Windows logs a lot of data. Handy, because some information can help you troubleshoot your system or make you more efficient. But there is also a downside: a lot of information flows towards Microsoft, which is less fun for those who value their privacy.
Tip 01: Forensic analysis
To give you an idea of the amount of information that Windows keeps about your computer use, we would like to include a few external tools. One of them is free LastActivityView. Once you start up the portable program, it lists a whole range of activities including time stamp, including connections you have established with wireless networks, tasks and applications you have run or installed, folders you have viewed, the times when you have entered the system started up and shut down, and so on.
Even more information reveals the forensic tool OSForensics (free for 30 days). If you are the main section User Activity opens, Live Acquisition of Current Machine check and on the Scanbutton, after some time all detected tracks appear in clear sub-headings. Also check out the other main sections, such as Deleted File Search and Passwords. You soon notice that Windows keeps a lot of data. Where exactly all this data is stored, you can partly find out from the columns Data source in LastActivityView and Location in OSForensics. If you want to delete such stored information, visit the LastActivityView website, they will give you concrete tips.
LastActivityView and OSForensics bring up astounding amounts of information
Tip 02: Logs
The so-called Windows logs are without a doubt the most extensive log files of the operating system and contain information that can be absolutely useful during troubleshooting. You can access these logs via Windows key + R after which you eventvwr.msc performs. Open the section in the left part of the window Logs (local). In the middle you will see a brief overview of the most important management events, organized by event type such as Criticism, Wrong, Warning and Information. During troubleshooting, you are probably mainly interested in the first two types. The different columns, such as Last hour and Make 24 hours you know how many items were recorded when. With a double click you zoom in on the associated events, which are shown in reverse chronological order by default. Double-clicking on a specific item will open additional information (on the tab General).
Tip 03: Feedback
You will also find the link in the feedback window Help online. It will take you to a Microsoft service, but unfortunately this rarely provides useful information. Then you better enter the database www.eventid.net address. Enter here the (event-)Id in at Search Windows event id and possibly also the Source Event source (optional) and press Search. Reactions from fellow users soon appear and they are often useful. Another possibility is to use Google. Enter the id and source as search terms there too.
By the way, don’t be overwhelmed by the number of errors or warnings you may encounter in the logs. Focus only on troubleshooting problems that you actually experience and not on “problems” that do not bother you.
Tip 04: Display
By default, you will see a summary of the most recent management events in the logs, but if you are only interested in a specific event, create your own view. To do this, right-click in the left pane Custom views and choose Create custom view. If necessary, set a time period Registered, indicate the relevant levels and indicate whether you On log or yes On source want to search.
Choose you On log you will find the most important logs of Windows here. Chances are the log System has collected the most interesting events. However, when it comes to specific performance issues, such as a slow startup, you better snoop Logs Applications and Services / Microsoft / Windows / Diagnostics–Performance, possibly focusing on the event IDs 100-110. Confirm with OK, give your view a name and complete with OK.
By default, Windows keeps an overview of recently opened apps and other items
Tip 05: Activity history
New from Windows 10 version 1803 is the Activity History. This filing feature can be quite useful because it allows you to pick up the thread of previously created documents faster – even on other PCs, but at the same time, a lot of information can end up in the cloud. You switch the function on or off via Settings / Privacy / Activity History, where you place a check mark or remove it from Save my activity history on this device and possibly also at Send my activity history to Microsoft. The latter option means that data about visited websites and your use of apps and services are sent to Microsoft servers (if you are logged in with a Microsoft account). You can also indicate here for which accounts you (do not) want to keep track of those activities.
Through Manage activity data from my Microsoft account do you come here rightly so, where you are on the tab Activity overview selectively delete data with To clear. Or you can select a data type here, such as Apps and services or Locations, and clicks Activity to delete the associated data.
If you have the Activity History function enabled on your PC, after a while you will see a chronological overview of the activities performed, such as the opened websites and documents. Use the key combination Windows key + Tab or click the button on the left side of the Windows taskbar Task view.
Tip 06: Pot viewers
There are other data that Windows gathers that you may not be comfortable with – if only because you prefer to hide such information from potential snoopers. For example, Windows maintains an overview of recently opened apps and other items. To prevent that, open Settings / Personalization / Start and uncheck it Show most used apps and Show recently opened items in Jumplists […].
To use frequently used applications faster, Windows uses the so-called prefetch function. Just press Windows key + R and enter % systemroot% Prefetch off: the list of recently and frequently used apps becomes visible. To disable this feature, start Regedit and navigate to the key HKEY_LOCAL_MACHINE System CurrentControlSet Control Session Manager Memory Management Prefetch parameters. There, click on EnablePrefetcher in the right panel and change the default value 3 in 0.
Just be sure to create a system restore point before making any changes to the registry.
Tip 07: Privacy settings
When you install Windows 10 or perform a major update, a few questions come up that might just affect your privacy. This includes sharing your location data, allowing an advertising ID for personalized ads, and to what extent you want to send “diagnostic data” to Microsoft.
If you want to come back to one or more of these questions afterwards, open the Windows settings again and go to the category Privacy. Run both major sections Windows permissions and App permissions thoroughly and make informed choices. Besides, it’s not a bad idea to go through that process again after every major update – after all, you never know which settings Microsoft has secretly changed again.
It is not easy to stop the ongoing collection of telemetry data
Tip 08: Data flow
One of the sections in the Windows permissions section also deserves further attention: Diagnostics and feedback. This has everything to do with telemetry, which literally means “distance measurement”. Microsoft regularly collects all kinds of data in the background via a built-in telemetry module. This is not only about the connected hardware or how often a certain application is used, but also about the surfing behavior of the user (via Edge) and the content of texts written with an electronic pen. Microsoft uses this information to troubleshoot issues, provide users with appropriate updates, improve products and services, and to display personalized ads. In principle, you can view this diagnostic data yourself by clicking the switch button View diagnostic information on On and then clicking the button Open the diagnostic data viewer. After downloading and installing the tool, you will see an XML view of the data. If you attach great importance to your privacy, you may also want the options in this window Tailored experiences and Handwriting and typing improve on from and the option Base (instead of Fully) click at Diagnostic data. By for Base you partly limit the flow of information going to Microsoft. Partly, because according to a German survey, the option would Base approximately 500 tracing processes are still active!
Tip 09: Telemetry stop
In the window Diagnostics and feedback Although you also see an option to delete the data already collected, it is not possible to completely stop the telemetry flow. In Windows 10 Education and Enterprise, however, there is an extra mode with which you reduce the tracking processes to about 13 pieces. If you have either version, press Windows key + R again and enter gpedit.msc from. Navigate to Computer configuration / Administrative templates / Windows components / Data collection and preview versions. In the right pane, double-click Allow telemetry. click on Enabled and choose 0 – Security. Confirm with OK. Choose this Switched off, then you fall back on the institution you are in the category Privacy have set: Base or Fully.
Then also navigate to within the Windows components section Cloud content, double click on the function there Turn off experiences for Microsoft consumers to enable it correctly.
In Windows 10 Home or Professional, you can block the telemetric information flow as follows. Also press Windows key + R, enter services.msc off and double click Connected User Experiences and Telemetry service. click on Stop and set it Startup type in on Switched off. Confirm with OK. Then open the Task Scheduler and navigate to Task Scheduler Library / Microsoft / Windows / Customer Experience Improvement Program. Please select Consolidator and click on the right To end. Confirm with Yes. Repeat this (if desired) for the task UsbCeip.
Keep in mind that it may very well be that Microsoft reactivates this service or task with the next (major) update.
It may seem impossible to log into Windows with a local account, but you can
Tip 10: Privacy tool
From the section Privacy there are, as you can see, quite a few privacy-sensitive settings to adjust, but there are many more. They are sometimes hidden deep in Windows, but a free tool like DebotNet brings them up. If for some reason you don’t like DebotNet, there are many other similar tools (see also www.tiny.cc/winprito). DebotNet is portable and therefore does not need to be installed. The tool contains about a hundred parts that you can select. You decide which items you check, but you can also Select / recommended select to see the creators’ suggestions. If you are sure of your choice, press the Run-button.
Good to know: behind every part there is a script that you can use via the option Code visible, so you know which files, services or registry keys are involved. If you wish, you can edit the code (s) yourself and save with Save.
With the option Backup you can create a registry file for some selected scripts (28 in total) in the DebotNet folder. If you double-click on that reg file, you can undo the changes made to that script. However, we recommend that you create a system restore point before you start using DebotNet. Besides, one of the scripts is Create a System Restore Point, so you don’t even have to leave DebotNet.
Tip 11: Microsoft account
Signing in to Windows with a Microsoft account does offer some benefits, such as built-in OneDrive sync, easier access to the Microsoft Store, or a synced activity history, but it also gives you quite a bit of privacy. However, in the latest Windows editions it has been made virtually impossible to log in with a “local account” during installation.
Still, you can get around the almost mandatory use of a Microsoft account. Please disconnect your internet connection at the beginning of the installation. Click on the message “You are going to connect to a network” I have no internet / Continue with limited settings. You can also only disconnect your internet connection when you are asked to create a Microsoft account. An error message will appear, which you can ignore with To skip.
If you already have a Microsoft account, but would prefer to transfer from and to a local account, you can do that afterwards. Go to this Settings and choose Accounts / Family and other users / Add someone else to this PC. click on I do not have the registration information of this person and on Add user without Microsoft account and follow the further instructions.