Best tool to disable telemetry on Win11

Hello, I know a lot of people would want me to not use Windows at all, but I’m not ready to do just that yet.

So I went through a thread that talks about different tools to disable telemetry of Windows 11. I’m not sure which one I should use?

Also, this youtube video: https://www.youtube.com/watch?v=SvhRXLmsyJ8

2 Likes

I do not recommend third-party solutions. I know Microsoft does allow a lot of their telemetry to be disabled in Windows Pro, Enterprise and Education but not Home, so it is best to buy either Pro or Enterprise if you want more control.

Here is a guide for Windows hardening and privacy.

stay away from “Anti-Spying”/“Anti-Telemetry”/… tools and use official documentation

From “Windows11_Hardening”.

5 Likes

Hi, thanks for your reply!

What if I only have the home edition?

Apart from disabling everything you can in Settings, I think a third-party firewall might be fine or using NextDNS with “Native Tracking Protection” enabled to block Windows telemetry (I don’t know how effective it is though). If you do use NextDNS, I recommend this guide. Windows does come with its own firewall, but I don’t know how configurable it is (I wouldn’t be surprised if it couldn’t block Windows telemetry) and whether or not it blocks incoming and outgoing connections or only incoming like macOS. However, I cannot recommend any third-party firewall as I’ve never used one for Windows. Hopefully someone else will be able to recommend one.

Alternatively, you can upgrade to Windows Pro in the Microsoft Store if that is an option for you.

Edit: I would recommend you check out the Windows11_Hardening guide as that does contain a lot of useful info. I do also highly recommend Windows Pro over Home as that adds more security features over Home, like BitLocker.

1 Like

I went through all settings already. I use Firefox with ublock hardmode and decentral eyes extensions.

The DNS I use is 1.1.1.1.

I just need to disable telemetry now and all the other spying stuff that Microsoft does that I don’t want.

Are any tools open source and/or trusted? I believe I saw Christitus stuff is open source?

I’ll be reading the Windows Guide, but it seems to be reliant on Pro like you are suggesting, which I don’t have and can’t get for other personal reasons.

I believe decentraleyes is not recommended anymore. uBlock Origin is good. And from a security perspective, Microsoft Edge is better than Firefox (all chromium browsers are but Edge does also have security features only available to it), but Firefox isn’t as bad on Windows compared to Android and Linux.

I personally use Quad9. This video and this update video shows that Quad9 did very well in blocking malicious domains compared to Cloudlfare.

I don’t really watch Chris Titus Tech, so I don’t know if it is open source. He most likely would have a link to GitHub if it is.

Yes, I believe some of it does require Windows Pro but some of it should apply to both Home and Pro editions. It’s a shame that Microsoft splits them like that.

Edit: Typo.

With this project you can get Windows 11 Enterprise through simple and safe hacks. I found out about it through this thread and have been using it for a month now with no issues whatsoever. The setup is pretty straightforward and gives you a TON a flexibility wrt disabling telemetry.

Use at your own risk though!

2 Likes

I know Linux is better, but for all sort of reasons, I’m sticking with Windows.

From what I’ve read, Decentral Eyes is recommended again (there was a period where it wasn’t updated).

I’ve started reading the Windows Guide, but it’s not straight forward at all. That’s why the programs seem far more easier to use.

Does anyone know if any of those are safe to use please? If none of them are, I’m sure there is one out there that is that you could recommend?

I want to disable Telemetry, delete any bloatware that Windows don’t allow me to delete and disable anything that is unnecessary.

I think most of those program do that, but I’m not sure which one to use and why.

Thanks!

1 Like

No, it is not 4.1 Extensions · arkenfox/user.js Wiki · GitHub

1 Like

To disable a lot of Windows telemetry copy paste this into your etc/host file and reboot.

https://github.com/hagezi/dns-blocklists/blob/89289aa5fa5825307a658ff68873069bdab99f6f/hosts/native.winoffice.txt

For those who think the host file has been obsolete since 1994…

I haven’t used Windows for a while now, but in the past, I generally used a combination of:

Windows 11 group policies (This has some good ones to set). For these to be the most effective, you’re going to want to use Windows 11 Enterprise or Education. Great open source script to achieve that here.

SophiApp - The best 3rd party tool for this sort of thing imo. It’s open source and works extremely well at disabling some of the telemetry and other nonsense, debloating it, and improving privacy & security in general.

WindowsSpyBlocker - Classic open source tool that works great, allows blocking domains and IP addresses used for telemetry on the system itself (Like what @JibJab described). Also lets you change domains for connectivity checks/captive portals from Microsoft’s to i.e. Mozilla’s or Debian’s.

Hardentools - This isn’t necessarily related to disabling telemetry, but it’s an essential open source tool imo for improving security on Windows. Does a lot and it’s very effective.

Beyond that, I’d also recommend making use of DNS content blocking like NextDNS, as well as of course following other good practices.

This should get you most of the way there. In general though, fuck Windows, it’s only getting worse and worse, and I’d really recommend avoiding it if you can.

2 Likes

My bad, I had check somewhere, but searched again and it seems it’s not. Just removed it, thanks.

@Sharply

Thanks! I unfortunately use Windows 11 Home. Am I good using only SophiApp and WindowsSpyBlocker?

Also, should I understand that the whole list I provided are “bad”? Meaning, they they have some sort of loop holes in terms of privacy and/or security?

Thanks! :slight_smile:

I would recommend checking out the Massgrave script, but if you can’t/or are unwilling to, then I would say it’s better than not to still run SophiApp and WindowsSpyBlocker. It’d be tough for me to ever say Windows is “good”, even if you could apply the policies, it’s all about harm reduction here.

Valid point :smile:

Although possible, there are better (memory-wise) ways to run W apps on Linux…

Its as hard as vendor (MS in this case) wants it to be.

Me neither. I have not touched Windows since… like 2009. And guess what? Im good :smile:

I think easiest way to block them is to use a managed DNS provider like NextDNS, Control D or Adguard.

As other people previously mentioned, you are probably going to want Windows 11 Enterprise or Education in order to be able to set group policies.

Microsoft has official documentation detailing ALL settings that make ANY connection to Microsoft and how to disable these connections.

This is a list of what the actual connection endpoints are and what purposes they each serve.

I highly recommend thoroughly reading through both these links and understanding what each connection does in order to be able to assess if you will require it or not.

The first article listed provides all the group policies and registry key modifications for each setting so you can manually disable what you need disabled and leave any important features such as Windows Updates and Automatic Root Certificates Update.

Listed in the first article is also a link to download the “Windows Restricted Traffic Limited Functionality Baseline”. If you know how to apply the baseline using LGPO then you can do so, but that is more advanced. Do not apply the baseline if you do not know what you are doing. This baseline applies all the modifications that are listed in the first article instead of you having to do it manually. The article details which connections are allowed after the baseline is applied (only 4 connections related to Certificate Validation). Microsoft does not recommending applying the baseline directly and it would be wise to modify the baseline in order to allow things like Windows Updates, the Microsoft Store, Microsoft Defender and Automatic Root Certificates Update. The baseline also breaks any Microsoft apps such as Word, Excel, etc.

This is the best method to disable all telemetry because it is officially documented by Microsoft. It exists for enterprise users who many need these settings for compliance reasons, so Microsoft has no reason to lie about this. What better way to stop sending telemetry to Microsoft than to stop sending any data to Microsoft at all?

It could also be possible to put the connections listed in the second article in a DNS blocklist and apply the DNS system-wide but I haven’t tried that.

Edit: I read that OP uses Windows Home but still this is relevant information for anyone who might be looking for a solution. The system-wide DNS using blocklist of connections from the second article I listed would probably be a solution for OP.

2 Likes

[lots of off-topic removed. please keep threads ON TOPIC]

6 Likes

Thanks for the insightful answer!

The documentations are too much for me. From my understanding, playing with group policies changes stuff in the registry, correct?

If so, then it would mean, everything would be possible to do with Windows Home, correct?

If both these assessments are correct (which they might not), then a program could do all of that for me and I’m sure it exists. There are definitely a lot of options and this is truly where I need help. Choosing the right program that is not invasive and does the job. Meaning, not only providing an illusion of privacy.

So far, only @Sharply suggested programs to help (SophiApp and WindowsSpyBlocker).

Now I understand there is an official guide (this one) that points towards Windows Enterprise and tweaking lots of stuff with Group Policy. I’m really looking for a more straightforward answer and less time consuming.

Of course, you could argue that all telemetry are encrypted and whatever you do on Windows, but you could also argue that all computers have hidden chipset that will monitor everything you do anyways and these are just counter-productive. Let’s remain on topic please and thank you @Valynor.

Topic being: choosing a program for Windows 11 to help on privacy (disabling telemetry, deleting bloatware that you can’t do within the uninstall app page, any other relevant tweaks).

Thanks everyone for your precious help!

Yes, group policy changes are written to the registry.

Theoretically yes, but not everything would be possible. The main example I know of that is definitely not available on Windows Home is setting the Telemetry level to 0 or Security. The lowest telemetry setting available on Windows Home is Required.

This setting disables all telemetry connections that Windows makes and is only available on Windows Enterprise and Education. However, this setting does not stop connections to Microsoft itself, just the telemetry of the Operating System. You can read more about it here under the heading Diagnostic Data Settings. Imo, this is the simplest answer to your question as it fully disables Windows Telemetry and is not time consuming. I would recommend installing Windows Enterprise honestly.

As for a third party tool to easily achieve this, I am not sure. In SophieApp’s documentation, under Key Features it says Configure your Windows by officially documented methods. So in case installing Enterprise is not an option, I would recommend using SophieApp and comparing the settings with the official documentation to ensure you have covered as much as you can on Home.

Good luck.

3 Likes