How to Set Up the Perfect Privacy Stack on Windows in 2025

Privacy on Windows doesn’t require expensive software or technical expertise. With the right free tools assembled thoughtfully, you can dramatically reduce your digital footprint. This guide walks you through exactly what to install and how to configure each tool.

The Privacy Stack at a Glance

Layer	Tool	Cost
Browser	Firefox	Free
Ad/Tracker Blocking	uBlock Origin	Free
Password Manager	Bitwarden	Free
DNS Encryption	NextDNS	Free (300K queries/mo)
File Encryption	VeraCrypt	Free
Secure Delete	Eraser	Free

Step 1: Switch to Firefox (+ Harden It)

Chrome sends significant telemetry to Google. Firefox, configured correctly, is far more privacy-respecting.

Essential Firefox Settings

Open about:preferences#privacy
Set Enhanced Tracking Protection to Strict
Disable Telemetry in Privacy & Security → Firefox Data Collection
Enable HTTPS-Only Mode

Essential about:config Tweaks

Open about:config and set:

privacy.resistFingerprinting          → true
geo.enabled                           → false
media.peerconnection.enabled          → false  (prevents WebRTC IP leak)
network.cookie.cookieBehavior         → 5      (total cookie protection)

Step 2: Install uBlock Origin

uBlock Origin is non-negotiable. It blocks ads, trackers, malware domains, and fingerprinting scripts.

After installing, add these extra filter lists:

uBlock filters – Privacy (enabled by default)
EasyPrivacy
AdGuard Tracking Protection

For advanced users, enable “I am an advanced user” mode and block all third-party scripts by default (whitelist as needed).

Step 3: Set Up Bitwarden

Reusing passwords is the #1 way accounts get compromised. Bitwarden solves this:

Create a free account at bitwarden.com
Install the browser extension
Enable 2-Factor Authentication (use an authenticator app, not SMS)
Import passwords from your browser’s saved passwords
Run the Data Breach Report to find compromised passwords

Password rule: Every account gets a unique, randomly generated password of 20+ characters.

Step 4: Encrypt Your DNS with NextDNS

Your ISP can see every domain you visit (even with HTTPS). NextDNS encrypts your DNS queries and blocks tracking at the DNS level.

Setup on Windows:

Create a free account at nextdns.io
On Windows: Settings → Network → DNS → Add your NextDNS address
Enable Blocklists: NextDNS Ads & Trackers Blocklist, OISD

Step 5: Encrypt Sensitive Files with VeraCrypt

For truly sensitive files (financial documents, personal photos), encryption at rest is essential.

1. Download VeraCrypt from veracrypt.fr
2. Create New Volume → Encrypted File Container
3. Choose AES encryption + SHA-512 hash
4. Set a strong passphrase
5. Mount the volume when needed, dismount when done

Never store your VeraCrypt passphrase in a digital note. Write it down and store it securely.

Step 6: Secure Delete Old Files

Deleting a file doesn’t erase it — it just removes the pointer. Tools like Eraser overwrite deleted files with random data, making recovery impossible.

Install Eraser, right-click any file → Eraser → Erase.

Quick Wins (5 Minutes Each)

Disable Windows telemetry: Settings → Privacy & Security → Diagnostics & feedback → set to Basic
Disable location services: Settings → Privacy & Security → Location → Off
Use a local account: Avoid signing into Windows with a Microsoft Account if privacy is a priority
Enable Windows Firewall (it should be on by default — verify it)

The Result

After implementing this stack, you will have:

✅ Ad and tracker blocking at browser + DNS level
✅ Fingerprint-resistant browser with HTTPS-only
✅ Unique strong passwords for every account
✅ End-to-end encrypted password vault
✅ Encrypted containers for sensitive files
✅ Secure deletion for sensitive data removal

This stack costs $0 and takes about 2 hours to set up. It protects you from the vast majority of everyday privacy threats.