When you first get a new Windows computer (or set up an old one), you might be focused on downloading your favourite apps and transferring your files. This is also a good time to configure your machine to protect your privacy.
We all need to protect our private data. Whether you're carrying sensitive work files, sensitive pictures, or just your passwords, there's certain information you don't want other people to have. When you're first setting up a computer, you're establishing the habits you're going to use the entire time you have that machine. Rather than wait to care about your privacy later, it's better to get started on the right foot.
First, a disclaimer: with Windows 10 coming out at the end of the month, we decided it's best to write this guide as it pertains to Windows 10. Many of these settings, where applicable, still exist in Windows 8, but they may be in a different location or have slightly different names. In fact, even in the newest versions, settings are often duplicated in multiple places within the OS, but we'll cover it the best we can.
It's also worth mentioning that Windows still allows you to install any app you want. Once they're installed, those apps can do pretty much anything. Locking down your privacy in Windows won't do much if you install other apps that can still read your data.
Start with a Clean Install, Even If You Bought Your Computer New
Before you do anything, you should make sure you're starting from a clean slate. If you bought your computer from a store, it probably came with a lot of junk software that the manufacturer thought you might want (or that they were paid to include). Getting rid of this junk is a good idea from a performance standpoint. However, occasionally even otherwise decent manufacturers can include security and privacy-breaking junkware.
We already have a guide on how to remove crapware from your computer here, so we won't rehash the entire thing. However, you have two main options when you get a new computer:
- Wipe the machine and reinstall Windows from scratch: This is one of the surest ways to make sure that no extra junk apps are running on your system. If you built your own machine, you're probably ok already. If you're running a store-bought machine, be sure to keep track of the licence key before installing, even if you're installing Windows 10.
- Remove the bloatware manually: Our guide here gives you the details on how to easily remove bloatware from your machine. It's a bit more of a tedious process, and it's possible to accidentally leave something behind, but it allows you to clean your machine without wiping anything you already have installed.
A clean install is a good step to take regardless of whether you're concerned about privacy. However, if you want to make sure that there's nothing on your machine that makes you or your data vulnerable, it's even more important. The only way to be sure that nothing is running on your machine besides what you install is to clear everything out when you first set up your machine.
Disconnect From Your Microsoft Account
Once you're sure your machine is clean (or, ideally, while you're performing a clean install), you should decide how closely you want your machine linked to your Microsoft account. Since Windows 8, you've been able to log in to Windows using your Microsoft account. Of course, this comes with some trade-offs. On the plus side, your Microsoft account has built-in two-factor authentication. However, you may not want Microsoft to know every time you log in to your computer. Microsoft's also no stranger to controversy with user accounts. If you're not comfortable with having a direct line to your personal Microsoft account tied directly to your computer, you can use a local account instead.
There are two ways to use a local account on your Windows machine. The first is to choose "local account" while setting up your computer for the first time. If you chose this option when you first installed Windows, then you're good. On the other hand, if you ever signed in to your Microsoft account on Windows, here's how to disconnect it:
- Open the Start Menu and search for "Account", then choose "Manage your account." (Alternatively, open the Settings app and choose "Account.")
- Click "Sign in with a local account instead."
- Create a new username and password.
- Log out and re-log in using your new credentials.
Once you're logged in to your local account, open up the same section of the Settings app. If your Microsoft account is still listed under "Other accounts you use", you can remove it here. Of course, you will lose some features (most notably Cortana) if you don't have a Microsoft account connected, however it's one of the safest ways to ensure none of your data gets synced or shared without your knowledge.
Audit the Privacy Section of the Settings App
With Windows 8, Microsoft introduced a new style of "modern" apps. To go along with it, Microsoft has added a new permissions system. This is mostly geared towards phones and tablets, but as Microsoft steers developers more towards the Microsoft store, more apps may be likely to use these permissions to access things like your camera, microphone, or location. To manage these permissions, open your Start menu, type "privacy" and choose "Privacy settings".
Here, you can find a number of settings you should tweak to your liking, including but not limited to:
- Location: Here, you can set a location that all of your apps use, or disable location tracking entirely. You can also see a list of apps that have the ability to use your location and enable or disable them on a per-app basis. This only seems to apply to the new Modern-style Windows apps, so this may not prevent all apps from using your location if you give an app permission.
- Camera and Microphone: Here, you can block access to your camera or microphone on a per-app basis, or disable access entirely. Like the location settings, these sections only apply to Modern apps. It also won't disable the devices at the system level.
- Contacts, Calendar, and Messages: If you use any Microsoft services for managing your contacts, events, or messages, you can control which apps have access to your data here, as well.
- Speech and typing: Under "Speech, inking, and typing", you can disable the "Get to know me" feature. This setting seems weirdly placed and it's unclear just how much data Microsoft tracks with this one setting, but it does state that it's used to offer better suggestions, improve dictation, and help Cortana get to know you. So if you're not comfortable with digital assistants learning your habits, it may be best to turn this off.
Depending on how much you want your operating system to know about you, it may be worth going through the entire Privacy section. Also, keep in mind that any permissions you disable here only apply to the apps that are displayed. Microsoft's permission system is still relatively new, so unless you downloaded an app from the Windows Store, this probably won't prevent them from using your hardware.
Protect Your Apps and Your Data
Since Microsoft's built-in systems can't protect your data or the apps you download, you'll need to do it yourself. Protecting your privacy online is an discipline in itself, but there are a few basic things you should do to keep yourself safe before you start using your computer for regular work:
- Install antivirus and antimalware tools: Antivirus/malware tools can keep you safe from unwanted installations or malicious software, so you should start by making sure you're protected from the basics.
- Download privacy-protecting browser extensions: You likely spend more time in your browser than any other single app. To protect yourself, install browser extensions like AdBlock Plus, Disconnect, and other privacy-protecting extensions to keep your data safe.
- Use a VPN: Virtual private networks (or VPNs) have a variety of uses, but one of the most helpful is protecting your privacy. Setting up a VPN will ensure that your browser traffic is encrypted and stays away from prying eyes.
We couldn't possibly go over every privacy protection trick here, as they can fill up multiple guides all on their own. Fortunately, we have plenty of those. If you want to stay safe, you can read more about privacy-focused web browsers, the various kinds of malware, and why you shouldn't trust Incognito mode for true privacy.
Lock Down Physical Access to Your Computer
Once you've got everything on your computer protected, you're done, right? Actually, there's still one more thing to take care of. When it comes to protecting their data, most people don't tend to consider physical access. Mega corporations and governments aren't the only ones you want to keep out of your data. You may also want to keep snooping visitors, untrustworthy co-workers or certain family members out of some of your files. For that, there are a few precautions you should take:
- Enable (and use) a lock screen: Your phone isn't the only device that you should enable a lock screen on. You can set up your computer to automatically lock after a set period of time, or alternatively, you can manually lock your screen by pressing Win+L.
- Keep your machine in a safe place: Your computer is only as safe as the room you keep it in. If you have an office at work, be sure to keep the door locked when you leave. If you're taking your laptop to a coffee shop, don't leave it unattended, or at least get a physical lock and use it.
- Secure your Wi-Fi: While technically not a physical connection, your home Wi-Fi is an easy way for neighbours or passersby to gain access to your data. This can lead not only to security breaches, but even minor invasions like taking over your Chromecast. Keeping your Wi-Fi secured can keep your devices protected from nearby intruders.
As long as you have the other areas in this guide covered, physical access should be the only way that someone can get access to your sensitive data. Of course, how important that physical security is to you may be subjective. A top secret government agent will have a greater need to lock their laptop up while at home than a single person in a one-bedroom apartment will. Still, it's important to consider your physical machine when auditing your privacy.