I've just moved from 32-bit Windows XP to 64-bit Windows 7.

Please, can anyone more knowledgeable than me suggest what tweaks could and should be done in Win7 OS to minimize unnecessary collection of private data and metadata by the OS in order to enhance user's privacy?

I've already disabled System Restore, paging file and hibernation. I understand these features pose a risk for encryption keys and passwords. That's what I remember from the XP usage, but are there any Win7 specifics that should be addressed?

How about shadow copies? Are they a privacy risk and if so, how can they be disabled and deleted?

What about the registry? Is there anything else? Please, suggest and educate. :)

Thank you

If you fully disabled System Restore you already disabled Volume Shadow Copies as well.
Registry: CCleaner
hdd forensics: "deleted" files, fragmentation, journaling and so on: Heidi Eraser
Thumbnails: Disable Preview in Windows Explorer
Browser: don't use IE, use a portable browser on a thumbdrive, use webmail
MRU in taskbar, startmenu: not sure, you can disable that in the preferences and there might be hidden recent doc folder in your User/username folder
It should be noted you can only minimise, not completely prevent writing private data to the disk. Therefore:

You should really look into FDE and stop worrying about all of this...

-{ Quote: "If you fully disabled System Restore you already disabled Volume Shadow Copies as well.
Registry: CCleaner
hdd forensics: "deleted" files, fragmentation, journaling and so on: Heidi Eraser" }-

Katio, thanks for your reply.

I do use Heidi Eraser and CCleaner.

-{ Quote: "Thumbnails: Disable Preview in Windows Explorer" }-

Can you explain how exactly to do that?

-{ Quote: "Browser: don't use IE, use a portable browser on a thumbdrive" }-

I use Firefox browser on a thumbdrive. Does it leave any traces in the system (registry etc.)? Would it help to run it sandboxed (and erase the sandbox after the session)? How about virtualizing the thumbdrive in Shadow Defender (and should the system partition be shadowed too)?

I know all these measures are probably an overkill, but why not keep the system as clean as possible...

-{ Quote: " use webmail" }-

I use regular ones (Gmail, Yahoo). Can you recommend a secure one?

-{ Quote: "MRU in taskbar, startmenu: not sure, you can disable that in the preferences and there might be hidden recent doc folder in your User/username folder" }-

Does the old MRU Blaster work with x64 OSes? Are there any similar utilities (apart from CCleaner)?

-{ Quote: "It should be noted you can only minimise, not completely prevent writing private data to the disk. Therefore:

You should really look into FDE and stop worrying about all of this..." }-

Yes, I know that. I keep my data partitions encrypted, but I avoid FDE out of fear I might not be able to boot into the system. :D

What FDE solution would you recommend?

-{ Quote: "
Can you explain how exactly to do that?" }-
http://techgenie.com/wp-content/uploads/Thumbnail_Previews.png

-{ Quote: "
I use Firefox browser on a thumbdrive. Does it leave any traces in the system (registry etc.)? Would it help to run it sandboxed (and erase the sandbox after the session)? How about virtualizing the thumbdrive in Shadow Defender (and should the system partition be shadowed too)?

I know all these measures are probably an overkill, but why not keep the system as clean as possible..." }-
As long as you don't use 3rd party plugins portable firefox itself won't leave any compromising data in the registry or elsewhere.
I'd use additional protection though, preferably sandboxie simply because drive by downloads for example can write to the disk itself (and compromise your system and privacy). HDD virtualisation is an alternative but a sanbox is probably more convenient.


-{ Quote: "
I use regular ones (Gmail, Yahoo). Can you recommend a secure one?
" }-
Anything is secure if you use PGP. If you don't all bets are off. Because even if your end is secure (like you run your own mail server), you have absolutely no control over the receiving end.

-{ Quote: "
Does the old MRU Blaster work with x64 OSes? Are there any similar utilities (apart from CCleaner)?" }-
Sorry, I don't know. I'm not very fond of any of these 3rd party utilities. They tend to break more than they are utile... I've used CCleaner for a long time exclusively and it served me well. It should take care of all MRU too and it also has a secure erase option.

-{ Quote: "
Yes, I know that. I keep my data partitions encrypted, but I avoid FDE out of fear I might not be able to boot into the system. :D" }-
That's why we do backups ;)

-{ Quote: "What FDE solution would you recommend?" }-
Truecrypt. It prompts you to create a CD which can restore the TC header in case it ever gets corrupted.