The Privacy Cookbook kicks on in Chapter 6 with PCs, where we will cover the set-up on desk & laptops. This is a big chapter as we try to cover everything from the best Operating Systems to Firewalls to DNS to VPN to Metadata protection to encrypting data and emails. Yes, it will be a long one.
We want to start with the OS most people sadly use, Windows! Before we go into Windows let me point out I do not know much about Windows, if I get any laptops or desktop that has Windows pre-installed, the first thing I do is Install Linux! Yet some people need Windows for a variety of reasons? A young relative claims they need it for PC Games, so if you are of the generation that sits for 18 hours a day in front of your PC and plays Mindcraft or any other time waster, this chapter is for you.
There is a great tool that can be downloaded to fix many of the privacy concerns that Windows 10 has! It's called W10Privacy, It disables major tracking features and is a good step toward some privacy on Windows 10. There is also WindowsSpyBlocker - an open source tool that blocks data collection. You could perhaps also have a look at securitywithoutborders/hardentools
There is also Hardentools which is a set of easy-to-use fixes designed to disable several features exposed by operating systems such as Windows and their primary consumer applications. These features, designed for enterprise customers, are generally useless to regular users and actually pose a risk as they can be used by hackers to execute malicious code. This tool is to help individuals reduce the risk of attack. It is not intended for corporate environments.
However, it does come with the following precautionary statement:
WARNING: This is just an experiment, it is not meant for public distribution yet. Also, this tool disables a number of features, including of Microsoft Office, Adobe Reader, and Windows, that might cause malfunctions to certain applications. Use this at your own risk.
Bear in mind, after running Hardentools you won't be able, for example, to do complex calculations with Microsoft Office Excel or use the Command-line terminal, but those are pretty much the only considerable "downsides" of having a slightly safer Windows environment. Before deciding to use it, make sure you read this document thoroughly and understand that yes, something might break. In case you experience malfunctions as a result of the modifications implemented by this tool, please do let us know.
You have been warned!
WFN Windows Firewall Notifier
WFN started off as an extension to the embedded Windows firewall and offers real time connections monitoring, connections mapping, bandwidth usage monitoring and is open-source...worth looking at adding this.
Unfortunately Windows 10 sends Your Data more then 5500 times every single day. There are other horror stories exposed on Ars technical and on Techdirt. You can find many other articles across the web that show the Data Sharing and Privacy invasion of Microsoft. I will have them covered soon in my Monday Blues article where we look at companies and their unethical behaviors. But this Chapter is not about them right now, it's about blocking some, if not all, of it.
So if you chose or need to stick with Windows then use the two tools we recommend but also use a Blocklist! In fact, use multiple block lists:
Microsoft - Blocks all Microsoft known call home domains
Adguard Simplified - English filter, Social media filter, Spyware filter, Mobile ads filter, EasyList and EasyPrivacy
AdAway - Blocking mobile ad providers and some analytics providers
hpHosts - Ad and Tracking servers only
CHEFKOCH - NSA Blocklist
CHEFKOCH - Canvas font fingerprinting
CHEFKOCH - Audio fingerprinting
CHEFKOCH - Canvas fingerprinting
CHEFKOCH - Trackers
CHEFKOCH - Facebook
StevenBlack - with the fakenews, gambling and social extensions
Google - Blocks all Google domains and services
Facebook & FB - Blocks Facebook and its Apps
GoodByeAds - Great list of Ads blocked
Yhosts - Great list!
Crimeflare - Cloudflare domains
The best way is to block these over AdGuardHome or a Pi-Hole, but AdGuard also has a version for your Windows PC!
Another option is to do this via a local blocklist. Search on your Notepad, then right-click on Notepad in the search results list, and choose to run it as administrator.
Once you’ve done that, open up the following file using the File -> Open feature
After which you can edit as usual when Notepad is open.
In this example, we will block all known Microsoft domains.
The next step is to use Firefox as your browser
Encrypted DNS clients for desktop
Mozilla Firefox is supplied with DoH built-in and with Cloudflare as the default resolver, however. it can be set up with any DoH resolver.
DNS over HTTPS can be enabled in Menu -> Preferences (about:preferences) -> Network Settings -> Enable DNS over HTTPS.
Set "Use Provider" to "Custom", and enter your DoH provider's address.
Advanced users may enable it by setting network.trr.custom_uri and network.trr.uri as the address of your DoH provider and network.trr.mode as 2.
It is also advisable to set network.security.esni.enabled to True. This allows encrypted SNI (Server Network Identification) and make sites supporting ESNI more difficult to track.
Have a list on DNS resolver and more information here
Last but not least also read the Chapter on uBlock Origin
Alternatively we strongly recommend the Tor Browser, it is an encrypted alternative to Firefox and will keep your IP address private.
As I mentioned at the outset here, I never use Windows so I've gathered the best guidance I can for use on a Windows driven machine, but the Privacy Cookbook will guide you on how to replace Windows with a Linux privacy setup and we also guide you on what software could replace your office package etc.
Many people I have encountered in my life are afraid of Linux, mainly as they never used it, and so swear by Windows. Once I have set them up with a Linux machine, they are surprised at how easy and powerful it is. So I am confident that after Chapter 6.1 where we take on how to install Linux and how to make it feel better then Windows will assist you in making the switch.
Remember privacy is a human right! And your PC is probably the machine you use most for banking, for crypto, for many private things...so help yourself to stay safe and just as you #degoogled, you can start to #demicrosoft
In Chapter 6 we will also guide you on how to harden your MacOS, so stay tuned as we have a lot to cover!