I recently stumbled across a pretty interesting website – privacy.sexy.
It has a range of PowerShell scripts you can use to disable numerous telemetry processes and other privacy-related features within Windows (and Mac).
There are four filters to sort the scripts by: none, standard, strict, and all. ‘Strict’ provides stronger privacy and ‘disables risky functions that may leak your data’ and is recommended for daily users that prefer increased privacy over non-essential functions. ‘Standard’ shows scripts that are balanced for privacy and functionality and will ensure the OS and applications function normally. They also include a ‘Revert’ script which will allow you to undo the changes that the script made.
If you do not use Microsoft’s services such as OneDrive and Office then you could opt for the ‘Strict’ scripts, but you should still proceed with caution and check what each script does. For this post I will list those under the ‘Standard’ filter (as I personally use OneDrive and Office and would like to leave this unaffected).
Privacy Cleanup
This has the following scripts: clear application history, clear browser history, clear Windows logs and caches, clear credentials from Windows Credential Manager, delete controversial ‘defaultuser0’ user, empty trash bin, enable reset base in DISM component store, clear Windows product key from registry, clear volume backups (shadow copies), remove default apps associations, clear (reset) network data usage, and clear previous Windows installations.
Disable OS Data Collection
This has the following scripts: disable Windows telemetry and data collection, disable automatic driver updates by Windows Update, deny app access to personal information, disable location access, disable Windows Search data collection, disable targeted ads and marketing, disable biometrics (breaks fingerprinting/facial login), disable Windows Inside Program, disable cloud sync, disable cloud speech recognition, disable active probing (pings to MSFT NCSI server), opt out from Windows privacy consent, disable Windows Feedback, disable text and handwriting collection, turn off sensors, disable Wi-fi Sense, hide most used apps (tracks app launch), disable inventory collector, disable website access of language list, disable auto downloading maps, disable steps recorder, disable game screen recording, disable Windows DRM internet access, disable feedback on write (sending typing info), and disable activity feed.
Configure Programs
This has the following scripts: disable Visual Studio data collection, disable NVIDIA telemetry, disable Visual Studio code data collection, disable Microsoft Office telemetry, configure browsers, disable media player data collection, disable .NET Core CLI telemetry, disable PowerShell 7+ telemetry, disable Google update service, disable Adobe Acrobat update service, disable Razer Game Scanner service, disable Logitech Gaming registry service, disable Dropbox auto update service, and disable CCleaner monitoring.
Security Improvements
This has the following scripts: Meltdown and Spectre protection, disable unsafe features, increase cryptography on ISS, disable administrative shares, force enable Data Execution Prevention (DEP), disable autoplay and autorun, disable remote assistance, disable lock screen camera, prevent the storage of the LAN manager hash of passwords, disable Windows Installer always install with elevated privileges, prevent WinRM from using basic authentication, restrict anonymous enumeration of shares, refuse less secure authentication, enable structured exception handling overwrite protection (SEHOP), block anonymous enumeration of SAM accounts, restrict anonymous access to named pipes and shares, and disable the Windows Connect Now wizard.
Privacy Over Security
This has the following scripts: disable Windows Defender, and disable automatic updates.
UI For Privacy
This has the following scripts: disable online content in Explorer, recent documents, hide from This PC and browse in dialog boxes, disable lock screen app notifications, disable live tiles push notifications, turn off ‘Look for an app in the store’ option, do not show recently used files in Quick Access, disable sync provider notifications, turn hibernate off to disable sleep for quick start, and enabled camera on/off OSD notifications.
Disable OS Services
This has the following scripts: ‘Mail, contact, calendar and user data synchronisation’, disable Xbox services, delivery optimisation (P2P Windows updates), Microsoft account sign-in assistant (breaks Microsoft Store and Microsoft account sign-in), Program Compatibility Assistant Service, downloaded maps manager, Microsoft Retail Demo Experience, contact data indexing, app user data access, text messaging, Windows Push Notification service (breaks network settings view on Windows 10), disable Volume Shadow Copy service (breaks System Restore and Windows Backup), and disable NetBIOS for all interfaces).
Remove Bloatware
This has the following scripts: Uninstall Windows Store apps, remove OneDrive, disable built-in Windows features, uninstall capabilities and features on demand, uninstall Edge (Chromium-based), and remove Meet Now icon from taskbar.
Advanced Settings
This has the following scripts: change NTP (time) server to pool.ntp.org, disable reserved storage for updates, and run script on start-up (experimental).
As you can see, there are a lot of things that can be adjusted within Windows to improve the privacy and security of your device, and there are 627 scripts as of writing this post. Hopefully you will find some of these useful and be sure to share this with others who may benefit from it.