Stop Advertisers from collecting your information.

So why is this a family safety issue?  Why should you care?  And particularly, why should you care in the context of Shielding the Heart, Guarding the Mind, and Building the Castle?

Three reasons from a security and home safety perspective:

  1. Extraneous software can only serve as a vulnerability.  You don’t use it.  You don’t know what it can do.  You don’t really know how it might be misused.  Therefore it should be removed and an attack (or exploitation) vector eliminated.  It’s a two-for-one really.  First, bad guys can’t come in and do bad stuff through some bug or flaw in a software if it isn’t there.  Honestly, in this case, it’s only Microsoft that should be using these channels…but who knows?  If there’s a bug, someone will figure out how to use it.  But secondly, your children might just figure out how to get around one of your security controls by exploiting a flaw in one of these programs.  Maybe accidentally, maybe on purpose.  Why risk it when they don’t really provide any value?
  2. These programs constantly communicate across your Internet connection.  Now, that ties up bandwidth, albeit a tiny bit, without providing real value.  More importantly though, as you monitor the connections that must be made to enable home-school streaming or other wholesome applications, all of those OTHER connections create noise in your logs.  It’s hard to tell what should be enabled as required and what is just worthless traffic.
  3. Lastly, privacy.  Why give Microsoft and other advertisers more information?  I can’t think of any compelling reasons.  Can you?

A Very Good System

Microsoft has released a few over the years, and I think that 10 will end up among the ranks of 7, XP, and 3.11 as the most used for the longest time.  In the business world, an Information Technology (IT) staff would tend to use the enterprise-only version of Windows 10 called the Long-Term Support Branch (LTSB) rather than the Current Branch (CB).  The CB includes most of the same features a home user might see on a Windows 10 Home version purchased anywhere, like Amazon, but then adds a few business-related features that help the IT department control everything centrally.

The main reason for the LTSB really comes down to removing some of the flashy features of Windows 10 that, well, let’s face it, probably won’t be in service 10 years from now as some businesses still roll out Windows 10 machines to their personnel.  Things like “Bing Sports” or “Bing Money” or “Xbox Connect” or even (likely) the “Microsoft Store.”

Privacy First

Windows 10 includes a few built in switches for privacy protection…and by a few, I mean like THIRTEEN!  Or something like that…I lost count.  Anyway, one can probably turn them all off and never notice.  In the case of a child’s school computer, then absolutely turn them all off.

Step one, log in as Administrator.  Step two, do it all over again on each of the children’s accounts.

  • If you haven’t created a separate restricted user account for your child to use, the stay tuned.  That post will arrive shortly.
  • The next article will be focused on “Dejunkification.”   This post grew too long to include both subjects.
windows-10-privacy-switches

Figure 1

Go to All Settings (you can click the squared-off cartoon “speech box” in the bottom left, and then the All Settings button), and then select the lock icon titled “Privacy” usually on the bottom row.

Four simple switches live there (figure 1).  The only loss you might experience centers around Microsoft Cortana, which won’t do much for a child’s computer locked out of the majority of websites anyway.

Drop down to the Location tab on the left hand side of the Privacy Settings screen (you were on the “General” tab at the top).  Once again, for a school computer, I cannot imagine how this setting will help.  It sends info out for the purposes of advertising.  Sometimes websites legitimately attempt to determine your location for shipping rates, but remember, this is a school computer.  Even if several people use it, just plan on taking the extra step of entering a zip code manually.

widows-10-location-settings

Figure 2

Click the master button at the top under Location.  It will say that the “Location for this device is on” (or off) right above a button labeled “Change”.  A second dialog box will appear (figure 2).  Flip it to “off” and then click away (any empty place on the screen that isn’t in that box).

The statement should now say “Location for this device is off”.

Downsides on tablets and mobile devices–if you loose your Microsoft Surface, you won’t be able to track it down after disabling the master location setting, so be advised.  Also remember, that you can leave the master setting on and then manage them individually.  If you know why and when you need to do that, then you probably don’t need much guidance from me on how.

Camera and Microphone can be ether turned off or left on in exactly the same way on their respective tabs.  If you turn them off now just remember it later when that web camera just won’t seem to work.

windows-10-privacy-getting-to-know-you

Figure 3

The tab entitled “Speech, inking, & typing” should say “Get to know me” on the button (figure 3).  If it does not say that, click it–the button that says “Stop getting to know me” and “Turn off” that feature.  Microsoft and your PC will use the data collected to try to predict your searches and interpret your voice, but once again, on a locked down PC for school use or some managed gaming, this feature will not even fully work.

And who knows, perhaps one of your security controls fail or crashes and Cortana becomes an opening to the Internet with unexpected results.  Why risk it?

Three other settings that should be turned off are found on the “Account info”, “Call history”, and the “Messaging” tab.

windows-10-feedback-and-diags

Figure 4

Just turn them off at the top of each–the last two will not do a computer much good in any case.  The account info shouldn’t create any problems unless you have an app listed on that page that uses it.  This may be a feature still seeking a use, since I have Microsoft Office 365 installed on most of my Windows 10 machines and still have no apps listed on the Account Info tab.  Of course, I generally don’t install software from the Windows Store, so I may not be the best gauge.

The Feedback & diagnostics tab falls close to the bottom (figure 4).  Set the first drop down to “Never” and the second to “Basic” (which is as far as it can go).  Click on the screenshot for an example.

Cortana

windows-10-cortana-settings

Figure 5

Cortana contains a bunch of “her” own privacy settings (Figure 5).  From the perspective of someone trying to manage the fewest number of domains allowed, each one of these switches is just another way to get a log full of “blocked” domains.  Critical Armor does not recommend allowing consistent or unrestricted access to search engines like Bing or Google, and Cortana requires Bing to allow the Internet features shown to work.

IF you search for a LOT of files from the Search Bar, you might consider leaving the Device search history on, but unless you really create a slew of files and then loose them, you probably will never need this.

WiFi

windows-10-privacy-wifi

Figure 6

For computers with WiFi, go BACK to your “All Settings” menu with the leftward-pointing arrow in the top left corner.  You should see an icon entitled “Network & Internet”.  Click there, then on the main tab, there will be a link called “Manage Wi-Fi settings” beneath the list of all the wi-fi access point your system can see (there may be only your own, depending on where you live).

On the “Manage Wi-Fi settings” page (Figure 6), just turn off all three of the switches.  The only one that might matter in a business context is “Connect to networks shared by my contacts” but I’ve yet to see that one used in the real world.  Almost certainly it will never by used by your children at home.

Edge Browser

Last, but not least, edge is a very lightweight and capable browser.  Nonetheless, Microsoft decided to add some junk.  These “suggestions” pop up along the bottom of the browser upon opening the application.  Now, I don’t want my child reading articles about socialites or anything else from their “top sites”, so I turn it all off.  Even if you install Firefox, Edge should still undergo some setting changes.

Please note:  If you use K9 Web Protection on Windows 10, Google Chrome can sometimes “go around” the protection.  This doesn’t seem to happen with Firefox, but be aware.  I have not extensively tested it, but I believe it happens when Chrome is installed after K9.  This is one of the main reasons why making restricted user accounts for the children remains important.  No one should have access to install software or touch the files in C:\Windows or C:\Program Files without permission.

windows-10-edge-settings

Figure 7

windows-10-edge-settings-off

Figure 8

windows-10-edge-advanced-settings

Figure 9

Turn off the top sites first.  Open Edge, click on the little ellipsis symbol (…) and click Settings (Figure 7).  Tell the browser to open to with a “New tab page” and set the drop down to Open new tabs with “A blank page” (Figure 8).  This will get rid of all the junk on the main page.

UPDATE 20160730:  Under “Advanced Settings” turn OFF “Show search and site suggestions as I type” and set the Cookies to “Block only third party cookies.”

Lastly, scroll down and select “Advanced Settings”.  Turn off the setting “Show search and site suggestions as I type” (shown as on in the screenshot – Figure 9).  This setting uses Bing in an attempt to anticipate the terms you’re trying to search.   Also turn off the setting “Use page prediction to speed up browsing, improve reading, and my overall experience better.”  It sounds really good, but it’s just another way to collect data on what you do for more specific advertising.  Not a bad feature when an adult is doing research, but even if it would work on a locked down machine, the results might just as likely turn up something unsavory.

Now, let me repeat:  Some of these settings are global–meaning that once set by the Administrator, all other accounts are affected.  Some, however, are set local to the user.  Therefore, for each child account on each computer, run through this checklist again!  Yes, that really means logging into the Admin account, completing the list, logging out, and THEN logging in to the account for Child #1, completing the list, logging out, and so on.

Leave no stone unturned.

That’s it for privacy on Windows 10 for the present time.  Please rate the article above if you found it helpful.

Next up, we will dejunkify your Windows 10.  It will be slightly more technical, but still eminently doable.   Until then, keep building the castle!