Safing Portmaster
Safing Portmaster: Monitor and control all network activity
Grouped by threat level
Safing Portmaster: Monitor and control all network activity
No matches for those filters.
The most private move on Windows is to leave it, but that is not always an option for work, software, or hardware. If you are staying, these tools claw back what you can: blocking telemetry and controlling which apps reach the network, then switching off the data collection Microsoft leaves on by default. They will not turn Windows into a privacy-first system, but they make it meaningfully quieter, and for a lot of people that is the realistic win.
Windows sends a steady stream of telemetry that the built-in privacy panel cannot fully stop, because the panel only governs the switches Microsoft chose to surface. The deeper collection is wired into the operating system, below the settings you are shown, and a feature update can quietly reset your choices or introduce new endpoints. You are allowed to adjust the edges while the core keeps reporting. That gap is exactly what these tools fill: O&O ShutUp10++ reaches the dozens of hidden switches the settings screen leaves out, and an application firewall lets you see and block the connections Windows never asks you about.
We measure each tool against our public listing criteria with a sharp eye for one risk: a privacy tool you cannot trust is worse than none. So we favour open-source code where it exists, full transparency about exactly what each tool changes, with a clean way to undo those changes if something breaks. We prefer tools that show you every switch they flip rather than a black box that promises results. We only list a tool we would run on our own Windows machine, and we steer you toward the reversible ones, because a tweak you cannot roll back is a trap waiting on the next update.
Lead with transparency and reversibility. Open-source code matters, because a privacy tool that itself phones home defeats the entire point, and a clear log of what it changes lets you understand the trade you are making. Insist on an off switch, so a change that breaks an app or an update can be rolled back cleanly. An application firewall that shows you outbound connections is especially revealing, because it exposes what your installed software is really doing in the background, not just what Windows does. Avoid aggressive all-in-one scripts that strip core components with no way back; they cause more damage than telemetry ever would.
It depends on what you are protecting against, and honesty matters here. Even fully hardened, Windows collects more than a privacy-first system does, because the telemetry is part of the OS rather than an add-on you removed. These tools raise the floor a great deal, often silencing the bulk of the background chatter, but they cannot reach the last fraction baked into the core. For most people the result is a Windows that is far quieter and entirely usable. If your threat model is higher than that, hardening is a stopgap, not the destination.
Work in stages rather than flipping everything at once, so you can tell which change caused a problem if one appears. Start with a telemetry blocker to quiet the OS, applying its recommended settings first and reviewing the more aggressive ones. Add an application firewall and spend a few days approving the connections you expect, which quickly shows you what was phoning home. Keep a restore point before big changes. And treat this as a holding pattern: if privacy is your priority, a privacy-respecting operating system removes the problem at its source, and the wider escape Microsoft playbook covers the services riding alongside the OS.