Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2024-09-28 04:05:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changes as in Code suggestions

Browse Source 
Co-authored-by: noClaps <github@zerolimits.dev>
Co-authored-by: Pa1NarK <69745008+pixincreate@users.noreply.github.com>
This commit is contained in:
Ikel Atomig 2024-04-17 08:58:05 +00:00 committed by Daniel Gray
parent 768bcd7a7f
commit 4328038dc5
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3
1 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
docs/windows/privacy.md
View File

@ -1,15 +1,15 @@
---
title: Privacy in Windows
title: Achieving Privacy
icon: material/incognito
---
## Using Microsoft account
You should never sign-in to Windows with a Microsoft account. Signing-in to applications like Microsoft Office (which some users are required to do for their school or company) will trigger a dark pattern offering you to sign in to Windows, which will connect your device to your Microsoft account, and make it easier to send data to Microsoft servers and it is critical to reject this offer.
You should avoid sign in to Windows with a Microsoft account. As signing in to applications like Microsoft Office (which some users are required to do for their school or company) will trigger a dark pattern offering you to sign in to Windows, which will connect your device to your Microsoft account, and compels sending data to Microsoft servers and it is critical to reject this offer.
Its worth noting that according to [this study](https://www.autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/public_version_dutch_dpa_informal_translation_summary_of_investigation_report.pdf) it seems that Windows collects more telemetry when signed into a Microsoft Account.
![Using account for specific app](/assets/img/windows/signin-one-app.webp)
![Using account for specific app](/docs/assets/img/windows/signin-one-app.webp)
You should log in to that specific app only if you need to.
@ -21,31 +21,36 @@ Create another standard user account and connect it to Microsoft account if you
To disable telemetry at full level, Open Group policy and navigate to `Computer Configuration` > `Administrative Templates` > `Windows Components` > `Data Collection and Preview builds` and choose as required
![Disable telemtry](/assets/img/windows/disable-telemetry.webp)
![Disable telemetry](/docs/assets/img/windows/disable-telemetry.webp)
The above works only if you use Enterprise or Education edition. If Professional, It will send required (Basic) data.
If you read this article - [https://www.softscheck.com/en/blog/windows-10-enterprise-telemetry-analysis/](https://www.softscheck.com/en/blog/windows-10-enterprise-telemetry-analysis/), Enterprise even sends data even though telemetry is disabled. But there is no updated info about this available.
Disabling full telemtry or sending basic data to Microsoft is totally upto the user's threat model.
Disabling full telemetry or sending basic data to Microsoft is totally upto the user's threat model.
- [ ] Disable `Automatic Sample Submission` in Windows Defender will send your files as a sample for Signature Database and might leak your data. You can do it via the below Group Policy so to not prompt you again and again constantly.
- [ ] Disable `Automatic Sample Submission` in Windows Defender, as the feature will send your files as a sample for Signature Database and might leak your data. You can do it via the below Group Policy so to not prompt you again and again constantly.
```
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > MAPS > Send file samples when further analysis is required to Never Send.
```
- [ ] Disable Windows spotlight by navigating to `User Configuration` > `Administrative Templates` > `Windows Components` > `Cloud Content` and setting **Turn off all Windows Spotlight features** policy to disabled.
!!! note
This explicitly disables Windows spotlight features in Lockscreen and Desktop to severe unnecessary between Microsoft servers and the device.
- [ ] Disable Windows spotlight by navigating to `User Configuration` > `Administrative Templates` > `Windows Components` > `Cloud Content` and setting **Turn off all Windows Spotlight features** policy to enabled.
- [ ] Disable in Bing integration in Windows search, by navigating to `Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results`. This way your search queries for local indexed data is not sent to Microsoft.
<div class="admonition note" markdown>
<p class="admonition-title">Note</p>
This explicitly disables Windows spotlight features in Lockscreen and Desktop to sever unnecessary connections between Microsoft servers and the device.
</div>
- [ ] Disable Bing integration in Windows search, by navigating to `Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results`. This way your search queries for local indexed data is not sent to Microsoft.
- [ ] Disable notification in the Lock screen in Windows settings
![Lock screen notification](/assets/img/windows/lock-screen-notifications.webp)
![Lock screen notification](/docs/assets/img/windows/lock-screen-notifications.webp)
- [ ] Disable Online Speech recognition and Voice activation
![Alt text](/docs/assets/img/windows/online-speech.webp)
![Alt text](/assets/img/windows/voice-activation.webp)
![Alt text](/docs/docs/assets/img/windows/online-speech.webp)
![Alt text](/docs/assets/img/windows/voice-activation.webp)
- [ ] Disable delivery optimization in Windows Update settings.
@ -63,13 +68,13 @@ To prevent other users from accessing your secondary data drives. Type `gpedit.m
Go to `User Configuration` > `Administrative Templates` > `Windows Components` > `File Explorer` and set the Group Policy as below.
![Restrict-drive](/assets/img/windows/drive-restriction.webp)
![Restrict-drive](/docs/assets/img/windows/drive-restriction.webp)
The above configuration will restrict other users to the OS drive where Windows is installed. Making total isolation between your Account and other user account.
If it's a shared drive with another person but you don't want the user to access sensitive data then use EFS. EFS encrypts the documents so that the user who encrypted it can only access it and not others.
![EFS](/assets/img/windows/EFS.gif)
![EFS](/docs/assets/img/windows/EFS.gif)
It is better to export the Private key certificate and store in a safe place so as to use the file later in other devices. To do so,