What should I do before connecting Windows 10 to Internet?

Hello,
I am using Windows 8.1 for now, but I am going to do zeroing of HDD and install Windows 10 FCU. I am going to install system offline (no Ethernet crossover cable plugged in). I would like to configure Windows 10 to minimize the data sent to Microsoft before connecting to Internet. I am just going to pro-actively locating relevant information to turn off telemetry as much as possible without breaking functionality of this OS.
What do you suggest to focus?

 

Simply change the telemetry setting to basic.

 

Before you connect it to the internet make the consious decision not to use it for anything you don't want the world to know about.
They will claim W10 is so secure etc. Yeah, secure against publicly known software exploits.

Remember Stuxnet? The firmware based malware in USB drives? That is ten year old technology, of course it did not end there. Two years ago firmware based malware was discovered in hard drives from several well known hard drive vendors.
Kaspersky being the AV company that detected stuxnet and the hardrive firmware malware that we have no way to control.
Then Intel puts remote access mini OS in its processors.
I'm quite sure those cases are just the tip of the iceberg.
Everyone needs to wake up to all of this there is no secure way to be connected to the internet today because the governments and corporations we trusted with that have turned against us and they have thousands of people working every day to ensure there is remote access to all and every internet connected device.

 

you must be fun at parties. and a regular visitor of /r/conspiracy

 

Yes, it's iffy to think that you can keep anything on Windows private from Microsoft. I use Windows VMs sometimes, but only from anonymously obtained installers, and only through VPNs (and perhaps Tor). However, I doubt that it's as bad as @RockLobster says. Maybe for Windows and Android. Probably not for OSX and iOS, but And most likely not for most Linux distros. Unless you've been targeted, anyway.

 

Doubters please read.
https://www.theverge.com/2015/2/16/8048243/nsa-hard-drive-firmware-virus-stuxnet

 

I mean seriously what do you all think 40,000 people have been doing at NSA headquarters every day for the past decade? This stuff is their job, and they are pretty good at it, and then add to that all the independent hackers and other nation state actors they are all at it, multi billions of dollars spent every year on doing it and we should believe that malware basher super matic delux is going to stop them lol

 

Yes, they have many ways to compromise Internet-connected devices. But I doubt that they've compromised all Internet-connected devices. And even if they could, I doubt that they could interpret the data meaningfully.

 

But basic means it sends telemetry too, right? I would like to minimize it further.
I was thinking about programs such as O&O ShutUp10, manually disabling services and built-in Windows firewall (I have intermediate knowledge about Linux's iptables and OpenBSD's pf, so I think I am able to learn how configure Windows firewall too).
Edit: I forgot about Windows Registry editing because I used to use config files.

Virtualization is okay, but not on my current hardware for performance reasons.

I understand that I would not be able to defend from NSA, but what else could I do? Going trully offline is not an option.

 

That sounds like a formula for having problems in W10. I suggest you read, search the internet to get an idea of what people who constantly have problems in W10 are doing with their system and at the same time, do the same regarding users who don't experience issue. To me, the difference in what hey do is clear cut.

Bo

 

https://www.ghacks.net/2015/08/14/comparison-of-windows-10-privacy-tools

Note that Windows Firewall service might be needed for something, it was required by Windows update till version 1703, it has still got some crazy dependencies, like DHCP.

 

Put your tinfoil hat on, then put your head between your knees and kiss your *** (privacy) goodby.

 

Imo if you're on Facebook & posting truthfully about you, your family & friends lives. Then you have nothing to fear from w10.

 

What the**** are you talking about??

 

Self explanatory no ? or * needed.

 

The question was;
What should I do before connecting Windows 10 to Internet?

You said; "if you're on Facebook & posting truthfully about you, your family & friends lives. Then you have nothing to fear from w10."

Again what the **** are you talking about? What does FB have anything to do with the question?

 

Its rather obvious isn't it? His post is saying, if you hope to retain any semblance of anonymity while online and therefore not join the masses and post your entire life on things like FB, W10 might not be the best choice.

 

I have done disabling services in Windows 8.1 and had some problems with some programs (especially big, commercial ones). Then I reinstalled and disabled smaller number of services and it have been working well since then. I guess they just disabled too much.
On the head of list it is to stop "Windows Store","Windows Defender" , "Windows Error Reporting service" and Cortana.
And maybe automatic drivers download/update.

Maybe I have written something confusing (I am not native speaker nor english language expert). I don't want to disable Windows firewall. I would like to configure it to stop programs having any access to Internet by default.

 

RBAC - role based access control - is not a feature of windows firewall. Nor can you selectively prevent access by programs to different parts of your disk (disk firewalling).

Have you any knowledge or experience of the Sandboxie program? This allows you to selectively configure sandboxes per-program, which can prevent internet access, and restrict what parts of the file system a program can directly "see" (as well as other controls on what system calls a program can make).

Attempting to use outgoing firewall rules to prevent all telemetry has proved a thankless and somewhat impossible task, probably not worth the effort.

 

omg not the great conspiracy again...

nothing. leave it as is, grab all updates, then use o&o shutup as you like to. (backup first)
if you are using a microsoft account - your fault, is nearly same as telemetry - you give tracking data on your own.

+1
if any doubt at windows 10 is still present - dont use it. simple as that.

in fact windows 10 as "windows as a service" is only the beginning.

 

So true. If you're not horrified & outraged yet, just wait.

You'll have to be woke though & not distracted by shining objects.

 

No harm in blocking third party cookies in Edge & IE.

 

A few higher level things:

• Review Microsoft's privacy policies for the OS and related services you might be exposed to. It is a good place to start and is straight from the horse's mouth.
• Review guides created by Microsoft and others. They can shed light on issues not covered in official privacy policies and explain how to address those.
  • Search for: windows 10 privacy settings OR checklist OR guide OR configuration
  • May be of interest: https://docs.microsoft.com/en-us/wi...ating-system-components-to-microsoft-services
• Review tools that have been created to help with the task. They shed light on issues, can reveal the specific steps used to address them, and you may find one or more that you want to use.
  • Search for: windows 10 privacy script OR tool OR utility OR program
• Make notes as you go, save links you found useful, produce something resembling a checklist that you will follow.

Regarding how you go online: It is far better to go online with a too-tight config than a too-loose config. You can loosen up later, if you want to. If you can manage it, monitor and review network traffic to assess whether it is as expected and acceptable. Especially during the first connection, but also while you exercise different features/applications that can phone home.

 

I use Spybot Anti-Beacon. It's enough for me as a user of Win 10, because as mirimir said, "Yes, it's iffy to think that you can keep anything on Windows private from Microsoft."

 

I have done something similar in Windows 8.1. I encountered some problems with restricting some Windows services to Internet while still being able to download update (the same process hosted different services), so it wasn't too-tight unfortunately.

See "What Firewall Rule(s) Will Allow Windows Update and ONLY Windows Update To Work" on superuser.com
and
"Windows 8.1 firewall issue" on answers.microsoft.com