How to use GPEdit to configure Windows 8.1 for maximum privacy.

Following on from an interesting argument I watched that claimed that Windows itself can be considered malware as far as distributing user's data is concerned, I've become interested in configuring Windows 8.1 for absolute maximum security.

My main aim to use the internet while leaving a minimum of, or absolutely no traces at all. Keeping hard drive content private is also a priority.

How can I configure the Windows 8.1 Group Policy Editor to disable as much unprompted outgoing information as possible while still being able to surf online?

Naturally I need to use my PC and the internet for work purposes. If my machine is secretly distributing information about my activities then my ability to achieve real results is severely limited.
 
Solution
Consider this, if they wanted to spy on what you were doing you could not stop them, the processes that do this could easily be configured to not show up anywhere, windows itself could be configured to hide them, therefore you'd never know that they were turned on.

The ones that you are turning off could be sacrificial. you have two choices:
Don't do anything that you don't mind being found out.
Or
Learn to write your own operating system from the ground up, and create your own 'internet' so that you know precisely what code does and does not exist in it. Trusting anyone else who claims to have done this is pointless as they may be under the control of people who are trying to find stuff out about you, either the government/industry...

USAFRet

Titan
Moderator
First, you need to discover what info is outgoing, that you wish to prevent, and to where.
Second, you need to discover which exact services or applications are doing this.
Third, you'll need to know what is actually required and what isn't.
Fourth, learn the ins and out of the whole GPO scheme.


Fifth, sixth, seventh....turn off your cell phone, don't use any search tools (google, etc), turn off your WiFi
 
I'm with you up to 4.

5, 6, 7 = reapply the first four with some coding or a few app downloads.

Anyone with some more specific advice?

EDIT: My firewall, despite blocking certain ports, is still allowing explorer and my web browser to use some of those ports.

Either it's malware or the firewall hasn't properly integrated with a low-level Windows component.
 

Math Geek

Titan
Ambassador
give anti-beacon from the makers of spybot a shot. it will turn off the telemetry collection and block the ip's that it send to.

good first step while you figure out what else is going on that you wish to block. browsing the web is very data colecting heavy. look into add-ons that block the advertising and collecting of info. look at "private browsing" built into chrome and firefox and the other browsers. they tend to block and erase traces of whatever you did on that session.

as for data on the hdd, encrypt it and then only you can access it. but forget the password and no one can get into it and it is lost forever!!
 

USAFRet

Titan
Moderator


For #1 to start, Wireshark to discover what the PC and OS is actually doing, and where it is going.
 

USAFRet

Titan
Moderator


First, we need to discover what needs to be blocked, turned off, redirected. GPEdit is but one tool to do some of it.
Host file, settings in the OS, etc, etc.
 
I've concluded far more needs to be blocked than allowed.

As asked in my original question what is the minimum set of Windows functions required to browse the internet?

I'll then enable functions as needed.

This methodology will reduce the amount of time and support required to achieve the aim of maximum or total privacy online.
 
Consider this, if they wanted to spy on what you were doing you could not stop them, the processes that do this could easily be configured to not show up anywhere, windows itself could be configured to hide them, therefore you'd never know that they were turned on.

The ones that you are turning off could be sacrificial. you have two choices:
Don't do anything that you don't mind being found out.
Or
Learn to write your own operating system from the ground up, and create your own 'internet' so that you know precisely what code does and does not exist in it. Trusting anyone else who claims to have done this is pointless as they may be under the control of people who are trying to find stuff out about you, either the government/industry in the the case of windows, or criminal enterprises or the government or industry in the case of any other OS or flavour of OS.

The simplest answer is not to do anything you don't want to be discovered.
 
Solution
GPEdit isn't readily available in Windows 10 and I didn't hang around 8.1 for long enough to see if that had it available.

You could start by upgrading to 10 and installing it. Reverse all four defaults on the first two screens. Go into Settings>Privacy and reverse every default setting you can find, especially the ones below the screen when you can hardly see the scroll bar.

Use the system for a few days then run HijackThis as a System Administrator. Tick anything in the 04 section that you don't need at boottime then carefully study what has the ability to phone home in the 23 section. Spybot's antibeacon will do a lot of that for you but it's more satisfying to do some yourself.