There's no doub that M$ has been using some nasty data collection methods since windows vista, and now with windows 10 there's no where to hide, even with group policies disabling this same data collection [source].
With windows 7 end of support coming soon and the updates send via windows update to 7/8/8.1 already enabling heavier data collection tools, it's time either to move to linux or mutilate windows 10, and that's why I'm here today.
First of all, if windows firewall isn't compromissed already, I would propose this set of rules [credits to shewolf from MDL]:
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Allow Windows Update"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|RPort=443|App=C:\\Windows\\system32\\svchost.exe|Svc=wuauserv|Name=Windows Update|Desc=Rule created by shewolf on 08/24/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Allow Windows Update|"
"Block Windows Dmwappushservice"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\\windows\\system32\\svchost.exe|Svc=dmwappushservice|Name=Windows Dmwappushservice|Desc=Rule created by shewolf on 08/24/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block Windows DiagTrackservice"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\\windows\\system32\\svchost.exe|Svc=DiagTrack|Name=Block Windows DiagTrackservice|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block Search and Cortana"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\searchui.exe|Name=Search and Cortana application|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block SIH Client"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\\windows\\system32\\sihclient.exe|Name=SIH Client|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block Microsoft Windows Search Indexer"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\\windows\\system32\\searchindexer.exe|Name=Microsoft Windows Search Indexer|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block All Out traffic from WinDefend"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=%ProgramFiles%\\Windows Defender\\MsMpEng.exe|Svc=WinDefend|Name=Block Out WinDefend|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block Windows Defender User Interface"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\\program files\\windows defender\\msascui.exe|Name=Windows Defender User Interface|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block SearchUI"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\searchui.exe|Name=Block SearchUI|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block All Out traffic from Explorer"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=%SystemRoot%\\explorer.exe|Name=Block Out from Explorer|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block Windows Process"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\\windows\\system32\\svchost.exe|Svc=IKEEXT|Name=Process for Windows Services |Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block Windows Problem Reporting"="v2.24|Action=Block|Active=TRUE|Dir=Out|App=C:\\windows\\system32\\wermgr.exe|Name=Windows Problem Reporting|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
"Block Microsoft Telemetry IP"="v2.24|Action=Block|Active=TRUE|Dir=Out|RA4=64.4.0.0/255.255.192.0|RA4=65.52.0.0/255.252.0.0|RA4=157.56.91.77|RA4=168.61.0.0/255.255.0.0|RA4=168.62.0.0/255.254.0.0|RA4=23.212.108.121-23.212.108.162|RA4=111.221.29.0-111.221.29.255|Name=Block Microsoft Telemetry IP|Desc=Rule created by shewolf on 08/25/2015 18:24:52. Do not edit rule by hand|EmbedCtxt=Block Microsoft Telemetry|"
Next, tweak the registry and disable some unwanted services:
Code:
chcp 1251> nul
echo
REM --- Disable Indexing Service, tracking and collection of information to send ---
net stop DiagTrack
net stop diagnosticshub.standardcollector.service
net stop dmwappushservice
net stop WMPNetworkSvc
net stop WSearch
sc config DiagTrack start=disabled
sc config diagnosticshub.standardcollector.service start=disabled
sc config dmwappushservice start=disabled
sc config WMPNetworkSvc start=disabled
sc config WSearch start=disabled
REM --- Disabling telemetry and data acquisition ---
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableUAR" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener" /v "Start" /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger" /v "Start" /t REG_DWORD /d 0 /f
DEL /p C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
REM --- The frequency of the formation of reviews "Never" ---
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d 0 /f
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /f
REM --- Disable job scheduler to collect your information to send, and others. ---
schtasks /Change /TN "Microsoft\Windows\AppID\SmartScreenSpecific" /Disable
schtasks /Change /TN "Microsoft\Windows\Application Experience\AitAgent" /Disable
schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable
schtasks /Change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /Disable
schtasks /Change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /Disable
schtasks /Change /TN "Microsoft\Windows\Autochk\Proxy" /Disable
schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /Disable
schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /Disable
schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /Disable
schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\BthSQM" /Disable
schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\HypervisorFlightingTask" /Disable
schtasks /Change /TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /Disable
schtasks /Change /TN "Microsoft\Windows\FileHistory\File History (maintenance mode)" /Disable
schtasks /Change /TN "Microsoft\Windows\Maintenance\WinSAT" /Disable
schtasks /Change /TN "Microsoft\Windows\NetTrace\GatherNetworkInfo" /Disable
schtasks /Change /TN "Microsoft\Windows\PI\Sqm-Tasks" /Disable
schtasks /Change /TN "Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" /Disable
schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyMonitor" /Disable
schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyRefresh" /Disable
schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable
schtasks /Change /TN "Microsoft\Windows\WindowsUpdate\Automatic App Update" /Disable
Let's kill onedrive:
Code:
REM --- Total stop OneDrive ---
TASKKILL / F / IM OneDrive.exe / T
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /v "DisableFileSyncNGSC" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /v "DisableLibrariesDefaultSaveToOneDrive" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /v "DisableMeteredNetworkFileSync" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\Onedrive" /v "DisableFileSyncNGSC" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\Onedrive" /v "DisableLibrariesDefaultSaveToOneDrive" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\Onedrive" /v "DisableMeteredNetworkFileSync" /t REG_DWORD /d 1 /f
reg add "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v "System.IsPinnedToNameSpaceTree" /t REG_DWORD /d 0 /f
reg add "HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v "System.IsPinnedToNameSpaceTree" /t REG_DWORD /d 0 /f
reg add "HKEY_CURRENT_USER\Software\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v "System.IsPinnedToNameSpaceTree" /t REG_DWORD /d 0 /f
reg add "HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v "System.IsPinnedToNameSpaceTree" /t REG_DWORD /d 0 /f
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "OneDrive" /f
And finally block some servers from communicating
Code:
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 rad.msn.com
0.0.0.0 preview.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msn.com
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 a.rad.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 ac3.msn.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 b.rad.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 c.atdmt.com
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 ec.atdmt.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 live.rads.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 m.adnxs.com
0.0.0.0 m.hotmail.com
0.0.0.0 pricelist.skype.com
0.0.0.0 rad.live.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 static.2mdn.net
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 secure.adnxs.com
0.0.0.0 sO.2mdn.net
0.0.0.0 ui.skype.com
0.0.0.0 www.msftncsi.com
0.0.0.0 msftncsi.com
0.0.0.0 view.atdmt.com
If you're lazy and like some more automated there are pretty good solutions, for example, a script by Yasser Da Silva named Win 10 Toggle Tweaker
Features of the current version:
Code:
Some of the features
User Interface Tweaks:
-Change Dark Theme For Apps
-Enable/Disable Taskview button in Taskbar
-Change Volume Control UI
-Change Notification center UI
-Change Battery Status UI
-Change Cortana size in Taskbar
-Enable/Disable Transparency and Blur in : Taskbar -Notification center-Clock...
-Replace Logon screen Background Image with your accent color
-Enable/Disable Thumbnail Previews in File explorer
-Change OEM Information
Enable/Disable stuff In Windows 10
-Bring back Old Windows photo viewer
-Enable/Disable Lockscreen
-Enable/Disable Hibernation
-Enable/Disable Windows Smart Screen Filter
-Telemetry and Data collection
-Disable default Quick Access view in Explorer
-Enable/Disable Snap Assist
-Enable/Disable "You have new app that can open this file." Notification
-Enable/Disable Windows Firewall
-Enable/Disable Windows Defender*FIXED
Speed Up PC Performance
-Measure windows restart time
-Disable CPU Core Parking For more CPU Performance
-Speed up apps and services End Tasks
-Disable Some unnecessary services to speed up restart time
-Boost SSD Performance*FIXED
Manage Microsoft Edge browser
-Disable Ads
-Dark/Light Theme
-Change Browser Home Button page
-Change default download directory
-Ask to close all tabs ?
-Enable/Disable Cortana inside the browser
-Enable/Disable Adobe Flash Player
-Enable/Disable Favorites Bar
-Change NewTab Page (Limited)
Manage Updates
-Enable/Disable Automatic Windows Updates
-Enable/Disable Automatic Windows Apps Updates
-Enable/Disable Notifications about new Preview Builds after RTM
-Clean Windows Update Junk
-Enable/Disable Windows Delivery Optimization (Update sharing)
Manage Folders In "This PC"
-Remove Folders From This PC and brig them back
Manage OneDrive
-Enable/Disable OneDrive
-Remove Onedrive/Dropbox Icon in File explorer
-Disable and delete Onedrive
Manage Windows Features
-Show Windows features list
-Enable a feature
-Disable a feature
-Disable and Remove feature Payload (clean feature files)
-Show "Turn Windows features on or off" window
Manage User Accounts
-Show me my User accounts
-Change specific user account Password
-Add NEW user account
-Delete a user account
Context Menu Tweaks
-Add "Grant Admin Full Control" to Files and Folders
-Add Select Context menu
-Remove Pin to Quick access
-Add classic Personalize to Desktop
-Remove Screen Resolution from Desktop
-Add Power Options to Desktop
Manage Windows apps*NEW (BETA)
-Remove a Specific Windows app
-Remove All Built-in Apps (except Store)
-Re-install a Specific Windows app
-Re-install All Built-in Apps