Disable Copilot

1. Windows key + r → type in regedit and press Enter
2. Click Yes if popup occurs
3. In the left navigation window, right click on Windows
4. Go to New → Key and name it WindowsCopilot
5. Right click on the entry you just made: New → DWORD (32-bit) Value
6. Name it: TurnOffWindowsCopilot
7. Double click on it make sure Value data is set to 1 and press OK
8. Open Task Manager → Processes
9. Select and right click on Windows Explorer and select Restart

Brave Browser Privacy Settings

Appearance

Settings → Appearance

• Show Brave News Button: Off
• Show Brave Rewards Button: Off
• Show Brave Wallet Button: Off
• Top Sites: Off
• Leo AI Assistant: Off
• Always show full URLS: On

Shields

Settings → Shields

• Trackers and ad blocking: Aggressive
• Upgrade connections to HTTPS: Strict
• Block fingerprinting: Strict
• Block Cookies: Only Cross-site
• Auto-redirect AMP pages: On
• Auto-redirect tracking URLs: On
• Prevent sites from fingerprinting me based on my language preferences:  On

Privacy and Security

Settings → Privacy and Security

• Use Google services for push messaging:  Off
• Allow privacy-preserving product analytics (P3A): Off
• Automatically send daily usage ping to Brave: Off
• Automatically send diagnostic reports: Off
• Disable non-proxied UDP: Disabled
• Security
  • Standard Protection
  • Use secure DNS:  On
  • Select DNS Provider: Cloudflare
  • Manage V8 security: Don’t Allow sites to use the V8 Optimizer
• Site and Shields → Additional permissions
  • Ethereum: Block sites from accessing the Ethereum provider API
  • Solana: Block sites from access the Solana provider API

Other Settings

• Settings → Extensions
  • Hangouts: Off
  • WebTorrent: Off
• Settings → Web3
  • Method to resolve IPFS resources: Off
  • Default Ethereum Wallet: Extensions (no fallback)
  • Default Solana Wallet: Extensions (no fallback)

Search Engine

Settings → Search engine

• Improve search suggestions: Off
• Web Discovery Project: Off

Autofill and Passwords

Settings → Autofill and Passwords

• Allow auto-fill in private windows: Off
• Password Manager → Settings
  • Offer to save passwords: Off
  • Sign in automatically: Off
• Payment Methods
  • Save and fill payment methods: Off
  • Allow sites to check if you have payment methods saved: Off
• Addresses and more → Save and fill addresses: Off

Additional Settings

1. In the Brave browser go to brave://rewards
2. If it is enabled click on Reset
3. Click the checkbox then click Reset
4. Open up a new tab and click on Customize at the bottom of the page.
5. Background Image → Show Sponsored Images: Off
6. Brave News → Show Brave News: Off
7. Cards → Click Hide for all of them and turn Cards Off

ProtonVPN Configuration

Sign up and download ProtonVPN: https://protonvpn.com/download-windows Go through installation process and sign in to ProtonVPN

• Click on Secure Core button → Secure Core On
• Select a country you want to route through and click Connect
• Countries → Kill Switch → Permanent Kill Switch
• Settings → General
  • Start on boot: On
  • Connect on app start: On
  • Show Notifications: On
• Settings → Connection
  • VPN Accelerator: Off
  • Auto Reconnection: On
• Settings → Advanced
  • DNS Leak Protection: On
  • Allow Alternative Routing: On
  • IPV6 Leak Protection: On
  • Split Tunneling: Off

Resources

https://www.privacy.sexy