You finished setting up Windows. You agreed to some terms, skipped through a few prompts, and arrived at your desktop.
What you probably didn’t realize is that Windows also turned on an advertising ID linked to your device, started logging your app activity, and enabled location access for system processes.
None of it required your explicit consent. It was on by default. Windows privacy settings like these aren’t hidden, but they’re designed to be easy to miss.
What Windows Enables the Moment You Log In
Windows splits its telemetry into two tiers. “Required diagnostic data” runs on every installation and cannot be fully disabled. It includes device identifiers, hardware configuration, and crash logs that Microsoft uses to maintain OS stability.
“Optional diagnostic data” goes further, logging browsing behavior within Microsoft apps, installed software, and your interaction patterns with Windows itself. It’s enabled on a large share of OEM devices right out of the box.
On top of that, Windows assigns a unique Advertising ID to every device. This identifier follows you across apps and Microsoft’s ad network, allowing Microsoft and third-party advertisers to build a behavioral profile over time. According to StatCounter, Windows runs on over 72% of the world’s desktop computers as of 2023. That’s a data collection footprint operating at a scale most people don’t factor in when thinking about their own exposure.
Activity History — What It’s Actually Recording
Activity History was introduced as a productivity feature, a way to resume tasks across devices. What it does, functionally, is log every document you open, every website you visit in Edge, and every app you launch, then sync that data to Microsoft’s servers when you’re signed in with a Microsoft account.
A 2019 Pew Research Center survey found that 79% of U.S. adults were concerned about how companies use their personal data. Most of them probably didn’t consider their operating system as one of those companies.
Location tracking sits alongside this. Windows enables location access for apps and system processes by default. Unless you’ve opened Settings → Privacy & Security → Location, you likely haven’t audited who has been reading your physical position in the background.
The Adjustments That Actually Matter
Most of these defaults can be changed. It takes about ten minutes.
Start with Settings → Privacy & Security → General and switch off the Advertising ID. This severs the link between your device and Microsoft’s ad targeting infrastructure.
Under Activity History, uncheck “Store my activity history on this device” and disconnect Microsoft account syncing. For Diagnostics & Feedback, switch from Optional to Required diagnostic data, you can’t opt out of telemetry entirely, but you can significantly narrow its scope.
Finally, check Privacy & Security → Location and revoke access for any app without a clear reason for needing it.
These changes reduce what Windows collects at the system level. But system-level settings don’t reach the network layer, where a separate category of tracking operates entirely outside your OS. Windows users who want that layer addressed typically pair these changes with the best VPN for Windows device, because the two cover fundamentally different exposure points.
What Your Settings Menu Can’t Touch
Every website you visit still sees your IP address after those changes. Your internet service provider logs your DNS queries and connection metadata. In many countries, that data is theirs to retain and sell.
According to a 2021 report from the Electronic Frontier Foundation, U.S. ISPs can collect and monetize customer browsing data under current federal regulations — and no checkbox in Settings changes that. Your router, your ISP, and every server your traffic passes through operate outside Windows’ jurisdiction entirely.
This is a structural problem, not a configuration one. The data that leaves your device travels through infrastructure you don’t own, managed by companies operating under commercial incentives that have nothing to do with your privacy. That’s the layer that system settings, no matter how well-tuned, were never designed to reach.
Understanding the distinction between what your OS controls and what your network exposes is one of the more useful mental models in privacy. A lot of people fix the former and assume the problem is solved.
The Detail Most VPN Users Get Wrong
If you’ve started running a VPN, you’ve addressed the network layer. But one thing tends to get overlooked: the type of IP address you’re assigned.
Standard VPN plans put you in a shared IP pool alongside thousands of other users. That IP carries a history, spam complaints, bot flags, and reputation scores built by whoever used it before you. CAPTCHA walls, platform lockouts, and access restrictions are regular side effects of sharing an address with high-traffic neighbors.
People who want their online identity to be stable and clean switch to a Dedicated IP instead. The address belongs to you alone, which means its reputation is a direct reflection of your own activity — not a stranger’s.
Your IP is effectively your identity on the open internet. The cleaner its history, the less friction you encounter trying to move through it.
What It Comes Down To
Privacy on Windows is a layered problem. The platform was built with data collection embedded into its architecture, not as an oversight, but as a feature. Adjusting the defaults reduces your exposure at the system level, and it’s worth doing.
But the larger question isn’t what Windows stores about you on your device. It’s what leaves your device across the network, to your ISP, to ad infrastructure, to the servers of every platform you use. Those channels operate independently of anything inside Settings.
The people who take privacy seriously don’t look for a single fix. They look at each layer separately and ask: who can see this, and should they be able to?
