- Move removal of `SecHealthUI` app to "Privacy over security" category.
- Emphasize disruptive behavior in the script name.
- Add comprehensive documentation
- Add script to remove Edge shortcuts upon uninstallation.
- Unify OneDrive shortcut removal logic with Edge's, introducing revert
feature to the OneDrive removal script.
- Add more extensive documentation.
- Rename "Delete OneDrive shortcuts" to "Remove OneDrive shortcuts" to
have consistent naming.
This commit introduces scripts for cleaning up file and URL associations
related to Microsoft Edge, enhancing the uninstallation process. The
changes adress the issues detailed in #64, improving system reliability,
integrity and security by preventing lingering associations.
Changes include:
- Introduce scripts to clear Edge browser file and URL associations.
- Provide extensive documentation for related scripts.
- Ensure thorough cleanup of URL, file, OpenWith menu, and toast
associations.
- Recommend removing Microsoft Edge (Legacy) Dev Tools Client app on
Strict to align with other Edge legacy removal recommendations.
- Replace obsolete "Firefox First party isolation" with "Firefox state
partitioning".
- Add comprehensive documentation for the new scripts.
- Introduce enabling dynamic First-Party Isolation (dFPI)
- Disable deprecated First-Party Isolation (FPI) to avoid conflicts with
dFPI.
- Add script to enable Firefox network partitioning to cover
functionality of older FPI script.
This commit enhances the robustness of setting VSCode configurations,
ensuring consistent and reliable operation even in edge cases, such as
when the settings file is empty. This commit also uniforms behavior of
Linux and Windows modification of VSCode settings.
On Windows:
- Move parameters to on top of scripts to be able to easily test the
scripts using PowerShell without compiling.
- Add a check to exit the script with an error message if the attempt to
parse the JSON content fails.
- Omit the `OutString` cmdlet from the pipeline in the script for
converting JSON file content to a PowerShell object. `Out-String` is
unnecessary in this context because `Get-Content` already outputs the
file content as a string array, which `ConvertFrom-Json` effectively.
Additionally, using `Out-String` could potentially introduce issues by
concatenating file content into a single string, causing
`ConvertFrom-Json` to fail when processing pretty-printed JSON. By
removing `Out-String`, the script is streamlined and potential errors
are avoided.
- Add logic to handle empty settings file. Add an additional check for
empty settings file, if the file is empty, the script writes a default
empty JSON object (`{}`) to the file. The operation is logged to
ensure transparency, notifying the user of the action taken. This
change removes fails due to empty setting files.
- When reverting, do not fail if the setting file is missing because it
means that default settings are already in-place.
- When reverting, show informative message if the key does not exist or
does not have the value set by privacy.sexy and do not take any
further action.
- If the desired value is already set, show a message for it and skip
updating the setting file.
On Linux:
- Handles empty `settings.json` similarly to Windows.
- Add more user friendly error if JSON file cannot be parsed.
This commit improve cleanup of temporary directories on Windows,
addressing issues #176 and #89.
Changes include:
- Fix side-effects caused by this script by clearing the contents of
directories rather than deleting the directories themselves.
- Add the removal of Prefetch directory contents, which stores temporary
files and can enhance privacy and free up disk space when cleared.
- Remove the command `del /f /q %localappdata%\Temp\*` due to its
redundancy.
- Improve the granularity and documentation of cleanup scripts, and
moving the `Clear temporary Windows files` category up in the hierarchy
for better structure and clarity.
Co-authored-by: iam-py-test <84232764+iam-py-test@users.noreply.github.com>
- Modify script to run as `TrustedInstaller`, resolving access right
problems discussed in #246.
- Change script name for better alignment with its functionality.
- Improve script description for clarity and detailed documentation.
- Add non-intrusive way to disable delivery optimization. This new
script do not introduce side-effects caused by disabling Delivery
Optimization service.
- Recomend delivery optimization service (`DoSvc`) only on Strict
mode, removing it from Standard recommendation.
- Categorize delivery optimization disabling under one category.
- Move disabling delivery optimization to "Disable OS collection" >
"Disable Windows Update data collection".
- Add more documentation.
- Fix script failing when multiple installations of Edge is found.
- Fix Edge not being able to be uninstalled due in newer Edge versions.
- Add documentation
- Add missing revert script
- Add script to disable `WaaSMedicSvc` service (#252)
- Refine script granularity for more precise control.
- Introduce detailed documentation for the category and associated
scripts.
- Fix `ScheduledInstallTime` being set to `3` which schedules updates to
install at 3 AM.
- Fix `ScheduledInstallDay` is being set to `0` which schedules daily
update installation.
- Fix `NoAutoUpdate` being set to `0` (enable) instead of `1` (disable).
- Add disabling of missing `wuauserv` service.
- Add parent category for disabling Windows update services for better
organization.
- Move disabling Windows Spotlight from Standard to Strict
recommendation due to unexpected behavior for some users (#65).
- Enhance documentation.
- Correct revert code to ensure return to the default OS state.
Manage Firefox preferences through `user.js` instead of `prefs.js`.
Because of Mozilla's recommendation against direct `prefs.js` edits to
avoid potential profile corruption. Instead, the `user.js` file, if
present, overrides the settings in `prefs.js` at application startup.
Change AddFirefoxPrefs function to update `user.js` and manage
creation/deletion of this file:
1. Handle file creation if `user.js` does not exist.
2. Deletes file if `user.js` becomes empty after reverting settings.
Other changes:
- Improve log messages
- Minimal refactorings
Reliably disable Defender services (by always using `reg` with
TrustedInstaller`), and put Firewall services in Windows Firewall
section, so that people do not accidently disable Windows Firewall
services and break Microsoft Store.
Co-authored-by: undergroundwires <git@undergroundwires.dev>
- Add new scripts under "Disable Windows telemetry and data collection".
- Update script names and documentations to align with Microsoft's
latest branding for telemetry.
- Introduce broader configurability to minimize data collection.
- Add missing revert code to allow the reversion of changes, increasing
flexibility and safety.
- Include comprehensive documentation to provide more context and
understanding for users.
Key features of Linux support:
- It supports python 3 scripts execution.
- It supports Flatpak and Snap installation for software
clean-up/configurations.
- Extensive documentation.
- Improve documentation for OneDrive removal scripts.
- Add support for deleting OneDrive icon from the navigation pane.
- Do not revert OneDrive install code on Windows 11 as it does not exist
by default.
- Remove "Prevent automatic OneDrive install for new users" script as
HKU scripts are not really supported elsewhere and makes the code
harder to maintain.
- Do not print errors when the behavior is as expected. Surpress errors
on registry key deletion, ensure re-running script does not cause any
errors with proper checks.
- Change revert logic to match default Windows state.
- Hardcode service names for OneDrive to avoid side-effects.
- Rerruning OneDrive now runs it in background.
- Add Windows 11 support for running the installer/uninstaller.
- Rename scripts to simpler and easier-to-understand names
Improve documentation for Visual Studio scripts.
Add different keys reported by community for deleting Visual Studio 2022
licenses, see beatcracker/VSCELicense#14 for the key reports.
Add cleanup for SQM files that Visual Studio generates when it is unable
to connect to internet, to send the data when online. Improve cleanup
for Visual Studio logs.
Change revert behavior of the scripts to match default state of clean
Visual Studio installation.
Rework documentation URLs as inline markdown.
Redesign documentations with markdown text.
Redesign way to document scripts/categories and present the
documentation.
Documentation is showed in an expandable box instead of tooltip. This is
to allow writing longer documentation (tooltips are meant to be used for
short text) and have better experience on mobile.
If a node (script/category) has documentation it's now shown with single
information icon (ℹ) aligned to right.
Add support for rendering documentation as markdown. It automatically
converts plain URLs to URLs with display names (e.g.
https://docs.microsoft.com/..) will be rendered automatically like
"docs.microsoft.com - Windows 11 Privacy...".
The logic was expecting major version in Windows 11 to be 11. However,
in Windows 11, major version is not changed and it is till 10. This
commit corrects logic to check build number that's guaranteed to be
higher in Windows 11.
Remove using Webpack import syntax such as: `js-yaml-loader!@/..`. It's
a non-standard syntax that couples the code to Webpack.
Configure instead by specifying Webpack loader in Vue configuration
file.
Enable related ESLint rules.
Remove unused dependency `raw-loader` and refactor
`NoUnintendedInlining` test to load files using file system (dropping
webpack dependency).
Refactor to use `import type` for type imports to show the indent
clearly and satisfy failing ESLint rules.
- Fix revert logic deleting the service instead of enabling it.
- Use unified "DisableService" function to improve enable/disable logic.
- Separate disabling of service from opting out.
- Add documentation reference.
Rename service to its newer name. Mention breaking behavior in its name
and add more documentation.
Unrecommended from "Standard" pool because it breaks a lot of
functionality, but still recomended in "Stricts" because it's used to
identify personal information that leads to less privacy.
Major refactoring using ESLint with rules from AirBnb and Vue.
Enable most of the ESLint rules and do necessary linting in the code.
Also add more information for rules that are disabled to describe what
they are and why they are disabled.
Allow logging (`console.log`) in test files, and in development mode
(e.g. when working with `npm run serve`), but disable it when
environment is production (as pre-configured by Vue). Also add flag
(`--mode production`) in `lint:eslint` command so production linting is
executed earlier in lifecycle.
Disable rules that requires a separate work. Such as ESLint rules that
are broken in TypeScript: no-useless-constructor (eslint/eslint#14118)
and no-shadow (eslint/eslint#13014).
Removing Cloud Experience Host has caused many unexpected issues
for users (see #99, #64, #67). It's now excluded from "Strict"
recommendation pool until a better warning mechanism is implemented.
- Add more script documentation in code and reference URLs.
- Unrecommend as "Standard" recommend as "Strict" due to lack of
documentation for its privacy intrusive behavior.
- Add mising WpnUserService for disabling it completely.
- Improve error messages with cause of the problem and suggested solution.
- Document:
* Disabling `WinDefend` breaks `Set-MpPreference` and Microsoft Store
(as reported in #104).
* Document services that `netsh advfirewall` depends on.
- Fix some bad whitespace character in documentation.
Refactor, unify and improve the logic to to start/stop and
enable/disable services, and also add more documentation.
Rework functions:
- Unify way of disabling Windows services using templating.
- Capitalize as `startupMode` (where startup is single word) everywhere.
- Use also text parameters (automatic, manual..) instead of numeric
values (2,3...) when providing parameters to any service disable
function.
Improve documentation:
- Add reference URLs about disabled services.
- Add more code documentation for querying status and allowed values.
Logic improvements include:
- Check if service is running before stopping/starting the service.
- Do not start the service it's not an Automatic service.
- Check whether service is already disabled.
- When reverting, start the service if it has Automatic startup. But
do not start the service it has different startup (e.g. manual).
Also starts the service even though start up is configured as
desired (before it quit before doing service start).
Improve outputs (logs):
- Remove false-positive error messages.
- When a service cannot be stopped/start; mention in output that the
service will be started/stopped after reboot.
- Show success message once service is enabled/disabled.
- Fix reboot messages when enabling/disabling services,
- Do not write stderr if service cannot be stopped/started as it's not
not the main goal of the function.
Add missing revert code for the ones missing them:
- Disable diagnostics telemetry
- Disable Windows Media Player Network Sharing Service
> Function: DisableServiceInRegistry
- Fix not exitting if service does not exist when reverting
- Show success message once service is enabled/disabled
- Fix double "Enabled.." messages
- Fix unintended registry addition
> Function: DisablePerUserService
- Change implementation to call DisableServiceInRegistry.
- Fix both services are skipped if one of them fails.
- Fix reverting a service sets wrong startup mode.
German edition of Windows returns German output for `schtasks.exe`
commands. So checking for "Running" fails immediately as reported #104.
Revert recent change from using `Get-ScheduledTask` and
`Unregister-ScheduledTask` to `schtasks.exe`. Also remove unused
`$powershellFile` variable.
- Fix reverting "Disable SQM OS key".
- Fix applying "Disable Visual Studio Code data collection" scripts.
- Fix reverting "Do not show recently used files in Quick Access".
- Add unit tests for automatically checking similar issues in future.
- Refactor to use `Set-MpPreference` in a function instead.
- Better support for both Windows and Windows 11 with platform-specific
logic, due to poor `Remove-MpPreference` used in Windows 10:
* Use `Remove-MpPreference` on Windows 11, but switch to
`Set-MpPreference` for some edge cases using a flag.
* Use `Set-MpPreference` on Windows 10 by default, and use
`Remove-MpPreference` for only small amount of cases where it is
supported.
- Set default value instead of `Remove-MpPreference` on Windows 10 when
it does not work as expected.
- Improve error messages when:
* Command name (cmdlet) is not supported
* Command parameter is not support
* Failing due to Defender service not working
* Argument is not supported (e.g. for 'Broad')
- Skip if a parameter or argument is not supported instead of failing.
- Set OS defaults when using `Set-MpPreference` when `Remove-MpPreference`
does not set the OS defaults.
- Skip setting the setting if it already is as desired.
- Remove redundant scripts in "Disable remediation actions" setting
`LowThreatDefaultAction`, `ModerateThreatDefaultAction`,
`HighThreatDefaultAction` and `SevereThreatDefaultAction`. As they are
all controlled by and limited to value of `UnknownThreatDefaultAction`.
- Fix registry policies not matching cmdlet behavior:
> CheckForSignaturesBeforeRunningScan
> SignatureUpdateCatchupInterval
- Fix reverting registry policies (`reg delete` command and error
output):
> Disable Malicious Software Reporting tool diagnostic data
> Turn off block at first sight
- Fix DisableCatchupQuickScan MpPreference command being in wrong
category by moving it to its right category and adding its correct
equivalent.
Change behavior of registry reverting from adding default value to
removing value that overrides. It then leaves the system in cleaner
state, removes "managed by your organization" warning, and makes the
scripts more future-proof providing compatibility with Microsoft patches
updating the defaults. This is implemented by using `reg delete` over
`reg add` and `Remove-MpPreference` over `Set-MpPreference`.
> Disable Windows Defender Scheduled Scan task
Surpress the error when reverting the script as the task may not exist
in some Windows versions.
> Limit catch-up security intelligence (signature) updates
Change to "Disable" instead of "Limit", and bring back its revert code.
Fix reverting of following scripts setting non-default values:
> Turn off Windows Defender SpyNet reporting
> Disable checking for signatures before scan
> Limit CPU usage during idle scans to minumum
> Disable scanning when not idle
> Disable scanning on mapped network drives on full-scan
Fix following scripts setting unexpected behavior:
> Disable running scheduled auto-remediation
> Limit CPU usage during idle scans to minumum
> Disable randomizing scheduled task times
> Disable creating system restore point on a daily basis
Add more documentation for MpPreference module:
- Add more reference URLs
- Add status query as documentation
- Add information regarding default values
- Describe meaning of enumeration values
- Document commands not doing expected in Windows 11
- Fix errors (stderr stream) not being logged.
- Use `schtasks /delete` instead of `Unregister-ScheduledTask` as
PowerShell command sometimes fail for existing tasks.
- Refactor to use `-TaskName` to explicit describe parameter, and use
linebreaks for `Register-ScheduledTask` call with many parameters.
Change all GitHub URLs with forks so they survive if their maintainer
decides to remove them.
Fix dead URLs in:
- "Windows Push Notification Service" (#101)
- "Limit CPU usage during scans to minimum"
- "Disable NVIDIA telemetry"
The main goal is to highlight and exclude scripts that clears user data
(such as Chrome bookmarks) from standard recommendation, thus allowing
more granular and intentional user selection. Because scripts that are
recommended as "standard" should be non-breaking.
Standard: Recommend only clearing data that would not be noticable by
user. E.g. caches and logs.
Strict : Recommend clearing data that may be noticable by user, but
does not affect stored consciously data by user. E.g. cookies.
Do not recommend if data is stored consciously by user. E.g. favorites
/ bookmarks.
[General]
- Change wording from "Clear xx traces" to "Clean xx history" to make
it more clear and unify the naming with macOS scripts.
- More documentation both in code and both as more references.
[Chrome]
- Unrecommend deleting Chrome user profile.
- Document what each chrome clean-up script is doing in more detail.
[Internet Explorer]
- Document IE scripts better.
- For Cookie cleanup, add solutions for later Windows version.
- Unrecommend some from standard.
- Remove undocumented `Local Settings\Traces` folder.
- Take ownership before deleting Temporary Internet Files. Fixes
permission error.
- Remove `INetCookies\PrivacIE` script because it's undocumented and
we already have cleanup for its parent folder (`INetCookies`).
- Remove "%USERPROFILE%\Local Settings\Traces" due to lack of
documentation.
[Safari]
- Remove cleanup for undocumented traces folders `Safari\Traces`.
- Document with subcategories and references.
- Fix clearing all data not pointing to `localappdata`.
- Unrecomend clearing all data.
[Opera]
- Rename to "Clear all.." to show intent.
- Unrecommend as it removes everything.
